How the massive cyberattack may have been overblown
Some media outlets labeled Wednesday's internet slowdown the 'biggest cyberattack in history,' but in reality the disruption went largely unnoticed by users. Still, incidents like these highlight the internet's fragility and may prompt necessary fixes.
(Page 3 of 3)
It listed a litany of complaints against the "tax-circumventing self-declared Internet terrorists" of Spamhaus, then added a variant of the Anonymous "We Are Legion" tagline.Skip to next paragraph
Subscribe Today to the Monitor
That posting may have been cover for the DDoS attacks that began the same day. In a statement to the New York Times, Sven Olaf Kamphuis, who claimed to speak for Cyberbunker, and whose Google+ page gives his residence as "Republic Cyberbunker," affirmed that the Dutch hosting company was behind the attacks.
"Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet," Kamphuis told the newspaper. "They worked themselves into that position by pretending to fight spam."
It's hard to see how such an attack can be legally justified. The Netherlands has famously lax laws governing the Internet and other digital communications, but odds are Cyberbunker will be facing another SWAT raid very soon.
Fixing a hole
For his blog posting, CloudFlare's Matthew Prince used the headline "The DDoS That Almost Broke the Internet." That's not entirely accurate, since the problems were rather localized.
However, the attack may prompt an overhaul of the DNS system. Prince and others have been vocal about the need to lock down most or all DNS servers so they no longer respond to lookup requests from anyone.
That move would go against the model of openness and accessibility that's guided the Internet for 40 years. The idea has always been that any Internet-connected device can reach any other using any path, and open DNS servers are essential to that model.
But the problem of DNS-amplified attacks has been growing exponentially in just the past few months.
The ongoing attacks against U.S. bank websites which began last September use the tactic, and have reached 100 Gbps at times.
If this week's unrelated attacks truly did hit 300 Gbps, the end to the open-DNS server model may be inevitable.
- House Bill Would Beef Up Controversial Hacking Law
- 10 Best Computer Protection Software Products
- 5 Social Media Stories You Shouldn't Believe