If you experience slow internet today – it won’t be surprising to us… but it might not be what we are told it is… according to “industry insiders” – the internet is currently witnessing the largest cyber-attack ever seen – and the attack seems to be some kind of “war” between two entities – CyberBunker – a data-center in the Netherlands which hosts websites and servers for other companies, and the target appears to be SpamHaus – an organization which provides a “blacklist” – or blocking service to internet providers.
CyberBunker Entrance
Some of what is known is as follows:
CyberBunker is a data-center in the middle of a forest in The Netherlands – they host anything – servers, applications, etc – in the past they have been hosts to “The Pirate Bay” (since Oct. 2009) – a bit-torrent tracking service, which was chased from provider to provider as it fought legal battle after legal battle against copyright holders whose works were allegedly infringed by the torrents they tracked.
CyberBunker has hosted Wikileaks since 2010 and provides hosting services to many other organizations, including many so called “spammers” – or servers whose whole purpose is to send large amounts of junk email.
What else have they hosted? Who knows? Probably only CyberBunker staff know all they host, but Dutch officials found they were also hosting an MDMA lab (yes, ecstasy or “X”) after a 2002 fire in the building – as a result of the investigation into that particular hosting operation, 3 people were sentenced in connection with the lab, while another was released due to lack of evidence (source).
CyberBunker comes to the attention of SpamHaus:
SpamHaus had apparently identified CyberBunker as providing hosting for these spammers, and had contacted the upstream provider for CyberBunker (Dutch provider A2B) – and requested that the provider terminate services to CyberBunker – at first, A2B refused – when SpamHaus added the A2B IP addresses their blacklist, it seems tha A2B relented and dropped CyberBunker, while simultaneously filing complaints with the Dutch police authorities for extortion.
In March 2013, SpamHaus added the IP space of CyberBunker to their blacklists and on the 20th of March, SpamHaus noted that they were experiencing as massive distributed denial of service attack.
This little spat just got bigger…
This attack has escalated – and as the apparent victim (SpamHaus) engaged 3rd parties in helping them protect their own resources, the attacks have widened to take in larger and larger parts of the world.
The attack itself is a DDoS attack using DNS queries – which is how the SpamHaus system works – if a provider wishes to block junk email, they query the DNS servers of SpamHaus to see if the sending IP is in the blacklist – a quick “do you know this IP” – either yields “we don’t know them” – or – “we know this IP” – if the receiving mailserver gets the “we know this IP”, they generally refuse to accept the email. Many thousands, perhaps hundreds of thousands of leqitimate servers query the SpamHaus servers in this way every minute of the day.
The German company CloudFlare has noted the attack is one of the largest it has ever seen… and when you consider that this type of attack is their bread and butter business – they have seen quite a few.
According to SpamHaus/Cloudflare, the peek of the DDoS yielded 300 gigabits per second of traffic to their network – this is an enormous amount of traffic, with previous attacks being somewhere in the region of 50 gig/sec – and these were attacks large enough to disable large US bank’s servers!!
So while this attack continues, yes, SpamHaus and CyberBunker might be using the internet as their “war ground” – and you might be experiencing slowness because of this, but we have to ask… who has a lot more to gain by hyping this type of cyber-attack? Yes, you got it… CloudFlare.
Other parties in the “defense” side of the equation include Google – who have apparently offered some of their resources up to SpamHaus in an attempt to help absorb the traffic from this attack.
So your email and surfing are slow today – what does it mean?
If the internet is slow for you today… you might be encountering some fallout between CyberBunker and SpamHaus… or it could be that someone dug up your ISP’s cable up the road… our suggestion – wait a day… if it is still slow – call your ISP…