How the massive cyberattack may have been overblown
Some media outlets labeled Wednesday's internet slowdown the 'biggest cyberattack in history,' but in reality the disruption went largely unnoticed by users. Still, incidents like these highlight the internet's fragility and may prompt necessary fixes.
Is it "the biggest cyberattack in history"? Or just routine flak that network-security providers face all the time?Skip to next paragraph
Subscribe Today to the Monitor
News websites across the Western world proclaimed Internet Armageddon today (March 27), largely due to a New York Times story detailing a "squabble" between the spam-fighting vigilantes at Spamhaus and the dodgy Dutch Web-hosting company Cyberbunker.
"Fight Jams Internet," the Times headline said. "Global Internet slows," the BBC proclaimed in the wake of the Times' story. Both websites alleged that Netflix streaming was slowing down as a result.
The reality is less exciting, though still serious. The Internet disruptions, which were centered in Western Europe, appear to be largely over, and were largely unnoticed even when occurring.
But, if anything, the incident may prompt a fix for a basic security flaw in the Domain Name System that serves as one of the underpinnings of the Internet.
"Despite the work that has gone into making the Internet extremely resilient, these attacks underscore the fact that there are still some aspects of it that are relatively fragile," said Andrew Storms, director of security operations at San Francisco-based network-security provider nCircle.
Too much information
Cyberbunker appears to be behind a massive distributed denial-of-service (DDoS) attack that first tried to first take down Spamhaus, then Spamhaus' network-reliability provider CloudFlare, and finally this past Saturday (March 23) hit CloudFlare's own bandwidth providers in Europe.
Boston-based Akamai Networks told the Times, and Spamhaus told the BBC, that the last round of attacks peaked at 300 gigabits per second, possibly the largest amount of bandwidth ever recorded during a DDoS attack.
According to a CloudFlare blog posting, the attack was launched on March 18 and immediately involved a tactic called DNS amplification, in which unprotected Domain Name System (DNS) servers are used to flood targeted servers with huge amounts of useless information, tying up bandwidth and processing time.
The attacks increased in volume during the week, finally peaking on Saturday when, according to CloudFlare, half of the infrastructure on the London Internet Exchange, an Internet node connecting several large-scale networks, was tied up by the attack. (CloudFlare is based in Palo Alto, Calif., but runs a global network.)