Spam blocker falls victim to ‘one of the largest’ cyber-attacks

Published: Updated:

One of the largest ever cyber-attacks is slowing global internet services and the disruption could get worse, experts said on Wednesday, after an organization blocking “spam” content became a target.

The attacks targeted Spamhaus, a Geneva-based volunteer group that publishes spam blacklists which are used by networks to filter out unwanted email, and led to cyberspace congestion which may have affected the overall Internet, according to Matthew Prince of the US security firm CloudFlare.

CloudFlare estimates that Spamhaus “is directly or indirectly responsible for filtering as much as 80 percent of daily spam messages.”

“Based on the reported scale of the attack, which was evaluated at 300 Gigabits per second, we can confirm that this is one of the largest Distributed Denial of Service (DDoS) operations to date,” online security firm Kaspersky Lab said in a statement.

The attacks began after Spamhaus blacklisted Cyberbunker, a Web hosting firm that “offers anonymous hosting of anything except child porn and anything related to terrorism.” The origin of the attacks has not been identified. But a BBC report said Spamhaus alleged that Cyberbunker, in cooperation with “criminal gangs” from Eastern Europe and Russia, was behind the attack.

“We’ve been under this cyber-attack for well over a week,” Steve Linford, chief executive of Spamhaus, told the BBC. “They are targeting every part of the internet infrastructure that they feel can be brought down.”

Prince stated that over the last few days “we’ve seen congestion across several major Tier 1 [networks], primarily in Europe where most of the attacks were concentrated, that would have affected hundreds of millions of people even as they surfed sites unrelated to Spamhaus or CloudFlare.

“If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why,” he said in a blog post.

A spokesman for the network security firm Akamai told AFP that based on the published data, “the attack was likely the largest publicly acknowledged attack on record.”

Paul Vlissidis, group technical director at internet security firm NCC, said the volumes of traffic involved in the attack were having a knock-on effect on the rest of the internet.

Because many computers were involved in the attack, it was difficult to defend against.

“If you have a few computers sending large amounts of traffic you can filter them out easily. When literally thousands and thousands are involved it makes it much, much harder,” he told Reuters.

Thinkbroadband, an independent British information website which allows users to test their broadband speed, offered contrary evidence claiming that there appeared to be little evidence of a slowdown.

Prince said of the incident: “While we don’t know who was behind this attack, Spamhaus has made plenty of enemies over the years... We’re proud of how our network held up under such a massive attack and are working with our peers and partners to ensure that the Internet overall can stand up to the threats it faces.”