March 27, 2013
Online War Erupts Between Anti-Spam Agency, Web Host
An online battle between a spam-fighting group and a Web hosting company has slowed the Internet around the globe today, security experts told the BBC, describing the incident as the most significant cyber-attack of its kind to ever occur.
The fight between the two sides — anti-spam fighting group Spamhaus and the Dutch Web host CyberBunker — has set off retaliatory attacks affecting widely-used online services such as Netflix. According to the BBC article, security experts are concerned banking systems and e-mail services could soon be affected.
The attacks are currently under investigation by five cyber law enforcement groups.
Spamhaus is an international non-profit organization that tracks spam operations and sources, often working with law enforcement to pursue spam gangs worldwide and to lobby governments for effective anti-spam legislation.
To filter spam, the agency maintains a number of blocklists that are “responsible for keeping back the vast majority of spam sent out on the Internet,” according to the Spamhaus website.
Spanhaus’ recent blocking of Cyberbunker’s servers instigated the unofficial war.
“Spamhaus apparently does not approve that ‘CyberBunker offers anonymous hosting of anything except child porn and anything related to terrorism.’ Of course this almost ‘anything goes’ is classified by Spamhaus as: spam, phishing and malware,” reads an article on the Cyberbunker website.
“According to Spamhaus, CyberBunker is designated as a ‘rogue’ host and has long been a haven for cybercrime and spam. Of course Spamhaus has not been able to prove any of these allegations.”
Spamhaus CEO Steve Linford told the BBC his organization has been under attack for more than a week due to a Distributed Denial of Service (DDoS) attack. Such attacks inundate the intended victim with vast amounts of traffic to render it inaccessible.
“But we’re up — they haven’t been able to knock us down. Our engineers are doing an immense job in keeping it up — this sort of attack would take down pretty much anything else,” he was quoted by the BBC.
Spamhaus posted on its blog March 20 that is was first hit by a large-scale DDoS attack March 16-17, which extended in to last week and beyond.
The following is an excerpt from the blog post by staffer Quentin Jenkins:
Although this site and our mail were knocked down for awhile, our data systems continued to work normally throughout the attack. At this time the main Spamhaus website is back up (that’s what you are reading!) and we’re bringing other public systems back up as this goes to press. Due to the unpredictable nature of DDoS attacks, we can’t provide an estimate of that progress, but we want those systems up as much as you do.
What we can tell you is that we are aware of the many people who have fixed their infected systems, and ISPs which have solved spam problems, and need to have IPs and domains removed from our lists (SBL, XBL/CBL, PBL and DBL). Those removal systems are being fixed as this is typed, and we will continue to provide updates as they come back online, in this blog article or in a newer one. Our best advice to you is to follow normal removal procedures, to re-try as needed (every hour or so) and to watch this blog for updates. Thanks for your co-operation as we ride out this attack.
The overall affect of such an attack is a global slowdown of services, cybersecurity expert and University of Surrey professor Alan Woodward told the BBC.
“If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps,” he told the BBC. “With this attack, there’s so much traffic it’s clogging up the motorway itself.”