March 27, 2013
Ongoing War Over Largest Internet Attack In History Affecting Bandwidth
Michael Harper for redOrbit.com — Your Universe Online
There´s a war going on, and we´re all being affected by it, even if we can´t see what´s happening. It´s a classic tale of good versus evil.
A London based spam-filtering group and a Dutch web-hosting firm have been duking it out for over a week, engaged in what´s been called the “biggest attack in history." As these two factions have it out, they´re also using up a sizable amount of the available bandwidth all over the world. This results in a slower Internet for the rest of us.
According to the BBC, who reported on this story earlier, services such as Netflix have already reported slower performance as a result of the ongoing battle. There are now five unnamed UK-based cyber-police forces investigating these attacks.
London-based spam fighters Spamhaus helps block Spam by keeping updated blacklists of servers which have been found to deliver these unwanted messages. Recently, Spamhaus added Dutch web-hosting firm Cyberbunker to their distributed blacklists.
Cyberbunker, named after their five-story headquarters which once served as a NATO bunker, takes a very liberal stance on what they´ll allow on their servers.
According to the New York Times, the Dutch company will allow any content “except child porn and anything related to terrorism.”
This means, of course, that Cyberbunker has no problem with hosting Spam services.
In a statement to the BBC, Cyberbunker spokesperson Sven Olaf Kamphuis accuses Spamhaus of being overzealous, saying they are not allowed to decide “what goes and does not go on the Internet.”
Spamhaus has been under attack since March 19 and claims Cyberbunker and a few “criminal gangs” from Eastern Europe and Russia are behind the attacks.
"We've been under this cyber-attack for well over a week,” said Steve Linford, chief executive of Spamhaus in an interview with the BBC. “But we're up - they haven't been able to knock us down. Our engineers are doing an immense job in keeping it up - this sort of attack would take down pretty much anything else."
Linford declined to mention the names of the police forces investigating these attacks for fear they´d also be taken down.
The attackers have been using Distributed Denial of Service (DDoS) methods which are used to flood the target with such tremendous amounts of traffic that their network eventually collapses under the strain. The attackers are looking to bring down Spamhaus´s DNS servers which connect a web address with the numerical Internet protocol.
These aren´t typical DDoS attacks, says Mr. Linford. At their peak, these attacks are coming in at 300 gigabits per second. To put it into perspective, an attack rated at 50 gigabits per second is normally enough to bring down major banks and other large networks.
"If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps," explained Linford. "With this attack, there's so much traffic it's clogging up the motorway itself."
Security Researcher Dan Kaminsky told the New York Times that the only way to stop these attacks is to physically find those responsible and bring them to justice.
“The No. 1 rule of the Internet is that it has to work,” said Kaminsky. “You can´t stop a DNS flood by shutting down those servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them.”
According to Mr. Linford, other Internet companies such as Google have offered their help to “absorb” some of this extra traffic and keep the Internet running throughout the on-going attack.