Skip to: Content
Skip to: Site Navigation
Skip to: Search

How the massive cyberattack may have been overblown

Some media outlets labeled Wednesday's internet slowdown the 'biggest cyberattack in history,' but in reality the disruption went largely unnoticed by users. Still, incidents like these highlight the internet's fragility and may prompt necessary fixes.

By Paul WagenseilTechNewsDaily / March 27, 2013

A man passes Communications House, a building listed as containing an office of the Spamhaus Project Ltd, in London March 27, 2013.

REUTERS/Luke MacGregor


Is it "the biggest cyberattack in history"? Or just routine flak that network-security providers face all the time?

Skip to next paragraph

News websites across the Western world proclaimed Internet Armageddon today (March 27), largely due to a New York Times story detailing a "squabble" between the spam-fighting vigilantes at Spamhaus and the dodgy Dutch Web-hosting company Cyberbunker.

"Fight Jams Internet," the Times headline said. "Global Internet slows," the BBC proclaimed in the wake of the Times' story. Both websites alleged that Netflix streaming was slowing down as a result.

The reality is less exciting, though still serious. The Internet disruptions, which were centered in Western Europe, appear to be largely over, and were largely unnoticed even when occurring.

But, if anything, the incident may prompt a fix for a basic security flaw in the Domain Name System that serves as one of the underpinnings of the Internet.

"Despite the work that has gone into making the Internet extremely resilient, these attacks underscore the fact that there are still some aspects of it that are relatively fragile," said Andrew Storms, director of security operations at San Francisco-based network-security provider nCircle.

Too much information

Cyberbunker appears to be behind a massive distributed denial-of-service (DDoS) attack that first tried to first take down Spamhaus, then Spamhaus' network-reliability provider CloudFlare, and finally this past Saturday (March 23) hit CloudFlare's own bandwidth providers in Europe.

Boston-based Akamai Networks told the Times, and Spamhaus told the BBC, that the last round of attacks peaked at 300 gigabits per second, possibly the largest amount of bandwidth ever recorded during a DDoS attack.

According to a CloudFlare blog posting, the attack was launched on March 18 and immediately involved a tactic called DNS amplification, in which unprotected Domain Name System (DNS) servers are used to flood targeted servers with huge amounts of useless information, tying up bandwidth and processing time.

The attacks increased in volume during the week, finally peaking on Saturday when, according to CloudFlare, half of the infrastructure on the London Internet Exchange, an Internet node connecting several large-scale networks, was tied up by the attack. (CloudFlare is based in Palo Alto, Calif., but runs a global network.)

  • Weekly review of global news and ideas
  • Balanced, insightful and trustworthy
  • Subscribe in print or digital

Special Offer


Doing Good


What happens when ordinary people decide to pay it forward? Extraordinary change...

Danny Bent poses at the starting line of the Boston Marathon in Hopkinton, Mass.

After the Boston Marathon bombings, Danny Bent took on a cross-country challenge

The athlete-adventurer co-founded a relay run called One Run for Boston that started in Los Angeles and ended at the marathon finish line to raise funds for victims.

Become a fan! Follow us! Google+ YouTube See our feeds!