Global internet slows after 'biggest attack in history'


The BBC's Rory Cellan-Jones explains why the attack is like a "motorway jam", alongside expert David Emm from Kaspersky Lab

Related Stories

The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history.

A row between a spam-fighting group and hosting firm has sparked retaliation attacks affecting the wider internet.

Experts worry that the row could escalate to affect banking and email systems.

Five national cyber-police-forces are investigating the attacks.

Spamhaus, a group based in both London and Geneva, is a non-profit organisation that aims to help email providers filter out spam and other unwanted content.

To do this, the group maintains a number of blocklists - a database of servers known to be being used for malicious purposes.

Recently, Spamhaus blocked servers maintained by Cyberbunker, a Dutch web host that states it will host anything with the exception of child pornography or terrorism-related material.

Sven Olaf Kamphuis, who claims to be a spokesman for Cyberbunker, said, in a message, that Spamhaus was abusing its position, and should not be allowed to decide "what goes and does not go on the internet".

Spamhaus has alleged that Cyberbunker, in cooperation with "criminal gangs" from Eastern Europe and Russia, is behind the attack.

Cyberbunker has not responded to the BBC's request for comment.

'Immense job'

Steve Linford, chief executive for Spamhaus, told the BBC the scale of the attack was unprecedented.

"We've been under this cyber-attack for well over a week.

'Decapitating the internet'

Internet browser address bar

Writing exactly one year ago for the BBC, Prof Alan Woodward predicted the inherent weaknesses in the web's domain name system.

He wrote: "It is essentially the phone book for the internet. If you could prevent access to the phone book then you would effectively render the web useless."

Read Prof Woodward's full article

"But we're up - they haven't been able to knock us down. Our engineers are doing an immense job in keeping it up - this sort of attack would take down pretty much anything else."

Mr Linford told the BBC that the attack was being investigated by five different national cyber-police-forces around the world.

He claimed he was unable to disclose more details because the forces were concerned that they too may suffer attacks on their own infrastructure.

The attackers have used a tactic known as Distributed Denial of Service (DDoS), which floods the intended target with large amounts of traffic in an attempt to render it unreachable.

In this case, Spamhaus's Domain Name System (DNS) servers were targeted - the infrastructure that joins domain names, such as, the website's numerical internet protocol address.

Mr Linford said the attack's power would be strong enough to take down government internet infrastructure.

"If you aimed this at Downing Street they would be down instantly," he said. "They would be completely off the internet."

He added: "These attacks are peaking at 300 Gbps (gigabits per second).

"Normally when there are attacks against major banks, we're talking about 50 Gbps"

Clogged-up motorway

The knock-on effect is hurting internet services globally, said Prof Alan Woodward, a cybersecurity expert at the University of Surrey.

"If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps," he told the BBC.

"With this attack, there's so much traffic it's clogging up the motorway itself."

Arbor Networks, a firm which specialises in protecting against DDoS attacks, also said it was the biggest such attack they had seen.

"The largest DDoS attack that we have witnessed prior to this was in 2010, which was 100 Gbps. Obviously the jump from 100 to 300 is pretty massive," said Dan Holden, the company's director of security research.

"There's certainly possibility for some collateral damage to other services along the way, depending on what that infrastructure looks like."

Spamhaus said it was able to cope as it has highly distributed infrastructure in a number of countries.

The group is supported by many of the world's largest internet companies who rely on it to filter unwanted material.

Mr Linford told the BBC that several companies, such as Google, had made their resources available to help "absorb all of this traffic".

The attacks typically happened in intermittent bursts of high activity.

"They are targeting every part of the internet infrastructure that they feel can be brought down," Mr Linford said.

"Spamhaus has more than 80 servers around the world. We've built the biggest DNS server around."


More on This Story

Related Stories


This entry is now closed for comments

Jump to comments pagination
  • rate this

    Comment number 106.

    received over 100 spam emails today from 2 companies !!
    majority sent from a company eSmart Media Ltd based in Switzerland , so outside the EU ! and the rest marketing by vanquish bank in the UK !!
    Definitely a significant increase in spam this week

  • rate this

    Comment number 105.

    They should redirect the DDos back to them !

  • rate this

    Comment number 104.

    If one can ddos from ones computer then it's up to the makers of ones computer to have that ability removed from ones computer.
    If it's impossible to remove the ability to ddos from ones computer then it's the makers problem not the user from ones computer.

  • rate this

    Comment number 103.

    20. Bumble
    In related news sales of top shelf magazines rocket.


    Do people still buy those anymore ? After all, there's plenty of one-handed web-sites !!

  • Comment number 102.

    This comment was removed because the moderators found it broke the house rules. Explain.

  • rate this

    Comment number 101.

    haha, lots of laughs about how slow your internet is receiving your spam emails... But its very serious: look at the damage when RBS broke its website. Now imagine if the gangsters running this DDoS decided to extort a few £m from RBS or they'd block their internet banking. Imagine if Spamhaus stopped filtering, you'd have so many spam emails you wouldn't be able to see the real ones.

  • rate this

    Comment number 100.

    I wondered why my 100MB Virgin Media Connection was only running at around 75 - 80MB

  • rate this

    Comment number 99.

    regardless of the popularity of some internet companies it is clearly
    logical that governments should restore the right to having the biggest
    servers as a safety precaution

  • rate this

    Comment number 98.

    80. They already did in a way. Season 12 Episode 6 'Over Logging'

  • rate this

    Comment number 97.

    To all the conspiracy theorists on here, saying this is an excuse for Governments to control the Internet:

    1 Spam is already illegal

    2 Denial of Service attacks are already illegal

    3 The are numerous technical law enfocement agencies already

    4 The challenge is catching and prosecuting the offenders

    5 Loss of the Internet, even for 24 hrs, will cause massive problems

  • rate this

    Comment number 96.

    Getting world wide concensus to do anything about this type of problem for our personal email addresses is nigh impossible because these tools can be used for country cyber warfare should a country have a need to or want to .... But we must give credit to the large IT companies who do their very best to try and stop attacks with little political support ! Close spammers down !!!

  • rate this

    Comment number 95.

    Either through education or enforcement people need to install the latest patches/updates and have security software installed. There is no financial cost in this just a bit of time.

    ISP's can tell through simple scripts what the state of a persons PC is OS patch state etc and warn them if they don't run a tight ship their broadband will be suspended untill they sort it out!!

  • rate this

    Comment number 94.

    Like @ukhazard, I've been irked by Spamhaus' oft-blunt approach in the past. My own legitimate email service was denied because of a problem with another account with the same provider - how can that be right? Who gives this organisation the mandate to act in such a cavalier fashion?

  • rate this

    Comment number 93.

    Until the culprits are caught and given very long prison sentences with very high fines and confiscation of goods and chattels this sort of thing will continue. However the chances of being bought to book seem to be so slight that I can see no end to the damage these idiots course.

  • rate this

    Comment number 92.

    With a "high speed" BT Broadband at 1 Mbps (if I'm lucky) any decrease in internet speed would hardly be noticeable ... if at all.

  • rate this

    Comment number 91.

    A DDoS is hardly an attack, it doesn't damage anything (except reputation) all it does do is slow down users of the website.

    The real world equivalent is picketing outside a company and slowing the flow of customers.

    Of course governments would rather it was seen as a crime, that way they can further push for draconian laws.

    Oh and can we drop the "cyber" prefix, please?

  • rate this

    Comment number 90.

    Mr Linford told the BBC "He claimed he was unable to disclose more details because the forces were concerned that they too may suffer attacks on their own infrastructure."
    these cyber-police-forces people are the only ones who are likely to benefit from increased "cyber crime". I bet some will most likely be private contractors. How does a private contractor of cyber crime increase profits? Spam!

  • rate this

    Comment number 89.

    I notice that NW1837's internet connection must be so slow that 5, 6, 7, and 8 have been uploaded haphazardly and lost to the ether!
    Brilliant comment, NW!!

    Now watch the moderators remove this one... unless, of course, their Internet connection is ultra slow!!

  • rate this

    Comment number 88.

    As I understand it this company allows any content except porn and terrorism material. They do not say they encourage spam and maybe the reason there are so many restrictions by other service providers is to do with fears they may be targeted by people like spamhaus. There has to be a better way of controlling spam than targeting companies in this way as it is open to as much abuse as spamming

  • rate this

    Comment number 87.

    Microsoft etc are pushing businesses to run their applications on the cloud e.g. Office 365.

    Are they nuts, eggs and basket spring to mind and this is a good example of why you should keep your data in your own secure environment.


Page 25 of 30


More Technology stories



BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.