Search

Legendary Hacks #3: CyberBunker

Spamhaus, a victim of cyber-activism

What is a DDoS attack?

DDoS means Distributed Denial of Service. It refers to attacks against distributed networks.

This type of attack consists in sending numerous requests to the targeted web resource to reach its capacity and slow down or even block its operation. The objective is to flood the server with requests and overload it so that it can no longer respond and saturate.

Typically, DDoS attacks are used by cyber-activists to protest against an organization or website that does not share their views or disagree with their opinions.

Also, DDoS attacks are a means of pressure that hackers use against their victims to let them know their displeasure.

The Spamhaus organization

In March 2013, Spamhaus was the victim of a large-scale cyber-attack and more specifically DDoS attacks. An international association based in Geneva and created in 1998, Spamhaus is known for compiling blacklists of spam addresses to provide them to companies and filter these addresses. Thus, the organization has only one goal: to fight against spam that pollutes mailboxes with advertisements or false offers.

Once on the Spamhaus blacklist, the servers of the designated sites are mostly blocked, and their operation is limited.

Also, the cyber-attack would have started once the Dutch website CyberBunker, had just been blacklisted.

CyberBunker is located in Holland in a former NATO bunker from the Cold War. However, the host hosts well-known pirates such as The Pirate Bay, a world-renowned download platform. Moreover, CyberBunker is also capable of hosting spam platforms, hence its inclusion on the Spamhaus blacklist.

These attacks were first reported by Cloudflare, a computer security company, which came to help the organization control these attacks. The information was later relayed by the New York Times, making the case public. According to the American newspaper, which was the first to report this information, global internet traffic was slowed down between March 18 and March 26 due to massive denial of service attacks against Spamhaus.

A large-scale cyberattack qualified as “the largest publicly announced DDoS attack in the history of the internet” according to Patrick Gilmore, Head of Network Architecture at Akamai Technologies. According to him, these attacks generated by botnets have reached unprecedented speeds, up to 300 Gb/s. The European internet traffic would have been slowed down for a few days before returning to its normal pace.

A revenge attack

Retaliation plan

“A retaliation plan” is how these attacks were described. Cyberbunker is said to have attacked the nonprofit organization in revenge after being blacklisted by it.

Spamhaus, which fights against spam, is often criticized, especially for their methods considered too radical in attacking innocent sites.

The author of this attack, supporter of this thought, and member of “Stophaus”, a group created by a spammer, would thus be at the origin of the DDoS attacks.

Sven Olaf Kamphuis, the founder of Cyberbunker, later claimed that Stophaus had indeed federated the attacks and then other hackers took over and continued to attack their target.

Spamhaus, an organization criticized by spammers?

Spamhaus can indeed fear cyber-attacks since the organization is very criticized by spammers, who, once blacklisted, see their activity stop, and consequently their income disappears. Revenge thus becomes their only way to impose themselves and put pressure.

However, attacks have not always been their only means of making themselves heard. Propaganda on social networks with the main discourse “an attack on freedom of expression”, is a concept widely adopted by cyber-activists.

The creator of CyberBunker said in a statement to CNN, “They point to websites, they say they want to shut them down and they get them shut down without a court order. This is a much bigger threat to the internet, to free speech, and net neutrality than anything else.

StopHaus had subsequently taken this statement to their Twitter account in support. Only these criticisms were not enough and Stophaus went to a higher level by attacking Spamhaus via DDoS attacks. Overloading the network, European traffic was reportedly slowed down for a few days before the attack was brought under control.

Incident Response Hotline

Facing cyber incidents right now?

Contact our 24/7/365 world wide service incident response hotline.

CSIRT