Massive cyberattack slows Internet in Europe

March 27, 2013

A fight between two European companies has significantly slowed the Internet, making it difficult for millions to access Web services such as Netflix, the BBC reported.

According to the report, a Dutch hosting site called Cyberbunker is perpetuating an enormous denial-of-service attack against the anti-spam group Spamhaus. The attack — which is disrupting Spamhaus’s services by flooding the company with traffic — has apparently begun to affect the performance of unrelated services. A look at Akamai’s snapshot of world’s Web traffic shows congestion is up significantly in Western Europe and Britain, where the real-time Web monitor is picking up a nearly 10 percent increase in traffic.

Spamhaus, which distributes lists of spammers to security firms and others around the world, revealed that it was being targeted last week with a massive attack, which appears to be in retaliation for putting Cyberbunker on its list of bad actors. Cyberbunker is what’s known as a bulletproof host, meaning that the company will willingly host nearly any type of file, regardless of whether the content is strictly legal or not. The company has said, however, that it refuses to host child pornography or “anything related to terrorism.” Still, the company’s activities earned it a spot on Spamhaus’s blacklist, prompting the retaliatory attack.

In a statement to The New York Times, an activist who said he was speaking for the attackers, Sven Olaf Kamphuis, said Spamhaus became a target because they were “abusing their influence.”

What makes this attack so notable is that hackers targeted Domain Name System servers. The Domain Name System, DNS, is like a telephone directory for the Internet, directing users around the Web by translating the everyday Web addresses you type into your computer into numbers that machines can read to direct you to the right place. By targeting these servers — which are vital for the Internet’s operation — the attackers were able to greatly amplify their attack and generate far more traffic than in a normal denial-of-service attack.

It’s a type of attack that security researchers have been dreading, said Chester Wisniewski, an expert at the security firm Sophos, which subscribes to Spamhaus’s services.

“I’ve been waiting for this moment,” Wisniewski said. “It’s not difficult to do [an attack like] this, we just hadn’t seen one before.”

The problem, he said, is that many DNS servers aren’t set up correctly, making them vulnerable to being used in these kinds of attacks. The security community has been working to get these servers configured in a way that keeps them from being used in these large-scale attacks, but it’s been a slow road, as fixing the problem requires dealing with a lot of system administrators and Internet service providers.

Wisniewski said that he expects there will be more attacks like this in the future, and that the traffic generated by these attacks could affect a larger portion of the world’s Web traffic.

“We are likely to see it again,” he said. “The only way to deal with it is wrangle all those system administrators out there to make sure that their systems are properly configured.”

Related stories:

More companies reporting cybersecurity incidents

U.S. cybersecurity policy draws interest from companies, lobbyists

Ideas@Innovations: Bill Gates on cybersecurity — ‘It’s wonderful that more attention is going into that’

Sign up today to receive #thecircuit, a daily roundup of the latest tech policy news from Washington and how it is shaping business, entertainment and science.

Hayley Tsukayama covers consumer technology for The Washington Post.
Comments
Show Comments
Most Read Business