Biggest DDoS attack in history slows Internet, breaks record at 300 Gbps

If you’ve had issues lately with your Internet being slow, it’s because the Internet is undergoing the biggest DDoS attack in its history. If you can’t reach Netflix, or are having difficulties accessing other sites, then it might be due to this huge online fight between CyberBunker, a Dutch hosting company, and Spamhaus, an anti-spam group. This Web war began when Spamhaus blacklisted the Dutch company as spammers. If the cyberattacks escalate, security experts told the New York Times that “people may not be able to reach basic Internet services, like e-mail and online banking.”

Biggest DDoS attack in history slows Internet, breaks record at 300 Gbps

Steve Linford, chief executive for Spamhaus, told BBC that the scale of this cyberattack has been “unprecedented. These attacks are peaking at 300 gb/s (gigabits per second). Normally when there are attacks against major banks, we're talking about 50 gb/s."

The attacks have been ongoing since March 15 and are “being investigated by five different national cyber-police-forces around the world.” Companies like Google “made their resources available to help ‘absorb all of this traffic’.” Linford added, “They are targeting every part of the internet infrastructure that they feel can be brought down. We can't be brought down. Spamhaus has more than 80 servers around the world. We've built the biggest DNS server around." The anti-spam group alleged that “Cyberbunker, in cooperation with ‘criminal gangs’ from Eastern Europe and Russia, is behind the attack.”

Last week, when CloudFlare first talked publicly about the DDoS attacks on Spamhaus, CloudFlare CEO Matthew Prince explained, “These very large attacks, which are known as Layer 3 attacks, are difficult to stop with any on-premise solution. Put simply: if you have a router with a 10Gbps port, and someone sends you 11Gbps of traffic, it doesn't matter what intelligent software you have to stop the attack because your network link is completely saturated.” CloudFlare relied on Anycast, which “means the same IP address is announced from every one of our 23 worldwide data centers. When there's an attack, Anycast serves to effectively dilute it by spreading it across our facilities.” When Spamhaus was back online, the spam-fighting group said “they were DDoS’d by Russian spam gangs.”

"Millions" of people surfing the Web might be affected by these cyberattacks that are exploiting the Domain Name System (DNS), the "Internet’s core infrastructure." It "functions like a telephone switchboard for the Internet. It translates the names of Web sites like Facebook.com or Google.com into a string of numbers that the Internet’s underlying technology can understand. Millions of computer servers around the world perform the actual translation.” Linford told the BBC, “The attack's power would be strong enough to take down government internet infrastructure.” International Business Times added that the congestion "threatens critical infrastructure" systems.

“These things are essentially like nuclear bombs,” Prince told the New York Times. “It’s so easy to cause so much damage.” Patrick Gilmore, chief architect at Akamai Networks, added, “It is the largest publicly announced DDoS attack in the history of the Internet.”

Regarding CyberBunker, Gilmore said, “These guys are just mad. To be frank, they got caught. They think they should be allowed to spam.”  

CyberBunker

CyberBunker Entrance; Cyberbunker vs Spamhaus equals 'largest DDoS cyberattack in the history of the Internet'

CyberBunker says it will host anything except child porn and terrorism-related content; it became the host for The Pirate Bay in 2009. It is housed in a five-story former NATO bunker. Built in 1955, NATO used the building as a “radio base band relay station and for local espionage and counter-espionage.” The building “comprises tunnels and operations rooms on four levels, one above ground designed as a decontamination area and three underground, with five-meter-thick reinforced concrete outer walls.” The facility “was constructed to operate in an energy saving capacity, totally cut off from the outside world, for over 10 years. Up to 72 people could survive in the bunker.” CyberBunker said that a Dutch SWAT team previously attempted to breach the building, but “it must not have occurred to the officers that the blast doors were designed to withstand a 20 megaton nuclear explosion from close range.”

CyberBunker disputes Spamhaus' claims that it is “designated as a 'rogue' host and has long been a haven for cybercrime and spam.” The Dutch host told Bloomberg, "The only thing we would like to say is that we do not, and never have, sent any spam." Current operator of the CyberBunker, Sven Olaf Kamphuis, said, “We are aware that this is one of the largest DDoS attacks the world had publicly seen.” He claimed that Cyberbunker is “retaliating against Spamhaus for ‘abusing their influence’. Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet. They worked themselves into that position by pretending to fight spam.”

FREE Computerworld Insider Guide: IT Certification Study Tips
Join the discussion
Be the first to comment on this article. Our Commenting Policies