Cyberattack on Spam Fighter Said to Be Over

Posted: March 28, 2013 by Rizwan Riyad in Tech, Technology
Tags: , , , , ,

Companies that monitor Internet traffic said Wednesday that an intensive cyberattack against a European spam-fighting organization has ended.

The attack against the Spamhaus Project Ltd., a nonprofit group that tracks spammers, was massive enough to slow some of the traffic on the Web to a crawl.

Analysts work in the Security Operations Center at the Dell SecureWorks office in South Carolina

Analysts work in the Security Operations Center at the Dell SecureWorks office in South Carolina

Spamhaus accused Cyberbunker, a Dutch Web-hosting company, of coordinating the so-called distributed denial-of-service attack against it, according to a report by the British Broadcasting Corp. In a DDoS attack, multiple servers send simultaneous requests to the target’s Web servers, ultimately causing them to crash.

According to the BBC, Spamhaus said the attack was in retaliation for its blacklisting of the Dutch company.

Neither Cyberbunker nor Spamhaus could be reached for comment. A person familiar with the situation said Spamhaus thinks it is still under attack.

The cyberattack was one of an increasing number of such offensives against corporations, including large financial institutions, and raises questions about what companies can do to guard against them.

The DDoS attack directed at servers run by Spamhaus came at a rate of 300 gigabits a second, which is five or six times the intensity of typical cyberattacks against banks, said Dan Holden, director of security research at Arbor Networks Inc.

“Up until this, the largest attack we had seen was a 100-gigabit attack in 2010 and an 80-gigabit attack in 2012. Jumping up to 300 is tripling the largest attack we’ve seen,” he said.

According to Mr. Holden, the attack against Spamhaus caused “collateral damage” across the Web because of the “pure size” of the attack. The extent of any collateral damage is also dependent on the path taken between the attacking servers and the victim, he said. Arbor Networks is able to determine the ebbs and flows of Web traffic by aggregating data provided by 250 Internet-service providers around the world.

DDoS attacks are becoming a problem for large institutions, including U.S. banks. Thus far, corporations have responded by using technologies from tech companies such as Akamai Technologies Inc., AKAM +0.23% Prolexic Technologies and others that help companies deflect unwanted traffic from their sites.

Those technologies can help keep sites functioning normally. In January, as attackers hammered bank sites with DDoS attacks, the availability rate of websites at U.S. financial institutions actually rose to 97.21% from 94.86% in the fall, when the first phase of the ongoing attacks was in full force, according to a report from

But there are limits to how effective defensive technologies can be. A spokesperson at Wells Fargo WFC -0.86% & Co. confirmed its banking websites were under attack Tuesday, but added that most of its customers weren’t affected. It didn’t explain how it deflected the attack.

Last Wednesday, Wells Fargo’s chief information security officer, Rich Baich, said companies need to think in advance about how so-called hacktivist groups, which use cyberattacks as tools of political or social protest, might respond to actions they takes at any point in time. Mr. Baich was speaking at the IT Security Entrepreneurs Forum at Stanford University. “It’s not just about nuisance, where a website was hacked, it’s about them holding you hostage by denying you use of the Internet,” he said.

He stressed that attackers can do more than take down websites: They can use viruses to physically destroy electronic devices, as was the case with personal computers at Saudi Arabian Oil Co.’s last August. “Now there’s a destructive angle,” Mr. Baich said.

Mike Smith, director of the customer-security incident response team at Akamai, says such attacks are possible because of improperly configured domain-name servers—the servers that correlate website addresses, such as, into the numerical addresses used by servers.

According to Mr. Smith, “hosting providers, businesses, and people with a cloud server who set up their own DNS resolver” often neglect to configure their servers using proper security settings. He says there are groups that compile lists of servers that improperly configured and open to abuse.

The sudden pickup in targeted attacks against corporate websites has brought cybersecurity to the highest levels of attention. The rise of IT security “to a board level concern is maybe the fastest I’ve ever seen,” said Thomas Sanzone, senior vice president of consulting firm Booz Allen Hamilton Inc. BAH -0.53%

The attack against Spamhaus raises questions about what companies should do to protect themselves, and whether a proactive defense is appropriate.

Compared with governments, companies are limited in actions they can take to legally respond to cyberattacks. Michael Chertoff, the former secretary of homeland security, said diplomatic considerations make it difficult for the government to take action against suspected adversaries from other countries.

Mr. Chertoff, who worked at the Department of Homeland Security from 2005 to 2009 and now runs a security consulting firm, said the U.S., which formally launched its cyberdiplomacy campaign in 2009, is currently trying to figure out how to deter and retaliate against cyberattacks, many of which come from sovereign countries.

“There are a serious questions about what we can do to defend ourselves and how far we can go in what we call active defense, that are both legal and policy questions that have yet to be resolved,” said Mr. Chertoff in January.

Mr. Chertoff counseled companies to think long and hard about retaliating on their own, noting that they could end up crippling a server that controls hospital equipment, while also unwittingly hosting malware.


source –

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s