Millions hit by global internet slowdown after biggest cyber-attack in historySpamHaus group under attack from cyber-vandals in GenevaBut other unconnected sites across the world have been caught in attackNow, emails have slowed down as a result, expert claims
15:19 GMT, 27 March 2013
17:53 GMT, 27 March 2013
Internet traffic around the world has suffered a slowdown in the biggest ever cyber-attack of its kind.
Millions across the globe are believed to have been hit when spam-fighting group SpamHaus and its hosting firm were targeted in a revenge attack by a web filtering firm they had blacklisted.
The attack was so large that it has begun to impact on popular services like Netflix – and experts now fear it could escalate to affect banking and email systems.
Five national cyber-police-forces are said to be investigating the attacks, described as unprecedented.
Cyber-attack: Dutch firm SpamHaus was targeted in an attack so big that 'bystanders worldwide' were apparently affected
Spamhaus, based in both London and Geneva, is a non-profit organisation which aims to help email providers filter out spam and other unwanted content.
DDOS – A 'NUCLEAR BOMB' IN THE ARMOURY OF CYBER ATTACKERS
DDOS – distributed denial of service – is the technical name for cyber attacks that overwhelm computers and make websites disappear.
They are potentially devastating for businesses and their reputations.
The first DDoS attacks occurred in the late 1990s.
They are launched by competitors, extortionists and so-called politically motivated 'hacktivists'.
A cyber attacker floods a network connection with tens of gigabits of traffic. This creates bottlenecks in firewalls, routers and the connection itself
Then, when the next request for service tries to come or go, the network connection is clogged and communication stops.
Another scenario sees an attacker flood a target with hundreds of thousands of requests per second, then when the server attempts to process them it shuts down.
In recent weeks, the attackers have launched a more sinister and potentially devastating offensive.
They have launched a strike that hits the Internet’s core infrastructure, the Domain Name System, or DNS, which functions like a telephone switchboard.
It translates the names of websites like Facebook.com or Google.com into a string of numbers that the Internet’s technology can understand, with millions of computer servers around the world performing the translation.
Experts say the knock-on effect has the potential of 'hurting internet services globally'.
To do this, the group maintains a number of blacklists – a database of servers known to be used for malicious purposes.
It recently added the Dutch firm,
CyberBunker, to a blacklist that is used by e-mail providers to weed out
Cyberbunker is housed in a five-story
former NATO bunker, offering its services to any website 'except child
porn and anything related to terrorism'.
A spokesman for SpamHaus claimed CyberBunker had retaliated with a huge 'denial of
These attacks work by trying to make a network unavailable to
its intended users. They do this by overloading a server with coordinated requests to
Patrick Gilmore, chief architect at Akamai Networks, a digital content provider, told the New York Times Spamhaus’s role was to generate a list of Internet spammers.
But of Cyberbunker, he said: 'These guys are just mad. To be frank, they got caught. They think they should be allowed to spam.'
Mr. Gilmore said that the attacks – launched by collections of computers called botnets – concentrate data streams that are larger than the Internet connections of entire countries.
He said the method was like 'using a machine gun to spray an entire crowd when the intent is to kill one person.'
The so-called distributed denial of service, or DDoS, attacks were first mentioned publicly last week, but have happened many times before, with blacklisted sites retaliating against Spamhaus by flooding them with traffic requests from personal computers until its servers become unreachable.
But in recent weeks, the attackers have launched a more sinister and potentially devastating offensive.
They have launched a strike that hits the Internet’s core infrastructure, the Domain Name System, or DNS.
The Domain Name Service is what converts the web addresses you type into your browser into what the internet actually uses: IP addresses – a ten digit code.
It is described essentially as 'the phone book for the internet'. By blocking access to this 'phone book' hackers can effectively render the web useless.
Millions of computer servers around the world perform the translation from web addresses to IP addresses.
In their latest volley, attackers masqueraded as Spamhaus and sent messages to the machines working with the company.
These were then amplified by the servers, with an avalanche of data then sent to overwhelm Spamhaus computers.
When Spamhaus asked for help from CloudFlare, the attackers began to focus assaults on the companies that provide data connections for both.
Sven Olaf Kamphuis, an Internet activist who told the New York Times he was a spokesman for the attackers, said he was aware that this is one of the largest DDoS attacks the world had publicly seen.
He told the paper Cyberbunker was retaliating against Spamhaus for 'abusing their influence.'
Global impact: Experts say traffic to the Netflix site has been affected by the attack on anti-spam firm SpamHaus
Experts say this attack involved sending 300 billion bits per second by a
network of computers – making it one of the biggest cyber assaults ever.
In an interview, Spamhaus' Vincent
Hanna said his site had been hit by a crushing wave of denial-of-service
attacks and that it was 'a small miracle that we're still online'.
you aimed this at Downing Street they would be down instantly,' he told
the BBC. 'They would be completely off the internet.'
He added: 'These attacks are peaking at 300 gb/s (gigabits per second).
'Normally when there are attacks against major banks, we're talking about 50 gb/s.'
Users could experience slower Internet or be subjected to unwanted emails.
Hanna said his group had been weathering such attacks since mid-March. The attacks work by flooding target servers with traffic.
Patrick Gilmore of Akamai Technologies said the latest was so large that online bystanders had been hit as well.
The attack is said to be particularly potent because it exploited the 'domain name system', which acts like the telephone directory of the internet.
These are used every time a web address is entered into a computer.
The knock-on effect is hurting internet services globally, said Prof Alan Woodward, a cybersecurity expert at the University of Surrey.
'If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps,' he told the BBC.
'With this attack, there's so much traffic it's clogging up the motorway itself.”'
Spamhaus is able to cope, the group says, as it has highly distributed infrastructure in a number of countries.
The group is supported by many of the world's largest internet companies who rely on it to filter unwanted material.
It is believed that several companies, such as Google, have made their resources available to help 'absorb all of this traffic'.
The attacks typically happened in intermittent bursts of high activity.
'They are targeting every part of the internet infrastructure that they feel can be brought down,'Spamhaus CEO Steve Linford said.
'We can't be brought down. Spamhaus has more than 80 servers around the world. We've built the biggest DNS server around.'