Has your internet connection has been a bit slower than usual lately? Well, it may be a side-effect of what experts are calling the largest cyber attack in history, which has been ongoing for the past week.
The unlucky target of this massive distributed denial of service attack (DDoS) is Spamhaus, a non-profit organization based out of Geneva and London that works with email providers to eliminate spam. Five national cyber-police forces have opened investigations into the attacks.
It appears that this internet-slowing digital siege stems from nothing more than an anti-spam grudge match. Spamhaus has accused Dutch-based Cyberbunker of orchestrating the attacks in conjunction with Eastern European and Russian criminal gangs. Cyberbunker, who has stated it will host anything short of child pornography or terrorist materials, was recently added to a database maintained by Spamhaus of servers that have been used for malicious purposes.
While Cyberbunker has not commented on the attack, the company's spokesman Sven Olaf Kamphuis derided Spamhaus’ position, stating that the organization isn’t entitled to decide "what goes and does not go on the internet."
Headquartered in a former NATO nuclear bunker, Cyberbunker is no stranger to controversy. In 2005, one Cyberbunker employee was accused of document forgery, tax fraud, and embezzlement. Notable clients include infamous illegal download site The Pirate Bay as well as the Russian Business Network, a cybercrime organization that has been investigated by the FBI.
But it’s the scale of the attack against Spamhaus that has gained the attention of experts. Typical DDoS attacks involve speeds of 50 gigabits per second, which is enough to shut down most major banks. Spamhaus has seen 300 gbps attacks, which has left them clinging to life. Only the distributed nature of Spamhaus’ servers, with 80 locations scattered around the world, has offered the resilience necessary to survive.
While Spamhaus has managed to weather the storm thus far, the rest of the internet has been affected. "If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps," cybercrime expert Alan Woodward told the BBC. "With this attack, there's so much traffic it's clogging up the motorway itself." Spamhaus CEO Steve Linford offered that "If you aimed this at Downing Street they would be down instantly. They would be completely off the internet."
But beyond a temporary inconvenience for many internet users, the implications of this attack reinforce warnings about the rising dangers of cybercrime. Just last month, security firm Mandiant revealed a large-scale cybercrime program run by elements of the Chinese military. Meanwhile, computer security within the United States by governments and corporations alike is woefully inadequate. A report from the CSIS discovered that 90% of successful breaches required only the most basic of hacking techniques, many of which are easily available online. 96% of breaches could have been prevented with basic countermeasures. The strength and ferocity of the attacks on Spamhaus have come as a shock to internet users and experts alike, but without improving our own security measures, it’s quite possible that such cybercrime may become the norm.