The Spamhaus Project reported a super powerful DDoS attack which has been lasting since mid-March. The company indicated that the attack comes from the Dutch hosting provider CyberBunker, which is suspected of providing services to spammers.
Spamhaus is a nonprofit organization based in London and Geneva. It specializes in helping various organizations filter out spam and other unwanted content. Spamhaus maintains databases on servers that are used by cybercriminals. The information is then given to the email services to block these servers.
The conflict began when Spamhaus blacklisted several servers belonging to CyberBunker. As CyberBunker representatives stated – they are willing to host anything but child pornography and information related to terrorism.
CyberBunker claims that Spamhaus is abusing its renowned position and should not be allowed to decide what to publish or not on the Internet.
The Geneva company, in their turn, accused the Dutch of collaborating with the criminal gangs from Eastern Europe and a massive cyberattack.
Investigation of the incident is underway. Specialists have found that the DDoS attacks reached 300 Gbps (usually such attacks range from 10 to 100 Gbps). Spamhaus representative Steve Linford said that experts from five countries are already engaged in locating the culprits.
Experts explain the unprecedented scale of that attack by that fact that hackers used a rare tactic – a DNS amplification attack. This attack uses a network of hacked DNS servers to answer fake requests that look like they come from Spamhaus. A majority of DNS servers out there are exposed to the threat of processing malicious queries due to the fact that they are in essence open DNS resolvers that handle requests from external sources. The cybercriminals who launched the attack against Spamhaus adopted the strategy of sending out queries with spoofed sources address to an immense number of open DNS resolvers. Consequently, replies to the queries from all of the involved open DNS resolvers flooded Spamhaus with a huge traffic volume. Furthermore, the attackers have leveraged an amplification technique where these queries caused the open DNS servers to respond with the volumes of data that considerably exceed the typical loads.
Hackers have apparently achieved their goal – the Spamhaus network collapsed under the pressure, and all of the spam blockers were disabled. Many online resources from around the world are using Spamhaus, and this is the reason why the damage from the attack is so significant.
BBC News reported it to be the most ambitious DDoS-attack, which resulted in different regions of the world suffering a decline in the speed of the Internet.
But reports of “The biggest hacker attack in history,” which reduced the speed of the Internet, are not true, according to Gizmodo. Renesys, engaged in monitoring the World Wide Web, reported that globally no impact on the Internet took place. Gizmodo received the same comment from the NTT company, one of the main providers through which significant amounts of traffic flow.
Both companies claimed that the 300 Gbps attack is a serious hindrance to the individual sites and even web hosting providers, but backbone providers operate multiple threads of Tbps traffic.