Posts Tagged ‘Cyber’

A massive cyber attack targeting a European spam-fighting group that slowed some global Internet traffic to a crawl appears to have been launched by a gang of hackers from Russia and neighboring countries, says the head of a Russian firm specializing in defending against such attacks.

MOSCOW–A massive cyber attack targeting a European spam-fighting group that slowed some global Internet traffic to a crawl appears to have been launched by a gang of hackers from Russia and neighboring countries, says the head of a Russian firm specializing in defending against such attacks.

Alexander Lyamin, of Moscow’s Highload Labs, says he believes the same group who have caused trouble around the world with their attack against the non-profit Spamhaus Project Ltd. had earlier launched a series of brief strikes on several top Russian Internet companies as a trial run of their weapon known as a Domain Name System amplification attack.

“We first noticed incidents utilizing this technique a month-and-a-half ago in Russia. It started with a measly 10-20 gigabytes per second, but during the next month it grew to 60 and then 120 gigabytes. Apparently the attackers were growing their network of hacked servers,” Mr. Lyamin said.

The attacks against Spamhaus began on March 19 and appeared to have subsided on Wednesday. Some experts said the attack grew to as large as 300 gigabytes per second, which would make it the largest ever seen, although others–including Mr. Lyamin — dispute that.

A DNS amplification attack works by manipulating the basic system by which the Internet operates wherein a series of domain name system servers convert searches for particular sites, like, to their INS address which is actually a numerical code and makes the connection. The attack utilizes a network of hacked DNS servers to answer fake messages that appear to come from a targeted site with much larger responses. While this cripples the target site, it also severely slows the DNS server which results in bogging down scores of other searches. In the Spamhaus attack, experts have said they believe millions of web surfers were affected.

Spamhaus has accused Dutch Web-hosting company Cyberbunker for being behind the attack in a tit-for-tat retaliation for Spamhaus putting Cyberbunker on a blacklist for allegedly allowing vast amounts of spam to be sent through its servers.

Spokespeople for Cyberbunker and Spamhaus did not immediately respond to messages seeking comment. In a statement on its Website, Spamhaus said “a number of people have claimed to be involved in these attacks. At this moment it is not possible for us to say whether they are really involved.”

While Mr. Lyamin would not name the Russian companies that were the earlier targets because of “the very sensitive nature of this matter,” but said they included services used by Russians every single day.

“The targets were companies with good visibility and big names, but the attacks were only for a short duration of time. We think it was done for bragging rights. Also lots of Internet trash was targeted–porn, scam, drugs, piracy, etc. It was like a child playing Robin Hood or something,” he added.

He said the targeting of Russian companies, and the fact that the attacks tended to begin during daylight hours in Russia’s timezone, led his team to believe the attacks were launched by “a group of Russians or from our closest neighbors.”

Mr. Lyamin says he suspects whoever was behind the spam that Spamhaus had targeted had hired the hackers to launch the attack, which he said is a copycat of one undertaken in October 2010, about 20% smaller by volume of traffic.

“This is not new,” he said. “And I really doubt this is the biggest.”


At this very moment, the largest cyber attack ever declared is emanating from a decommissioned, nuclear-war proof NATO bunker with five foot-thick concrete walls and a reputation for harboring spammers and cybercriminals. It’s all part of a dustup between CyberBunker—so named for the building just outside Kloetinge, in the Netherlands, that houses its servers—and the international non-profitSpamhaus.

CyberBunker does what its name suggests: It’s a safe place full of computers, which host websites and data stores for various companies. Spamhaus, meanwhile, tracks internet addresses that are sources of email spam, and adds their addresses to a blacklist. Companies that use this blacklist—which include pretty much every email provider and most internet service providers on the planet—automatically block those addresses.

The conflict between Spamhaus and CyberBunker began in 2011, when Spamhaus blacklisted all of the internet addresses hosted by Dutch internet service provider A2B. One of A2B’s clients at the time was CyberBunker. It appears that Spamhaus blocked the entirety of A2B after being unable to convince A2B to block CyberBunker by itself.

According to an essay on CyberBunker’s site (corroborated by news accounts at the time) this led to a great deal of collateral damage for companies that used A2B’s services but had no connection to CyberBunker. As a result, Spamhaus’s blacklisting of A2B knocked out, among other things, the email service for “a high street retail chain.”

Now CyberBunker has moved off of A2B and onto a new internet service provider. Spamhaus is now able to blacklist CyberBunker directly, and did so. CyberBunker is annoyed about this. And so, as if to prove Spamhaus’s point, CyberBunker responded by launching a massive cyberattack on’s infrastructure—a flood of 300 billion bits of data per second designed to clog Spamhaus’s connection to the internet. The attack is so big that it is affecting service for regular folks who happen to rely on some of the internet connections it’s commandeering. That means delayed Netflix streams or brief outages for unrelated websites.

Patrick Gilmore, chief architect at the internet hosting service Akamai, told the New York Times that the bottom line for CyberBunker is that “they think they should be allowed to spam.” CyberBunker is explicit on its homepage that it will host anything but child pornography and “anything related to terrorism.”

It’s not clear when this cyber-attack will abate. Massive networks of “zombie” PCs, used to carry out these and related attacks, can be had for a pittance, so it’s possible a flood of bits could be directed at Spamhaus more or less indefinitely.

source –