And it wasn’t from the NorKs nor the ChiComs. It originated from the territory of one of our NATO allies, the Netherlands.
I operate my own mail and web-servers. My systems are probed daily, usually from WesPac or North Korea. I was hit with a DoS attack Monday of this week. It wasn’t a strong attack. I did notice some slowdown of my servers but the real hit came from my Domain Servers. That was a direct attack. My firewalls resisted and foiled the attack as designed.
But there is another method that is popular by cyber-criminals that I cannot block. I don’t have a domain server. I contract with another company to host my domain names and to point callers to my home servers.
The larger attack occurred two weeks ago. It wasn’t to my systems but it affected the domain servers that I used—me and thousands of others. For a period of time, I couldn’t reach google.com, comcast.net, drudgereport.com and numerous other sites. When I tried to connect to them, my browser timed out. My query to the domain servers for the numerical address of those sites, was not returned.
The cyber-attack method used in the earlier attack was a DDoS attack against the primary site used to find spammers. SpamHaus, one of the sites I, and most email providers use to check for spam, was attacked by a spammer based in the Netherlands. It was a concentrated attack by one site, with hundreds of computers, against another single site—and it affected the entire internet, world-wide.
Millions of people around the world have been affected by slow internet speeds after an unprecedented attack.
By Matt Warman and agencies, 1:41PM GMT 27 Mar 2013
A Dutch web-hosting company caused disruption and the global slowdown of the internet, according to a not-for-profit anti-spam organization.
The interruptions came after Spamhaus, a spam-fighting group based in Geneva, temporarily added the Dutch firm, CyberBunker, to a blacklist that is used by e-mail providers to weed out spam.
Cyberbunker is housed in a five-story former NATO bunker and famously offers its services to any website “except child porn and anything related to terrorism”. As such it has often been linked to behaviour that anti-spam blacklist compilers have condemend.
It retaliated with a huge ‘denial of service attack’. These work by trying to make a network unavailable to its intended users,overloading a server with coordinated requests to access it. At one point, 300 billion bits per second were being sent by a network of computers, making this the biggest attack ever.
The attack was particularly potent because it exploited the ‘domain name system’, which acts like the telephone directory of the internet and are used every time a web address is entered into a computer.
Patrick Gilmore, of digital content provider Akamai Networks told the New York Times that Cyberbunker did not believe spamming users was wrong. “These guys are just mad. To be frank, they got caught,” he alleged. “They think they should be allowed to spam.”
Calling the disruptions “one of the largest computer attacks on the Internet,” the New York Times reported today that millions of ordinary web users have experienced delays in services such as Netflix video-streaming service or couldn’t reach a certain website for a short time.
“The size of the attack hurt some very large networks and internet exchange points such as the London Internet Exchange,” John Reid, a spokesman for Spamhaus, said in an e-mailed response to questions by Bloomberg News. “It could be thousands, it could be millions. Due to our global infrastructure, the attackers target places all over the world.”
Spamhaus was targeted with a so-called distributed denial of service attack on the evening of March 15, Reid said.
Sven Olaf Kamphuis, an internet activist who told the New York Times he was a spokesman for the attackers, said that Cyberbunker was retaliating against Spamhaus for “abusing their influence” as the gatekeeper of lists of spammers. “Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,” he claimed. “They worked themselves into that position by pretending to fight spam.”
Such attacks are growing in quantity as well as scale, according to Vitaly Kamluk, chief malware expert of Kaspersky Lab’s global research and analysis team. The two main motives for the disruptions are money through cybercrime and political and social activism, he said.
“This is indeed the largest known DDoS operation,” Kamluk said by e-mail. “Such DDoS attack may affect regular users as well, with network slowdown or total unavailability of certain web resources as typical symptoms.”
Cyberbunker claims that it has resisted a number of ‘attacks’ by Dutch police attempting to make arrests.
Have no doubt, these people, the ones behind the name of Cyberbunker, are criminals and should be behind bars. Cyberbunker has been linked to wiki-Leaks and the Anonymous hacker group. A hundred years ago, they would be bomb-throwing anarchists. Today, they are cyber-anarchists throwing digital bombs.