Internet 'bystanders' affected as massive cyberattack hits Spamhaus

The Internet is under the worst cyberattack ever, experts said Wednesday.

Spam-fighting organization Spamhaus is being targeted with a massive cyberattack that experts say may be the biggest in the history of the web. The so-called distributed denial of service attack, or DDoS, uses networks of computers to point huge volumes of web traffic at a company's server, a technique that invariably knocks their computers offline.

Picture trying to take a sip from Niagra Falls and you'll get the idea.


The DDoS attack being waged against Spamhaus has reached a previously unheard of magnitude, according to Patrick Gilmore, chief architect at digital content provider Akamai. Recent cyberattacks -- like the ones that caused persistent outages at U.S. banking sites late last year -- tend to peak at 100 billion bits per second. The attack on Spamhaus clocked in at 300 billion.

More On This...

“It's the largest publicly announced DDoS attack in the history of the Internet,” Gilmore said to the New York Times.

Even that tremendous number might not truly reflect the scope of the attack, however.

"It was likely quite a bit more, but at some point measurement systems can't keep up," said Matthew Prince, chief executive of security firm CloudFlare that was brought in to help Spamhaus weather the assault.

The massive cyberattack is apparently from groups angry at being blacklisted by the Geneva-based spam fighter -- and the digital assault is so great that Gilmore said the electronic onslaught was affecting others across the Internet.

Users could experience slower Internet or be subjected to unwanted emails, he said.

"If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why," Prince wrote in a blog post on his company's site.

A man who identified himself as Sven Olaf Kamphuis said he was in touch with the attackers and described them as mainly consisting of disgruntled Russian Internet service providers who had found themselves on Spamhaus' blacklists. There was no immediate way to verify his claim.

He accused the watchdog of arbitrarily blocking content that it did not like. Spamhaus has widely used and constantly updated blacklists of sites that send spam.

"They abuse their position not to stop spam but to exercise censorship without a court order," Kamphuis said.

Gilmore and Prince said the attack's perpetrators had taken advantage of weaknesses in the Internet's infrastructure to trick thousands of servers into routing a torrent of junk traffic to Spamhaus every second.

The trick, called "DNS reflection," works a little bit like mailing requests for information to thousands of different organizations with a target's return address written across the back of the envelopes. When all the organizations reply at once, they send a landslide of useless data to the unwitting addressee.

CloudFlare also reported that the attack was massive, possibly the biggest ever.

"We have been told by one major Tier 1 provider that they saw more than 300Gbps of attack traffic related to this attack," wrote Prince. "That would make this attack one of the largest ever reported."

In an interview, Spamhaus' Vincent Hanna said his site had been hit by such a crushing wave of denial-of-service attacks and that it was "a small miracle that we're still online."

Hanna said his group had been weathering such attacks since mid-March.

Gilmore of Akamai was dismissive of the claim that Spamhaus was biased.

"Spamhaus' reputation is sterling," he said.

The Associated Press contributed to this report.