It turns out the “the biggest cyber-attack in history” reported by news agencies and technology websites around the globe yesterday (March 27) was more like a skirmish rather than an all-out war.
While the clash between anti-spam fighting group Spamhaus — based in Geneva and London — and Dutch Web host CyberBunker did cause headaches for a large number of Internet users, predictions of a worldwide slowdown never materialized.
According to VentureBeat, which performed checks of different Internet monitoring services, the distributed denial of service attacks (DDOS) were significant, but not wide-spread.
The U.K., Germany and the Netherlands experienced a sluggish Internet and the London and Hong Kong Internet exchanges were both hit by outages but that appears to be the extent of the damage.
Services such as Netflix, banking websites and e-mail services were unaffected in North America, despite worries to the contrary.
It appears the hype began courtesy of CloudFare, the Web security company enlisted by Spamhaus to combat the attack, and comments by Spamhaus CEO Steve Linford and cybersecurity expert and University of Surrey professor Alan Woodward.
CloudFare CEO Matthew Prince’s blog post dubbed ‘The DDoS that almost broke the Internet,’ combined with comments by Linford and Woodward to the BBC yesterday started the alarm bells ringing.
Linford said the attack was powerful enough to take down government Internet infrastructure.
“If you aimed this at Downing Street they would be down instantly,” he told the BBC. “They would be completely off the Internet. These attacks are peaking at 300 Gbps (gigabits per second). Normally when there are attacks against major banks, we’re talking about 50 Gbps.”
Woodward said the overall affect of such an attack is a global slowdown of services.
“If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps,” he told the BBC. “With this attack, there’s so much traffic it’s clogging up the motorway itself.”
The drama began when Spamhaus, an international non-profit organization that tracks spam operations and sources, added Cyberbunker’s servers to its blocklists which are used to “keep back the vast majority of spam sent out on the Internet.”
Cyberbunker said on its website that Spamhaus had no reason to block its servers.
“Spamhaus apparently does not approve that ‘CyberBunker offers anonymous hosting of anything except child porn and anything related to terrorism.’ Of course this almost ‘anything goes’ is classified by Spamhaus as: spam, phishing and malware,” reads an article on the Cyberbunker website.
“According to Spamhaus, CyberBunker is designated as a ‘rogue’ host and has long been a haven for cybercrime and spam. Of course Spamhaus has not been able to prove any of these allegations.”
CyberBunker is alleged to have responded by inundating Spamhaus with reams of junk data in a bid to crash its systems.
That is where CloudFare comes in.
According to Prince’s blog post, CloudFare quickly handled the assault on Spamhaus causing the attackers to change tactics. He said they then went after CloudFlare itself and, when that didn’t work, targeted the network providers the firm uses for bandwidth.
“Over the last few days, as these attacks have increased, we’ve seen congestion across several major Tier 1s, primarily in Europe where most of the attacks were concentrated, that would have affected hundreds of millions of people even as they surfed sites unrelated to Spamhaus or CloudFlare,” Prince said in his March 27 post. “If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why.”
“Unlike traditional botnets which could only generate limited traffic because of the modest Internet connections and home PCs they typically run on, these open resolvers are typically running on big servers with fat pipes,” he added. “They are like bazookas and the events of the last week have shown the damage they can cause. What’s troubling is that, compared with what is possible, this attack may prove to be relatively modest.”