What if the World Wide Web were hit by a cyber-attack so massive as to threaten government infrastructures, banking systems, and email -- and nobody noticed?
That's what's reportedly happening right now. According to BBC News, a feud between a Dutch spam host and a spam filter vendor has spilled over into a series of "immense" DDoS attacks, slowing popular sites like Netflix, as well as threatening more serious damage.
Well, all I can say is, not around here. Netflix, YouTube, and the Internet in general seem to be working just fine. I guess I'm lucky, with The New York Times reporting that "Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time."
The spat broke out when Spamhaus, a nonprofit spam tracker, added Cyberbunker to one of its blocked lists. Cyberbunker is a web host housed, apparently, in a real bunker -- a former NATO structure. It claims to be "bullet-proof, reliable, untouchable," and it certainly seemed resistant to a recent attempted intrusion by a Dutch SWAT team.
Cyberbunker claims to host everything except "child porn and... terrorism." Spamhaus, which is said to filter 80 percent of the world's email traffic, apparently upset someone with the Cyberbunker block. It sustained a DDoS attack over the weekend, which knocked out its website. The attack, sustained by a large botnet, was a DNS amplification attack, described as follows:
The basic technique of a DNS reflection attack is to send a request for a large DNS zone file with the source IP address spoofed to be the intended victim to a large number of open DNS resolvers. The resolvers then respond to the request, sending the large DNS zone answer to the intended victim. The attackers' requests themselves are only a fraction of the size of the responses, meaning the attacker can effectively amplify their attack to many times the size of the bandwidth resources they themselves control.
Cloudflare, called in by Spamhaus to help mitigate the attack, recorded "over 30,000 unique DNS resolvers involved in the attack... The attacker only needed to control a botnet or cluster of servers to generate 750Mbps -- which is possible with a small sized botnet or a handful of AWS instances." One problem with an attack via the DNS, of course, is that you can't shut the system down down without shutting down the Internet.
So much for the methodology (Cloudflare imposed a virtual shield between Spamhaus and the malicious packages, distributing them widely across its own datacenters).
Is it clear that Cyberbunker is the culprit? Interestingly, neither Cloudflare not Spamhaus cite Cyberbunker in reporting the attack, although the news stories strongly suggest that Spamhaus is briefing reporters that Cyberbunker is responsible.
Cyberbunker? They have a quite different take on what's happening. It claims that Spamhaus has extorted ISP providers, like A2B Internet, threatening them with blacklisting if they carry Cyberbunker's traffic. But, of course, Cyberbunker isn't acknowledging responsibility for the cyber-attack.
Has Spamhaus been over-reaching? Is Cyberbunker a spamming menace? Either way, the situation poses a threat to all of us innocent bystanders. Whether or not you've been directly affected, this is supposedly the largest DDoS attack in history -- like a nuclear bomb, according to a Cloudflare spokesman.
Of course, if it gets worse, you probably won't be reading this.
— Kim Davis , Community Editor, Internet Evolution