Global internet slows after 'biggest attack in history'

 

The BBC's Rory Cellan-Jones explains why the attack is like a "motorway jam", alongside expert David Emm from Kaspersky Lab

Related Stories

The internet around the world has been slowed down in what security experts are describing as the biggest cyber-attack of its kind in history.

A row between a spam-fighting group and hosting firm has sparked retaliation attacks affecting the wider internet.

Experts worry that the row could escalate to affect banking and email systems.

Five national cyber-police-forces are investigating the attacks.

Spamhaus, a group based in both London and Geneva, is a non-profit organisation that aims to help email providers filter out spam and other unwanted content.

To do this, the group maintains a number of blocklists - a database of servers known to be being used for malicious purposes.

Recently, Spamhaus blocked servers maintained by Cyberbunker, a Dutch web host that states it will host anything with the exception of child pornography or terrorism-related material.

Sven Olaf Kamphuis, who claims to be a spokesman for Cyberbunker, said, in a message, that Spamhaus was abusing its position, and should not be allowed to decide "what goes and does not go on the internet".

Spamhaus has alleged that Cyberbunker, in cooperation with "criminal gangs" from Eastern Europe and Russia, is behind the attack.

Cyberbunker has not responded to the BBC's request for comment.

'Immense job'

Steve Linford, chief executive for Spamhaus, told the BBC the scale of the attack was unprecedented.

"We've been under this cyber-attack for well over a week.

'Decapitating the internet'

Internet browser address bar

Writing exactly one year ago for the BBC, Prof Alan Woodward predicted the inherent weaknesses in the web's domain name system.

He wrote: "It is essentially the phone book for the internet. If you could prevent access to the phone book then you would effectively render the web useless."

Read Prof Woodward's full article

"But we're up - they haven't been able to knock us down. Our engineers are doing an immense job in keeping it up - this sort of attack would take down pretty much anything else."

Mr Linford told the BBC that the attack was being investigated by five different national cyber-police-forces around the world.

He claimed he was unable to disclose more details because the forces were concerned that they too may suffer attacks on their own infrastructure.

The attackers have used a tactic known as Distributed Denial of Service (DDoS), which floods the intended target with large amounts of traffic in an attempt to render it unreachable.

In this case, Spamhaus's Domain Name System (DNS) servers were targeted - the infrastructure that joins domain names, such as bbc.co.uk, the website's numerical internet protocol address.

Mr Linford said the attack's power would be strong enough to take down government internet infrastructure.

"If you aimed this at Downing Street they would be down instantly," he said. "They would be completely off the internet."

He added: "These attacks are peaking at 300 Gbps (gigabits per second).

"Normally when there are attacks against major banks, we're talking about 50 Gbps"

Clogged-up motorway

The knock-on effect is hurting internet services globally, said Prof Alan Woodward, a cybersecurity expert at the University of Surrey.

"If you imagine it as a motorway, attacks try and put enough traffic on there to clog up the on and off ramps," he told the BBC.

"With this attack, there's so much traffic it's clogging up the motorway itself."

Arbor Networks, a firm which specialises in protecting against DDoS attacks, also said it was the biggest such attack they had seen.

"The largest DDoS attack that we have witnessed prior to this was in 2010, which was 100 Gbps. Obviously the jump from 100 to 300 is pretty massive," said Dan Holden, the company's director of security research.

"There's certainly possibility for some collateral damage to other services along the way, depending on what that infrastructure looks like."

Spamhaus said it was able to cope as it has highly distributed infrastructure in a number of countries.

The group is supported by many of the world's largest internet companies who rely on it to filter unwanted material.

Mr Linford told the BBC that several companies, such as Google, had made their resources available to help "absorb all of this traffic".

The attacks typically happened in intermittent bursts of high activity.

"They are targeting every part of the internet infrastructure that they feel can be brought down," Mr Linford said.

"Spamhaus has more than 80 servers around the world. We've built the biggest DNS server around."

 

More on This Story

Related Stories

Comments

This entry is now closed for comments

Jump to comments pagination
 
  • rate this
    +5

    Comment number 346.

    @327. Tofino. Most "legitimate retail" email campaigns are just as intrusive and unwanted as illegal spam. Just because I buy something from a retailer doesn't give them the right to email me every 5 minutes.

  • rate this
    0

    Comment number 345.

    @330 Jaker. It seems Cyberbunker don't care who uses their Servers, so spam producers can freely use them to distribute spam. This is totally different to viruses etc. The reason you don't get spam is because of Companies like Spamhaus blocking spam before it gets to your inbox.

  • rate this
    +1

    Comment number 344.

    "The internet around the world has been slowed down" ... not mine. Am I just lucky or is this yet another example of the media attempting to boost their circulation by inventing another scare story? Rhetorical question of course.

  • rate this
    -10

    Comment number 343.

    Spam? That's awfully 2004-y isn't it? I haven't had spam in any of my inboxes in years.

  • rate this
    0

    Comment number 342.

    "Recently, Spamhaus blocked servers maintained by Cyberbunker
    [...]
    Cyberbunker has not responded to the BBC's request for comment."
    Maybe you should give them a call instead waiting for email...

  • rate this
    0

    Comment number 341.

    I was under the impression that the internet was FREE! It appears that large corporations are able to "slow" us all down. Why?
    Spamhaus have blocked a number, (talking thousands), of BT private IP4 addresses because of their spam lists, I should know I own five and I never send spam.
    Makes me want to connect via TOR.

  • rate this
    -2

    Comment number 340.

    I wondered why I was getting about 10 e-mails per minute from donotreply@observer.co.uk for a few days until two days ago. Looks like someone spoofed my domain and ran a DDoS attack on the Observer contact page. It was annoying as it obfuscated my ability to see real e-mails on my phone, but Outlook on my PC filtered the junk out. But I didn't feel like jumping off a cliff or anything...

  • rate this
    +1

    Comment number 339.

    It's about time the IP's got together to block the spammers. They have spoilt the Internet and are just a pain...How much time and money is wasted by spam? It must run to billions.

  • rate this
    +1

    Comment number 338.

    How ironic it should occur on the same day the "Anti-cyber threat centre" is launched

  • rate this
    +3

    Comment number 337.

    Bloody hell! We'll have to go outside and talk to each other now!

  • rate this
    -2

    Comment number 336.

    The Eu are launching a big attack on our reserves just to try and slow us down a bit, cheeky people.
    http://www.bbc.co.uk/news/world-europe-21956861

  • rate this
    0

    Comment number 335.

    Did the name SPAM originate from the Monty Python sketch?

  • rate this
    +5

    Comment number 334.

    It seems that Cyberbunker feels that they have a right to allow individuals to send spam to the rest of us because they make money. I have paid for anti virus and fire wall software to stop this sort of rubbish and idiots like Cyberbunker from sending me junk that I dont want to read, find offence and could be obscene. So what gives Cyberbunker this right?

  • rate this
    -2

    Comment number 333.

    I know that SH are a pain in the proverbial. They give good service but are slow to respond and it is damn impossible to get cleared when blocked. No compassion.U get a virus &your PC spams. They block you. Its not malicious, They don't care. I imagine this is the same for Cyberbunker - they provide an open unmonitored service but SH stops them. Not enough hosts allow this freedom anyway. Go CB!

  • rate this
    -1

    Comment number 332.

    Spam is big business, but so is legitimate commercial email use. The reason Spamhaus can be a problem is that their service is used by a huge number of isp's and hosted email companies. So if an error is made, the effects can be dramatic.

    An online store can lose out tremendously if its confirmation emails get blocked because someone else on the same IP block sent spam.

  • rate this
    +3

    Comment number 331.

    Given the lamentable performance of every ISP we've tried over the Edwardian copper cable technology which is out only option, I'd be surprised we'd ever notice the difference.

  • rate this
    -3

    Comment number 330.

    I have been to North Korean, Iranian, & Syrian web sites this past while & never ever get viruses or spam or botnets or malware, because I keep up to date all my anti virus, spyware, malware, programs. & check them every day (4 in total) for updates just to be sure, it only takes 2 minutes. That's what lets a lot of people down they don't check their security,programs or plugin updates. Spamhaus?

  • rate this
    -1

    Comment number 329.

    The article did not make clear if the Dutch site is actually a source of spam. It gives the impression they are hosting anything rather than sending out stuff. This may just be poor explanations by the report. If they just host things then Spamhaus are completely in the wrong. If they send out spam they may well be in the right if their filtering is reasonably selective and accurately getting spam

  • rate this
    -1

    Comment number 328.

    317.Nickpazza And it happens because you average Internet user can't be bothered with security, someone else's problem. They moan like hell when it hurts them or big brother is trying to stop them using their PC with XP SP1 (which funnily enough runs really slowly when on the internet, well when it boots up really, so many process', so much network usage before they have even hit Google')

  • rate this
    +3

    Comment number 327.

    I manage the email campaigns for a very popular retailer. We have fully opted in customers yet we fell foul of Spamhaus 'traps'.

    We operate within the law, UK data protection regulations as well as the rules of the data commissioners office.

    Spamhaus believe they are above the laws of this land, yet operate in secrecy and will not discuss our concerns.

    They too need investigating.

 

Page 13 of 30

 

More Technology stories

RSS

Features

BBC © 2014 The BBC is not responsible for the content of external sites. Read more.

This page is best viewed in an up-to-date web browser with style sheets (CSS) enabled. While you will be able to view the content of this page in your current browser, you will not be able to get the full visual experience. Please consider upgrading your browser software or enabling style sheets (CSS) if you are able to do so.