This article was published on March 27, 2013

Spamhaus is battling a 300 billion bits-per-second DDoS described as the ‘biggest attack in history’


Spamhaus is battling a 300 billion bits-per-second DDoS described as the ‘biggest attack in history’

Anti-spam organization Spamhaus has been hit by a number of large-scale distributed denial of service (DDoS) attacks, bringing down its own website temporarily and causing widespread disruption across the Internet.

The BBC is reporting it as the ‘biggest cyber-attack in history,’ with The New York Times describing it as ‘one of the largest computer attacks on the Internet.’

The DDoS attacks are alleged to have originated from CyberBunker, a Dutch web hosting company that will store anything except child pornography and files related to terrorism. As a result, some of its clients are rumored to use the hosting service for spam, phishing sites and malware operations.

If true, this latest clash follows a long and unpleasant history between the two organizations.

A tangle with A2B

Spamhaus declared in October 2011 that CyberBunker was providing hosting to spammers. The non-profit contacted the Dutch Internet service provider A2B to request that it pull the parts of its service supporting CyberBunker.

When nothing happened, Spamhaus proceeded to add A2B to its blocklist. These lists are incredibly important, as many Internet service providers use them to reduce the amount of spam messages they receive.  At the time of writing, Spamhaus says its blocklists are protecting over 1.78 billion mailboxes across the Internet.

A2B eventually dropped CyberBunker to regain support for all of its services, but allegedly filed a report with local police accusing Spamhaus of “extortion” and carrying out a “DoS attack” on its network.

A2B later responded on its website: “This is not about whom we provide transit for, this is about a shady UK ltd with virtual offices in the UK and Switzerland, that is trying to force their views upon us.

“If A2B Internet would be providing transit for illegal internet activities (which we aren’t), there are local laws and regulations to deal with. And we are sure the local Dutch police don’t require a couple vigilantes to play judge and executioner on their behalf.”

CyberBunker described all of this as a “blackmail war” and is said to have moved onto a new ISP after being dropped by A2B.

Earlier this year, Spamhaus added CyberBunker to one of its blocklists. At the time of writing, the website is still on the Domain Block List (DBL) and likely the Spamhaus Block List (SBL) as well.

The state of play

CyberBunker is yet to issue a statement taking responsibility for the DDoS attacks, which The New York Times says has now reached “previously unknown magnitudes” of “300 billion bits per second”.

The BBC has also reported that according to Spamhaus, CyberBunker and “criminal gangs” from across Eastern Europe and Russia are behind the attacks. As of yet, this link has not been proven.

Five national cyber-police-forces are also said to be investigating the attacks.

Spamhaus’ various spam-blocking databases are used by used by the majority of email service providers, corporations, universities, governments and military networks.

At the time of writing, Spamhaus is operational and being supported by Internet security firm CloudFlare. The DDoS attacks, however, are still ongoing and affecting servers ‘all over the world’.

“These things are essentially like nuclear bombs,”  Matthew Prince, chief executive of CloudFlare reportedly said. “It’s so easy to cause so much damage.”

The BBC has suggested that it could be affecting widely used services such as Netflix, although the extent of this has not been verified. TNW has reached out to both CyberBunker and Spamhaus to find out more.

Image Credit: David McNew/Getty Images

Get the TNW newsletter

Get the most important tech news in your inbox each week.