Spamhaus vs. CyberBunker – Biggest DDoS Attack in History

by Robert Burko
3 mins read

Cue the fight music…In this corner, we have Spamhaus, a nonprofit filtering service founded in 1998 that seeks to identify spam senders and spam service. They play a role in more than 1.7 billion email accounts worldwide as network operators use their data to determine the good from the bad (with the best of intentions, of course). They champion themselves as working to protect internet networks worldwide by providing real-time data.In the other corner, we have CyberBunker, a Dutch web hosting company that claims it will host “services to any Web site ‘except child porn and anything related to terrorism”. It is known for allegedly hosting spammers. The company derives it’s name from the location of their office, which is a former military nuclear warfare bunker in the south of the Netherlands that became a data center in 1998.The back story to the steamy drama…Spamhaus blocked CyberBunker so that they could no longer deliver any emails. And, as a result, CyberBunker is really (…how can I put this politely…) really really angry about it. Their claim is that Spamhaus can point to a website and demand it be shut down without any court order or care to freedom of speach and net neutrality.

Spamhaus is a major censorship organization only pretending to fight spam, said a CyberBunker spokeman.

The fight is not limited to just CyberBunker alone as Spamhaus has no shortage of enemies in many parts of the world. In an interview, Sven Olaf Kamphuis a spokeman for Cyberbunker said they were not directly behind the attack. The claim is that it was members of a different organization and owners of various websites who  got together on a Skype chat and hatched plans for this big attack.The implications…Normally the world would not care enough about a DDoS attack, but this is no ordinary attack. Let’s assume email is at the center of the internet universe. Spamhaus acts as a big filter for all that email, just like pouring water through a strainer. Now imagine that strainer gets clogged to the point where a lot less water can go through. The same cup of water you could pour through in an instant, now takes a lot longer. That, in the most non-technical explanation (…tech details below) is what is happening to the global email ecosystem. It’s just going a little bit slower. It’s not something you would have noticed, but it was a second here and a second there… adding up across millions and billions of emails. In some sense, you could imply that this slowed down the world economy even if ever so slightly. What makes this especially noteworthy, is that experts agree that this is just the beginning.If this is just the beginning of these types of “domain name service reflection” attacks, then the impact could be felt even more depending on who the next target is. While Spamhaus was able to mitigate the attack fairly well and has a truly remarkable network with over 80 servers around the world, this same blow could have literally knocked a government offline.The technical details…The hackers used Spamhaus’s DNS (domain name system) servers exploiting a known vulnerability with DNS. The attack began on March 18, 2013 and normal operations were restored by March 22, 2013. (For those curious about DNS servers….these are the workhorses that translate the pretty domain name you type into your browser into a machine-readable IP address that loads a website.)This DDoS (distributed denial of service) attack was unbelievably large at a record setting 300 gigabits per second. To put this in perspective, an “average large scale attack” would be about 50 gigabits per second and the largest publicly reported attack was 100 gigabits per second.The night in shining armor…If you have ever wondered what a PR home run is…. it is this. CloudFlare was hired to help mitigate the attack and considering the size, they did a fantastic job that certainly catapults them to a whole new level in the DDoS arena.The technical details of how they did it are pretty intense, but if you want all the nitty-gritty info, you can read their blog post here.Spamhaus refutes the claims by CyberBunker saying,

We have 1.7 billion people looking over our shoulders to make sure we do our job right. If we start blocking things they want, they won’t use our data any more.

Why is this going to get worse…Yuliya Krivosheina, the corporate communications manager at internet security giant Kaspersky, said,

In general, attacks of this type are growing in terms of quantity as well as scale. Among the reasons for this growth is the development of the Internet itself (network capacity and computing power) and past failures in investigating and prosecuting individuals behind past attacks.

What do I think…As a permission-based email marketing company, Elite Email, has been championing the fight against spam for over 10 years. In short, spam is bad. Period.Sending people stuff they don’t want and didn’t ask for is wrong and failing to respond to requests to stop emailing is completely unethical.Email is a powerful tool, but with great power comes great responsibility and those that use email for wrong should be stopped. I believe that Spamhaus has a noble mission and does truly intend to be fair in it’s judgments. I have dealt with them in the past and have found them to be very responsive with the ultimate goal of helping keep people’s inboxes safe, which is something we all want. After all, if they can keep spam out of people’s inboxes, then it just paves the way to more successful proper and permission-based uses of email!That being said, I do support free speech and think there is a grave danger (and history has taught us) in potentially blacklisting the wrong people or organizations. As such, I think an organization that wields so much power, whether it is Spamhaus in the email world, Google in the search world, or any number of other companies that dominant an industry, do have a certain responsibility to double-check their actions and ensure fair treatment to all.I am not in any way implying that CyberBunker should not have been blocked. I haven’t seen the data and without evidence I just cannot make a fair decision. If they broke the rules and continued to break the rules, then they deserve it. If they did not break the rules (although most signs point to the contrary) then they should not be victimized. For me the key is fairness and due process on an international cyber scale. Photo/Image Credit: & cyberbunker.comWatch the video interview with CyberBunker spokesman here:

Related Posts