Spamhaus, which distributes lists of spammers to security firms and others around the world, revealed that it was being targeted last week with a massive attack, which appears to be in retaliation for putting Cyberbunker on its list of bad actors. Cyberbunker is what’s known as a bulletproof host, meaning that the company will willingly host nearly any type of file, regardless of whether the content is strictly legal or not. The company has said, however, that it refuses to host child pornography or “anything related to terrorism.” Still, the company’s activities earned it a spot on Spamhaus’s blacklist, prompting the retaliatory attack.
In a statement to The New York Times, an activist who said he was speaking for the attackers, Sven Olaf Kamphuis, said Spamhaus became a target because they were “abusing their influence.”
What makes this attack so notable is that hackers targeted Domain Name System servers. The Domain Name System, DNS, is like a telephone directory for the Internet, directing users around the Web by translating the everyday Web addresses you type into your computer into numbers that machines can read to direct you to the right place. By targeting these servers — which are vital for the Internet’s operation — the attackers were able to greatly amplify their attack and generate far more traffic than in a normal denial-of-service attack.
It’s a type of attack that security researchers have been dreading, said Chester Wisniewski, an expert at the security firm Sophos, which subscribes to Spamhaus’s services.
“I’ve been waiting for this moment,” Wisniewski said. “It’s not difficult to do [an attack like] this, we just hadn’t seen one before.”
The problem, he said, is that many DNS servers aren’t set up correctly, making them vulnerable to being used in these kinds of attacks. The security community has been working to get these servers configured in a way that keeps them from being used in these large-scale attacks, but it’s been a slow road, as fixing the problem requires dealing with a lot of system administrators and Internet service providers.
Wisniewski said that he expects there will be more attacks like this in the future, and that the traffic generated by these attacks could affect a larger portion of the world’s Web traffic.
“We are likely to see it again,” he said. “The only way to deal with it is wrangle all those system administrators out there to make sure that their systems are properly configured.”