updated 01:33 pm EDT, Wed March 27, 2013
Denial of service attack over spam blacklist inclusion
The Internet is reportedly slowing down due to a large-scale online attack against an anti-spam organization, with the attack itself being declared the largest public denial of service attack in history. Non-profit Spamhaus is believed to be under attack from criminal gangs based in Russia and Eastern Europe, in a dispute that has escalated to a level that other services, such as Netflix, are feeling the impact.
Spamhaus operates a number of databases that list servers linked to spamming, malware, and nefarious content, in order for Internet service providers to restrict or block access. Cyberbunker, a webhost based in the Netherlands that will provide service to anyone except those hosting materials relating to child pornography or terrorism, apparently took exception to being added, and is allegedly co-operating with other parties in order to attack Spamhaus servers, according to the BBC.
Sven Olaf Kamphuis, a spokesperson for Cyberbunker, claimed that Spamhaus should not be responsible for deciding "what goes and does not go on the Internet," citing an abuse of its position in acting effectively as a gatekeeper to online connections.
Chief executive for Spamhaus Steve Linford told the BBC that the attack had been underway for over a week. Distributed Denial of Service (DDoS) attacks against the Spamhaus DNS servers have been relatively ineffective, despite the magnitude of bandwidth being used. "These attacks are peaking at 300Gbps. Normally when there are attacks against major banks, we're talking about 50Gbps," advised Linford, suggesting that such an attack would, if aimed at a government system such as that of Downing Street in London, it would be offline instantly.
In order to cope, Spamhaus has a widely-distributed series of more than 80 servers across multiple continents acting as a large DNS server, and is also being aided by companies such as Google and CloudFlare to "absorb all of this traffic." While Spamhaus is able to survive these attacks, the bandwidth used is clogging up connections for legitimate traffic, disrupting a number of Internet services in the process.
Due to the size of the DDoS and the disruption caused, a number of police forces and government agencies have started investigating the attacks, something that Cyberbunker has previous experience in dealing with. The web host operates from a Cold War-era bunker in the Netherlands, and has survived a raid by a Dutch SWAT team. Though it markets its uniquely secure physical location, including blast doors designed to withstand a "20-megaton nuclear explosion at close range," Cyberbunker's own website is seemingly feeling the effects of the attack itself, taking a considerable amount of time to load.