Geneva’s Spamhaus at centre of massive cyber-attack

GENEVA, SWITZERLAND – The culprits behind what is being described widely as the world’s biggest-ever cyber attack haven’t yet been identified, but a picture of what’s happened is emerging, with Geneva-based Spamhaus as the primary target. The company has bounced back, with help from security company Cloudflare, but services that track Internet attacks say the attack level remains high late Thursday. Wired calls the attack “remarkable in its scale”.

Spamhaus has been under attack for over a week, but the level of the attack intensified Thursday 28 March and the Internet worldwide may have slowed down as a result. The attack appears to be in retaliation for Spamhaus adding a Dutch hosting service, Cyberbunker, to its black list.

The Spamhaus Project, which also operates from London, “tracks the Internet’s spam senders and spam services”, the group says on its web site. It identifies them and provides protection against spam to networks. It also works with law enforcement officials to find spammers, which puts the group into the crosshairs of spammers and other online criminals. In a lengthy assessment of what has happened this week, the Guardian cites a security researcher who says that “The only way to deal with this problem is to find the people doing it and arrest them.”

The explanation for what’s happened that is possibly the easiest to follow, for non-techies, comes from the Guardian:

“Rather than aiming floods of traffic directly at Spamhaus’s servers – a familiar tactic that is easily averted – the hackers exploited the internet’s domain name system (DNS) servers, which accept a human-readable address for a website (such as guardian.co.uk) and spit back a machine-readable one (77.91.248.30). The hackers “spoofed” requests for lookups to the DNS servers so they seemed to come from Spamhaus; the servers responded with huge floods of responses, all aimed back at Spamhaus.”

This isn’t the first time that Spamhaus has had problems thanks to Cyberbunker; in 2011 Dutch Internet Service Provider A2B file charges against Spamhaus after it saw its own service block by Spamhaus as the result of an order to block Cyberbunker, then described as German-based. A2B’s managing director is quoted by SANS, a leading Internet security training group, as complaining that “Spamhaus cannot be its own judge.”

For more on the attack and what’s most likely behind it: Cyberarms, The Week, Wired