Skip to main content

The Biggest Cyber Attack in the History of Internet Is What Slows Down Your Connection: An Analysis

Cyber security attack on the Internet

In the last couple of days here in my place, and for nearly a week in Europe, the Americas, etc., people have been experiencing a slower Internet connection. I was indeed surprised and thought up other reasons, like my ISP doing some maintenance, or some applications within the computer using the connection, for software updates and stuff. Only yesterday, the things were clear.

It was a distributed denial of service attack (DDoS) that was happening, essentially on the Internet itself. This is widely regarded to be the largest ever cyber security attack in the history of the Internet.

The Beginnings and the Parties Involved


spamming attacksHere are the main companies and organizations that were involved in this cyber attack. You probably Spamhaus, don’t you? It is an international non-profit organization that fights spam in email, web, etc. The organization, with offices in London and Geneva, publishes lists of spammers, called SBL (Spamhaus Block List), IP addresses of verified, known spammers; DBL (Domain Block Lists), a list of known spamming domains; etc. More information can be found in the Spamhaus website. Spamhaus provides these lists to the other companies to effectively fight spam.
already know about

Spamhaus came under a series of DDoS attacks on , and Luc Rossini of Spamhaus tweeted it.

Before that, many of us had an idea that something fishy was going on, as Spamhaus website was not available for an extended period of time.

Spamhaus’s hosting partner that makes the website reachable at difficult times, is Cloudflare. At the time of attack, the organization sought help from Cloudflare, which later told us an idea of the extent of the attack.

What is DDoS


Distributed Denial of Service is a type of denial of service attack, which targets a service and makes it unavailable to its legitimate customers. This is not essentially a hacking kind of attack, in that it probably will not compromise the data. It’s a way the hackers make sure “If I ain’t getting it, you ain’t either”.

DDoS as illustrated by Cisco

That was denial of service, what does ‘distributed’ mean? That word makes the attack somewhat special and extreme. It is the power of the crowd that makes this attack distributed. In distributed attacks, the hacker is not working directly, but through a huge number of compromised computers all over the world. These compromised computers may be yours or mine, and it could be anywhere on the planet. This network of compromised computers is known as a botnet.

Botnets are simply enormous; examples include BredoLab with 30 million computers, capable of 3.6 billion spams a day, Cutwail with over 1.5 million computers, and Zeus with nearly 3.5 million compromised systems.

These enormous networks can work together in bringing down any organization with a sheer volume of traffic.

What Happened With Spamhaus


Soon after it identified the attack details, Cloudflare posted this on its blog. That post gives us some ideas of what happened with Spamhaus. The attack simply sent a huge number of visitors to Spamhaus website, which is used to distribute its major spam blacklists to partnering organizations.

Once the website is down, the spam blacklists become unavailable and the spammers can win. However, since Spamhaus is an important entity in the inner workings of the Internet, many partnering organizations keep a copy of its most current blacklists. Hence, even if Spamhaus goes down on an attack, the blacklists should be available for a brief period of time. But that is not quite enough, and Spamhaus should stay online.

Briefly for a period on 18 March, Spamhaus website did go down as noted above. The volume of traffic that made that happen was in the order of 100 Gbps (up from about 10 Gbps). Let’s see what this means.

While I am writing this post, Spamhaus website is offline, with Cloudflare serving up a snapshot of the website.

100 Gbps of traffic is equivalent to about 131,072 people visiting Spamhaus website every second, if we assume the total size of the website is 100 KB and a visitor doesn’t go to any internal pages. If you expand it to a day’s visits, it should be around 11 billion visits. That kind of traffic aimed at Spamhaus and its hosting partners would cause extreme consequences.

huge traffic can affect any service

Let’s compare that traffic to the normal, organic web traffic. By the end of last year, Google’s daily searches average at about 4.72 billion. That means, the rest of the web is getting much fewer visits than that. You can get an idea by looking at this statistic published by USA Today, based on data from ComScore. All websites get visits in millions, and not anywhere close to billions.

These top websites still have to have great infrastructure and traffic load balancing methods to stay online all the time, even when a peak in traffic occurs. In most cases, a peak in traffic is a few hundred thousand more visitors, not a few billion within a day’s time. That kind of traffic can break even top websites.

That is what happened with Spamhaus.

Who Attacked Spamhaus?


Although in its FAQ, Spamhaus doesn’t say exactly who attacked them, they have later revealed that the attack came from Cyberbunker, a Dutch unethical hosting firm. This company, according to their website (currently down), “keeps your servers online no matter what!”

You cannot look at the company’s website at this time. They probably took it down or were made to. But you can get an idea of its business practices from an Internet archive snapshot made on . Here it is:

Snapshot from Cyberbunker

A notable thing is that Cyberbunker published a hateful blog post about Spamhaus accusing that the non-profit considers Cyberbunker and its business practice, a spam. The blog post, just as Cyberbunker website, is offline now, but there is a Google cache copy available, which we uploaded to Scribd. Here is the post.

However, Cyberbunker’s Sven Olaf Kamphuis has posted (probably not in person) in Facebook, denying that the attack was initiated from Cyberbunker. Also, the Stophaus website (that works for removing Spamhaus) is down now. If you check out their twitter account (@stophaus), you can see a number of conversations happening.

Cyberbunker's rogue hosting service did come to the attention of a number of spam fighting organizations in the past. The company makes sure that the websites it hosts stay online at all times, even if they are spamming others or are engaged in other type of illegal activities. Apparently, they tolerate anything other than child pornography and terrorism. Such ethics are sure to come under fire, and that is what happened in this case.

In Conclusion


Cloudflare's account that I linked to at the top does have quite detailed statistics of the attack. Also, the way in which the attack is progressing (still is), makes many people think this is not yet over. The internet community should not let this sort of attacks happen, and should help in fighting spam more effectively. We may update the details of this attack in the coming days. Keep coming back.

[Image: Aecdn, Xanga, Cisco]

Popular posts from this blog

What Is the Role of a Firewall, and How Does It Secure a Network From Unsafe Traffic?

To understand firewalls, basic understanding of how networks function is requisite. Deep down, how do the packets of information that you send reach the intended receivers? How do the messages intended for you reach you safely? And how does it all function like clockwork? Let’s understand the basics of firewalls and see how a firewall secures the traffic in and out of a network. Consider this scenario for getting an understanding of how firewalls work. Say, you open up your browser to book a flight ticket for your upcoming vacation, and your computer is conveniently insecure without a firewall. Let’s say you come across an intriguing email that gives an offer you can’t refuse. You open the email and click a link, and bam! An unwanted piece of spyware is installed on your system. The spyware then proceeds to sit on your system tray, hidden from your eyes, tracking the keystrokes you make, reading the top-secret files you have, and looking for potentially rewarding information, such...

Digital Marketing Done Properly in the New Age

I suppose it’s coincidence that this post appears almost exactly one year after Blue Bugle went sort of inactive. Today, the blog doesn’t enjoy as many readers as it once used to. This unfortunate thing is due to my hectic schedule in my new day job as senior content writer for an organization called MSys. This job gives me more opportunities to explore the separate aspects of the digital marketing domain. In the past, all we used to do was promoting our blog posts through social media at random thereby trying to gather as many visitors as possible. You never studied the prospects, the market, or the social channels you promote your stuff to.  Most of the SEO companies out there prided themselves in creating spammy blog comments to create links to client websites. Needless to say, most of these plans never worked or had less positive impact. Now, if you follow the same spammy activities, you are sure to get a ban at best. I had to come up with a new marketing plan for MSys th...

How to Send Email in Your Own Language Script Through Gmail?

Have you ever had trouble sending an email to a distant relative who speaks a different language altogether? It has never been easy on email applications to send messages in other languages. Google’s popular email service, Gmail has come up with transliteration tools and other language input tools to make the service much better. You can type using Gmail interface in any language that you want. First of all, you need to select the languages that you want to use in composer. For this, go to Gmail settings and you will see the ‘Language’ option under General. Here, go to advanced language options and put a check mark to ‘Enable input tools’. Here, you can transliterate (type in English the words in other languages to have them appear in correct script), use a virtual keyboard, or edit your input method with the help of a regular keyboard to convert words into other alphabet. Transliteration feature was available although limited in Gmail. Select the input tools from the list by d...