Dutch Spamhaus DDoS Hacker Arrested
April 27, 2013

Alleged Perpetrator Of Largest-Ever DDoS Attack Arrested Friday

redOrbit Staff & Wire Reports - Your Universe Online

A 35-year-old Dutch man has been arrested in connection with what experts say could be the largest publicly announced cyberattack in the history of the Internet, various media outlets reported on Friday.

According to Mike Corder of the Associated Press (AP), the man was taken into custody by the Netherlands National Prosecution Office at his home in Barcelona on Thursday.

He was arrested in connection with a large-scale distributed denial-of-service (DDoS) attack on Spamhaus, an organization which tracks email spammers and spam-related activity. Authorities also reportedly seized computers and mobile phones.

Corder said, in accordance with privacy laws, the suspect´s full name would not be revealed and he would only be identified by his initials, SK. However, Donna Tam of CNET said the individual is believed to be Sven Kamphuis, owner of the Dutch web hosting firm Cyberbunker.

“It was widely reported previously that Cyberbunker, a site hosting company, was behind the multiple Web attacks on Spamhaus. The attack“¦ involved overloading Spamhaus' severs with requests. It also slowed down the Internet for part of Europe, spurring the security firm fighting the attacks to call it ℠the DDoS that almost broke the Internet,´” Tam said. She added officials were “making plans for his transfer to the Netherlands.”

Computer security expert Brian Krebs said the dispute between Spamhaus and Cyberbunker began in late 2012, when the former blacklisted several Internet addresses belonging to the latter.

“A year ago, we started seeing pharma and botnet controllers at Cyberbunker´s address ranges, so we started to list them,” a Spamhaus staff member, who asked to remain anonymous, told Krebs. “We got a rude reply back, and he made claims about being his own independent country in the Republic of Cyberbunker, and said he was not bound by any laws and whatnot. He also would sign his emails ℠Prince of Cyberbunker Republic.´ On Facebook, he even claimed that he had diplomatic immunity.”

“Spamhaus took its complaint to the upstream Internet providers that connected Cyberbunker to the larger Internet,” Krebs added. “According to Spamhaus, those providers one by one severed their connections with Cyberbunker´s Internet addresses. Just hours after the last ISP dropped Cyberbunker, Spamhaus found itself the target of an enormous amount of attack traffic designed to knock its operations offline.”

The March attack against Spamhaus also reportedly targeted several of the service´s partners, and the DDoS reached a peak bandwidth of over 300 Gpbs, making it the largest such attack in history, Tam said. The Stophaus Movement, an organization comprised of companies and individuals flagged as spammers by Spamhaus, took credit for the attack, the CNET reporter explained.

“Kamphuis acted as a spokesman for the Stophaus Movement following the attack in March,” said Lucian Constantin, IDG News Service. “However, at the time, Kamphuis denied his personal involvement in the attack and said that it was launched by Stophaus members from China and Russia.”