How the massive cyberattack may have been overblown
Some media outlets labeled Wednesday's internet slowdown the 'biggest cyberattack in history,' but in reality the disruption went largely unnoticed by users. Still, incidents like these highlight the internet's fragility and may prompt necessary fixes.
(Page 2 of 3)
DNS servers are essentially the phone books of the Internet. Every Internet-connected device, from your computer to your smartphone, uses them to match a website address that humans use, such as "www.technewsdaily.com," with an Internet Protocol address that computers and routers use, such as "184.108.40.206."Skip to next paragraph
Subscribe Today to the Monitor
DNS servers are essential, yet many remain "open," which means they will accept lookup requests from anyone, not just their specified clients.
Attackers make lookup requests using the IP addresses of their targets, then request tons of information, which ends up flooding the targeted servers with huge amounts of DNS information.
Did two wrongs make a bigger wrong?
Spamhaus, a group of related companies based in London and Geneva, was started in 1998 to track and combat email spam and spammers. It maintains a blacklist of Web-hosting companies known to host spammers, and a whitelist of known "clean" Web hosts.
Both lists are used by Internet service providers around the world, and Spamhaus is partly responsible for the huge drop in email spam in recent years.
Some Web-hosting companies have complained they've been unfairly placed on the Spamhaus blacklist. Spammers have launched DDoS attacks against Spamhaus' website and servers. (There's even a "Stophaus" website based in Russia and dedicated to combating what it calls Spamhaus' "underhanded extortion tactics.")
It appears Cyberbunker has both complained and attacked.
Cyberbunker bases its operations in a decommissioned NATO bunker, built to withstand a nuclear war, in the southern Netherlands. The company was founded in 1998 by a group of hackers who proclaimed the "Republic of Cyberbunker," a sovereign state "surrounded by the Netherlands on all borders."
The company pledges not to ask questions about what its clients are up to.
"In most cases we have no idea as to who or where our customers actually are," the Cyberbunker site proclaims. "Customers are allowed to host any content they like, except child porn and anything related to terrorism. Everything else is fine."
Such a policy has attracted some unsavory clients, including the file-sharing site The Pirate Bay, and, according to Spamhaus, the cybercrime gang known as the Russian Business Network. Cyberbunker also claims to have been raided by a Dutch police SWAT team, which apparently found nothing incriminating on the premises.
It was Cyberbunker's alleged hosting of spammers that caused Spamhaus to place both Cyberbunker and its ISP on the Spamhaus blacklist in the fall of 2011.
As a result, Cyberbunker's ISP dropped it as a client, but both the ISP and Cyberbunker posted long manifestos about why Spamhaus was evil.
The issue seems to have lain dormant until March 18, when a false Anonymous campaign called "Operation Stophaus" was proclaimed on the online bulletin board Pastebin.