Global internet slows after 'biggest attack in history'


The BBC's Rory Cellan-Jones explains why the attack is like a "motorway jam", alongside expert David Emm from Kaspersky Lab

Related Stories

The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history.

A row between a spam-fighting group and hosting firm has sparked retaliation attacks affecting the wider internet.

Experts worry that the row could escalate to affect banking and email systems.

Five national cyber-police-forces are investigating the attacks.

Spamhaus, a group based in both London and Geneva, is a non-profit organisation that aims to help email providers filter out spam and other unwanted content.

To do this, the group maintains a number of blocklists - a database of servers known to be being used for malicious purposes.

Recently, Spamhaus blocked servers maintained by Cyberbunker, a Dutch web host that states it will host anything with the exception of child pornography or terrorism-related material.

Sven Olaf Kamphuis, who claims to be a spokesman for Cyberbunker, said, in a message, that Spamhaus was abusing its position, and should not be allowed to decide "what goes and does not go on the internet".

Spamhaus has alleged that Cyberbunker, in cooperation with "criminal gangs" from Eastern Europe and Russia, is behind the attack.

Cyberbunker has not responded to the BBC's request for comment.

'Immense job'

Steve Linford, chief executive for Spamhaus, told the BBC the scale of the attack was unprecedented.

"We've been under this cyber-attack for well over a week.

'Decapitating the internet'

Internet browser address bar

Writing exactly one year ago for the BBC, Prof Alan Woodward predicted the inherent weaknesses in the web's domain name system.

He wrote: "It is essentially the phone book for the internet. If you could prevent access to the phone book then you would effectively render the web useless."

Read Prof Woodward's full article

"But we're up - they haven't been able to knock us down. Our engineers are doing an immense job in keeping it up - this sort of attack would take down pretty much anything else."

Mr Linford told the BBC that the attack was being investigated by five different national cyber-police-forces around the world.

He claimed he was unable to disclose more details because the forces were concerned that they too may suffer attacks on their own infrastructure.

The attackers have used a tactic known as Distributed Denial of Service (DDoS), which floods the intended target with large amounts of traffic in an attempt to render it unreachable.

In this case, Spamhaus's Domain Name System (DNS) servers were targeted - the infrastructure that joins domain names, such as, the website's numerical internet protocol address.

Mr Linford said the attack's power would be strong enough to take down government internet infrastructure.

"If you aimed this at Downing Street they would be down instantly," he said. "They would be completely off the internet."

He added: "These attacks are peaking at 300 Gbps (gigabits per second).

"Normally when there are attacks against major banks, we're talking about 50 Gbps"

Clogged-up motorway

The knock-on effect is hurting internet services globally, said Prof Alan Woodward, a cybersecurity expert at the University of Surrey.

"If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps," he told the BBC.

"With this attack, there's so much traffic it's clogging up the motorway itself."

Arbor Networks, a firm which specialises in protecting against DDoS attacks, also said it was the biggest such attack they had seen.

"The largest DDoS attack that we have witnessed prior to this was in 2010, which was 100 Gbps. Obviously the jump from 100 to 300 is pretty massive," said Dan Holden, the company's director of security research.

"There's certainly possibility for some collateral damage to other services along the way, depending on what that infrastructure looks like."

Spamhaus said it was able to cope as it has highly distributed infrastructure in a number of countries.

The group is supported by many of the world's largest internet companies who rely on it to filter unwanted material.

Mr Linford told the BBC that several companies, such as Google, had made their resources available to help "absorb all of this traffic".

The attacks typically happened in intermittent bursts of high activity.

"They are targeting every part of the internet infrastructure that they feel can be brought down," Mr Linford said.

"Spamhaus has more than 80 servers around the world. We've built the biggest DNS server around."


More on This Story

Related Stories


This entry is now closed for comments

Jump to comments pagination
  • rate this

    Comment number 206.


  • rate this

    Comment number 205.

    "I read an article about 20 years ago that predicted that the internet will cease to be functional by around 2015, they said that this would die a death due to hackers, spammers and phishing."

    I'm sure mankind's greatest invention isn't about to fold overnight and be given up on, simply because you're a pessimistic a curmudgeon.

  • rate this

    Comment number 204.

    I notice most of the cyber attacks/hacks are politically motivated, what does that say to you?

  • rate this

    Comment number 203.

    re: fingalful. "death penalty [for hackers] if found within 3 miles of a computer". +worked so well for capital punishment. There were literally no murders in the British Isles between 1189 and 1950.

  • rate this

    Comment number 202.

    Cyber-attackers have 2 things in common it seems - a basic (or advanced) education on how to do what in computer-speak, and the criminal intent to make money from their acquired knowledge. The world is their oyster. We have a serious problem here and it is not going to go away willingly. Answer? Make it a treasonable offence to invade national or individual privacy, without parole, for life.

  • rate this

    Comment number 201.

    Spamhaus is on my street, and I think we use the same exchange.

    I think this is all because the wife started catching up on all her Easties about a week ago.

  • rate this

    Comment number 200.

    Wouldn't it make sense to shutdown the ISPs where the attacks originate. At least block the IPs from the source.

    As for some comments below, the use of routers have helped stop dialer's from the earlier ADSL USB modems, but due to weak passwords and no wireless security this adds another problem.

    For some of us, we won't realise the problem as we don't have fast enough broadband speeds.

  • rate this

    Comment number 199.

    Can we protect ourselves from these threats though?
    Is it a bit like a burglar. If he really wants to get in he will find a way in and there is nothing we can really do about it.
    To me the worst thing would be if our security was breached and we didn't know it.

  • rate this

    Comment number 198.

    unfortunately these people are out there and if you are an old dinosaur like me its me and my ilk that suffer not the tech savvy ones .

  • rate this

    Comment number 197.

    It seems rather like the effects of man made climate change. Hope it can be combatted.

  • rate this

    Comment number 196.

    Surprisingly, hopefully this is not the start of another biggest attack,..

  • rate this

    Comment number 195.

    Itr is funny for all the moaning and conspiracy nuts and people who hate big business and big government it's amazing how none of them seem to be able to control things like this.
    You'd expect it would be tracked and closed down straight away at source with FBI/Europol kicking doors in. So why isn't it?

  • rate this

    Comment number 194.

    Couldn't they get the BBC HYS moderators to remove it?

  • rate this

    Comment number 193.

    I read an article about 20 years ago that predicted that the internet will cease to be functional by around 2015, they said that this would die a death due to hackers, spammers and phishing.
    Looks like they were bang on with that then!
    What will the youth of today do if they have to read 'books' to get information from, disaster!!!!!

  • rate this

    Comment number 192.

    It's like terrorists. If they were told they had a choice of being extradited at their own expense or being executed without trial, we wouldn't have any here. If there was an international agreement that cyber attackers would immediately have their hands cut off & would, after the amputations, get the death penalty if found within 3 miles of a computer, cyber attacks would stop faster than pronto.

  • rate this

    Comment number 191.

    "The powers that be DO need to educate people to the fact that an unsecured PC will be used for cyber crime and they WILL(should) be held responsible for giving cyber criminals the tools they need to commit crime"

    Utter drivel. That is like someone having a cricket bat stolen which is then used in an assault and the original owner being charged by the police.

  • rate this

    Comment number 190.

    Wish they could target Phil McNulty and Robbie Savage content ...all articles, videos, expert analysis...please!

  • rate this

    Comment number 189.

    To everyone discussing who's funding this, a DDoS attack is surprisingly cheap to put together. It takes prep time and a bit of computer know how but with a small group of people you could potentially have a devasting effect, with a well run DDoS of course. It seems to be China's favourite cyber-terror weapon too for the moment.

  • rate this

    Comment number 188.

    @179 "Actually is only significant if you understand it that it would disable the ability for members AT 10 Downing Street to access Internet, not simply the informative web page the public accesses."

    The website won't be hosted at that address, therefore it wouldn't affect anyones ability to access the internet.

  • rate this

    Comment number 187.

    CyberBunker needs taking down and the owners Prosecuted.


Page 20 of 30


More Technology stories



BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.