Global internet slows after 'biggest attack in history'

 

The BBC's Rory Cellan-Jones explains why the attack is like a "motorway jam", alongside expert David Emm from Kaspersky Lab

Related Stories

The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history.

A row between a spam-fighting group and hosting firm has sparked retaliation attacks affecting the wider internet.

Experts worry that the row could escalate to affect banking and email systems.

Five national cyber-police-forces are investigating the attacks.

Spamhaus, a group based in both London and Geneva, is a non-profit organisation that aims to help email providers filter out spam and other unwanted content.

To do this, the group maintains a number of blocklists - a database of servers known to be being used for malicious purposes.

Recently, Spamhaus blocked servers maintained by Cyberbunker, a Dutch web host that states it will host anything with the exception of child pornography or terrorism-related material.

Sven Olaf Kamphuis, who claims to be a spokesman for Cyberbunker, said, in a message, that Spamhaus was abusing its position, and should not be allowed to decide "what goes and does not go on the internet".

Spamhaus has alleged that Cyberbunker, in cooperation with "criminal gangs" from Eastern Europe and Russia, is behind the attack.

Cyberbunker has not responded to the BBC's request for comment.

'Immense job'

Steve Linford, chief executive for Spamhaus, told the BBC the scale of the attack was unprecedented.

"We've been under this cyber-attack for well over a week.

'Decapitating the internet'

Internet browser address bar

Writing exactly one year ago for the BBC, Prof Alan Woodward predicted the inherent weaknesses in the web's domain name system.

He wrote: "It is essentially the phone book for the internet. If you could prevent access to the phone book then you would effectively render the web useless."

Read Prof Woodward's full article

"But we're up - they haven't been able to knock us down. Our engineers are doing an immense job in keeping it up - this sort of attack would take down pretty much anything else."

Mr Linford told the BBC that the attack was being investigated by five different national cyber-police-forces around the world.

He claimed he was unable to disclose more details because the forces were concerned that they too may suffer attacks on their own infrastructure.

The attackers have used a tactic known as Distributed Denial of Service (DDoS), which floods the intended target with large amounts of traffic in an attempt to render it unreachable.

In this case, Spamhaus's Domain Name System (DNS) servers were targeted - the infrastructure that joins domain names, such as bbc.co.uk, the website's numerical internet protocol address.

Mr Linford said the attack's power would be strong enough to take down government internet infrastructure.

"If you aimed this at Downing Street they would be down instantly," he said. "They would be completely off the internet."

He added: "These attacks are peaking at 300 Gbps (gigabits per second).

"Normally when there are attacks against major banks, we're talking about 50 Gbps"

Clogged-up motorway

The knock-on effect is hurting internet services globally, said Prof Alan Woodward, a cybersecurity expert at the University of Surrey.

"If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps," he told the BBC.

"With this attack, there's so much traffic it's clogging up the motorway itself."

Arbor Networks, a firm which specialises in protecting against DDoS attacks, also said it was the biggest such attack they had seen.

"The largest DDoS attack that we have witnessed prior to this was in 2010, which was 100 Gbps. Obviously the jump from 100 to 300 is pretty massive," said Dan Holden, the company's director of security research.

"There's certainly possibility for some collateral damage to other services along the way, depending on what that infrastructure looks like."

Spamhaus said it was able to cope as it has highly distributed infrastructure in a number of countries.

The group is supported by many of the world's largest internet companies who rely on it to filter unwanted material.

Mr Linford told the BBC that several companies, such as Google, had made their resources available to help "absorb all of this traffic".

The attacks typically happened in intermittent bursts of high activity.

"They are targeting every part of the internet infrastructure that they feel can be brought down," Mr Linford said.

"Spamhaus has more than 80 servers around the world. We've built the biggest DNS server around."

 

More on This Story

Related Stories

Comments

This entry is now closed for comments

Jump to comments pagination
 
  • rate this
    +8

    Comment number 126.

    There is absolutely nothing wrong with my Internet connecti

  • rate this
    +106

    Comment number 125.

    We use the Spamhaus real time block list on our mail servers to filter spam which now makes up 90% of all email thanks to the inaction by governments to track down & prosecute those responsible. Spamhaus is not compulsory so any mail service can use it to filter spam or not - unlike Cyberbunker who facilitate spammers sending you viruses & junk whether you want it or not.

  • rate this
    +15

    Comment number 124.

    @ 68. janemanby : "I do not like the idea that one body has the right to say what can and cannot be on the net."

    No-one is stopping you from putting things on the net, but you don't have an automatic right to force me to read it, and you don't have the right to force my mail server to take it from you.

    Spamhaus simply maintains a list of servers known to be abusing this trust.

  • rate this
    +3

    Comment number 123.

    Cloudflare had a huge attack on its servers yesterday resulting in thousands of UK business websites being unreachable. This has happened several times recently.

    It amazes me that Hacktivist groups are so mind bogglingly stupid that they cannot see that attacking and trying to shut down commercial organisations who they don't happen to like that day is as despotic as North Korea.

  • rate this
    -3

    Comment number 122.

    No conspiracy theories. Simple truth, governments of one country or another seek to manipulate your attitude to the internet, and thus justify their reasons for controlling the whole internet, and therefore not only what goes on, but ultimately how you think and respond (fear, disgust,shock etc.). It does smack of Global mind domination... if only for 'commercial gains'! ...Legal spam anyone?

  • rate this
    +3

    Comment number 121.

    The days of the internet as a free for all went with the last of the COBOL developers fixing the Y2K bug. The internet is far more important than it's position in the 80's and 90's and has to be regulated and secured to ensure that people can be confident for both personal and business usage. We wouldn't accept people putting broken down cars on the motorway would we? We'd call the police.

  • rate this
    +2

    Comment number 120.

    Sadly (or happily depending on your viewpoint) the hackers and cyber-attackers will always be two or three steps ahead of any counter measures businesses, governments or the public take to combat them. That is the way of the modern world. It used to be that people held up banks and broke into places to get what they wanted, now all that's needed is a few clicks of a mouse or taps on a touchscreen.

  • rate this
    -3

    Comment number 119.

    computers makes people fat.

  • rate this
    +3

    Comment number 118.

    Remember the 'bad' old days of 56kbps dial up internet. Then broadband came along with 300kbps, 6 times as fast and we all went crazy saying how fast it was. Now 10 years later its a hundred times as fast as that........ and we are all complaining how slow it is, crazy.

  • rate this
    0

    Comment number 117.

    Isn't spam a posh luncheon-meat, or is it the other way around.

  • rate this
    -3

    Comment number 116.

    A lot of willey-waving from Mr Linford methinks. :)

  • rate this
    +3

    Comment number 115.

    Are any of us surprised? The future is not secure. We are stuffed big time!

  • rate this
    +1

    Comment number 114.

    For people marking my post 95 down you are just plain stupid. It is illegal to sell guns in the UK for a reason, it gives criminals weapons.

    By running an unsecured PC you are giving cyber criminals the weapon they need for DOS attacks. By being part of a bot-farm you are complicit in a crime. Ignorance isn't a defence in the eyes of the law!!

  • rate this
    +14

    Comment number 113.

    Don't knock Spamhaus. They are doing a fantastic job. Spam originating organisations like Cyberbunker should be physically raided, taken out and their equipment destroyed. If you've been blacklisted then you only have yourself to blame for letting your PCs be taken over and used as botnets. Secure your network! Would you leave your premises unsecured? No? Why should your network be different?

  • rate this
    -2

    Comment number 112.

    I thought dodos were extinct.

  • rate this
    -43

    Comment number 111.

    I am doing well today. Most of my posts are being marked down.

  • rate this
    +1

    Comment number 110.

    @49 Strider - So the real solution is for Microsoft/Mozilla/Google/Opera/Symantec/etc to actually make security an issue and provide systems and tools that prevent and remove the botnet software used for DDoS attacks, instead of just crowing about how they shut down a botnet.

  • rate this
    +3

    Comment number 109.

    Global internet slows after 'biggest attack in history'

    that's 'cos we've only got one Miliband-width now........

  • rate this
    +2

    Comment number 108.

    I would have more sympathy for the hosting company if I didn't get over 2000 spam messages a day. That's approximately 150 for every real message I get.

    If blocking the hosts who give these spammers a platform to work from results in their other customers being blocked then it is up to the collaterally damaged to react by complaining to the host or moving their business elsewhere.

  • rate this
    +54

    Comment number 107.

    "Global internet slows after 'biggest attack in history' "

    Either that or they're accidently using Internet Explorer.

 

Page 24 of 30

 

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.