Skip to main content

The Biggest Cyber Attack in the History of Internet Is What Slows Down Your Connection: An Analysis

Cyber security attack on the Internet

In the last couple of days here in my place, and for nearly a week in Europe, the Americas, etc., people have been experiencing a slower Internet connection. I was indeed surprised and thought up other reasons, like my ISP doing some maintenance, or some applications within the computer using the connection, for software updates and stuff. Only yesterday, the things were clear.

It was a distributed denial of service attack (DDoS) that was happening, essentially on the Internet itself. This is widely regarded to be the largest ever cyber security attack in the history of the Internet.

The Beginnings and the Parties Involved


spamming attacksHere are the main companies and organizations that were involved in this cyber attack. You probably Spamhaus, don’t you? It is an international non-profit organization that fights spam in email, web, etc. The organization, with offices in London and Geneva, publishes lists of spammers, called SBL (Spamhaus Block List), IP addresses of verified, known spammers; DBL (Domain Block Lists), a list of known spamming domains; etc. More information can be found in the Spamhaus website. Spamhaus provides these lists to the other companies to effectively fight spam.
already know about

Spamhaus came under a series of DDoS attacks on , and Luc Rossini of Spamhaus tweeted it.

Before that, many of us had an idea that something fishy was going on, as Spamhaus website was not available for an extended period of time.

Spamhaus’s hosting partner that makes the website reachable at difficult times, is Cloudflare. At the time of attack, the organization sought help from Cloudflare, which later told us an idea of the extent of the attack.

What is DDoS


Distributed Denial of Service is a type of denial of service attack, which targets a service and makes it unavailable to its legitimate customers. This is not essentially a hacking kind of attack, in that it probably will not compromise the data. It’s a way the hackers make sure “If I ain’t getting it, you ain’t either”.

DDoS as illustrated by Cisco

That was denial of service, what does ‘distributed’ mean? That word makes the attack somewhat special and extreme. It is the power of the crowd that makes this attack distributed. In distributed attacks, the hacker is not working directly, but through a huge number of compromised computers all over the world. These compromised computers may be yours or mine, and it could be anywhere on the planet. This network of compromised computers is known as a botnet.

Botnets are simply enormous; examples include BredoLab with 30 million computers, capable of 3.6 billion spams a day, Cutwail with over 1.5 million computers, and Zeus with nearly 3.5 million compromised systems.

These enormous networks can work together in bringing down any organization with a sheer volume of traffic.

What Happened With Spamhaus


Soon after it identified the attack details, Cloudflare posted this on its blog. That post gives us some ideas of what happened with Spamhaus. The attack simply sent a huge number of visitors to Spamhaus website, which is used to distribute its major spam blacklists to partnering organizations.

Once the website is down, the spam blacklists become unavailable and the spammers can win. However, since Spamhaus is an important entity in the inner workings of the Internet, many partnering organizations keep a copy of its most current blacklists. Hence, even if Spamhaus goes down on an attack, the blacklists should be available for a brief period of time. But that is not quite enough, and Spamhaus should stay online.

Briefly for a period on 18 March, Spamhaus website did go down as noted above. The volume of traffic that made that happen was in the order of 100 Gbps (up from about 10 Gbps). Let’s see what this means.

While I am writing this post, Spamhaus website is offline, with Cloudflare serving up a snapshot of the website.

100 Gbps of traffic is equivalent to about 131,072 people visiting Spamhaus website every second, if we assume the total size of the website is 100 KB and a visitor doesn’t go to any internal pages. If you expand it to a day’s visits, it should be around 11 billion visits. That kind of traffic aimed at Spamhaus and its hosting partners would cause extreme consequences.

huge traffic can affect any service

Let’s compare that traffic to the normal, organic web traffic. By the end of last year, Google’s daily searches average at about 4.72 billion. That means, the rest of the web is getting much fewer visits than that. You can get an idea by looking at this statistic published by USA Today, based on data from ComScore. All websites get visits in millions, and not anywhere close to billions.

These top websites still have to have great infrastructure and traffic load balancing methods to stay online all the time, even when a peak in traffic occurs. In most cases, a peak in traffic is a few hundred thousand more visitors, not a few billion within a day’s time. That kind of traffic can break even top websites.

That is what happened with Spamhaus.

Who Attacked Spamhaus?


Although in its FAQ, Spamhaus doesn’t say exactly who attacked them, they have later revealed that the attack came from Cyberbunker, a Dutch unethical hosting firm. This company, according to their website (currently down), “keeps your servers online no matter what!”

You cannot look at the company’s website at this time. They probably took it down or were made to. But you can get an idea of its business practices from an Internet archive snapshot made on . Here it is:

Snapshot from Cyberbunker

A notable thing is that Cyberbunker published a hateful blog post about Spamhaus accusing that the non-profit considers Cyberbunker and its business practice, a spam. The blog post, just as Cyberbunker website, is offline now, but there is a Google cache copy available, which we uploaded to Scribd. Here is the post.

However, Cyberbunker’s Sven Olaf Kamphuis has posted (probably not in person) in Facebook, denying that the attack was initiated from Cyberbunker. Also, the Stophaus website (that works for removing Spamhaus) is down now. If you check out their twitter account (@stophaus), you can see a number of conversations happening.

Cyberbunker's rogue hosting service did come to the attention of a number of spam fighting organizations in the past. The company makes sure that the websites it hosts stay online at all times, even if they are spamming others or are engaged in other type of illegal activities. Apparently, they tolerate anything other than child pornography and terrorism. Such ethics are sure to come under fire, and that is what happened in this case.

In Conclusion


Cloudflare's account that I linked to at the top does have quite detailed statistics of the attack. Also, the way in which the attack is progressing (still is), makes many people think this is not yet over. The internet community should not let this sort of attacks happen, and should help in fighting spam more effectively. We may update the details of this attack in the coming days. Keep coming back.

[Image: Aecdn, Xanga, Cisco]

Popular posts from this blog

10 Worst Android Antivirus Apps You Can Get

Are you careful about the security of your smartphone? For your Android device, Google Play store offers a number of antivirus apps. There are paid and free apps from professional companies like Avast!, Kaspersky, and Lookout, as well as free antivirus apps that install and work relatively faster. Among the security apps found on the Play Store, there are a number of free, lightweight ones, most of which enjoy a great number of downloads and high ratings. Most of the ratings are done by people who find the interface easy to use, but have no idea whether the app actually works or not. Many of us feel the app is great if the interface is cool, don’t we? It is painful to note that most of these free apps not only fail at most antivirus tests, but experts regard them to be incapable of detecting any threat. Last year, the latest mobile antivirus test report was published by AV-Test.org , in which they tested and rated the best and the worst antivirus programs among multiple platforms. ...

Five Great Alternatives for iGoogle Home Page Portal

Google’s popular home page service, iGoogle will be retired on November 1st, 2013. That’s a little over a year of managing your home page through this service. It came as a great disappointment to me since I had been using the service for a long time. I have a nice home page set up in iGoogle with news from BBC, CNN, and others; my calendar; a widget for time management; topic-specific news on technology, stock quotes, weather; and some other interesting stuff. It was a page that I woke up to for many days. It seems obvious that the popularity of home page services has been coming down in the recent years; another popular service in this arena, Netvibes has turned into something else entirely. I could have turned my attention to Netvibes after they retire iGoogle, but that won’t happen now. I will miss Google’s home page, and before that I want to find out another portal service that I could love as I do iGoogle. In search for one, I found these great services which can replace iG...

Should Microsoft Consider Buying Nokia?

In a recent talk between Microsoft and Nokia, the two companies contemplated a merger. WSJ reported the story  yesterday, and for quite a while, industry leaders have been cogitating on this move. Since 2011, Nokia has been in tie-up with Microsoft to use Windows Phone operating system on all of its major devices, notably the Nokia Lumia series ( Lumia 920 , 928 , etc). This has helped both companies in great ways. Here is an analysis as to whether the merger could pave way to success to these companies. Nokia Nokia, the Finnish smartphone maker, has been quite big in the market up until Android and iOS destroyed the stronghold of its Symbian OS. Nokia subsequently fell from the top and now has the tenth position in global smartphone market with about 2.8 percent of the market, according to research firm Gartner. Nokia lost its stock value considerably, and the strong stock, which some time in 2007 was trading at a peak rate of 40 dollars, now trades at around 3-4 dollars...