We have had stories about the internet slowing down after largest ever cyberattack which was focussed mainly on London and the UK. These are being followed by stories that it was merely a spat between two peripheral organisations which did not affect the Internet as a whole (e.g. Gizmodo “That Internet War Apocalypse is a Lie“). The battle was “won” by Spamhaus and its allies (such as Cloudflare) when they took Cyberbunker and its allies (a grouping supposedly called Stophaus) off air (Bulletproof cyberbunker busted). Some articles attempt to analyse what what actually happened but so far the “lessons learned” appear confined to improving DNS security.
The cyberbattle between Spamhaus and Stophaus was not, however, the only fight going on. American Express was taken off air for two hours. There were similar attacks on other US banks – albeit the firepower deployed against Spamhaus was allegedly five times (i.e 300 gbps) that being deployed (60 gbps) against the banks that were being attacked at about the same time. That implies there was a lot at stake. I have seen no cover, however, of the firepower used to silence Cyberbunker.
Last week also saw the public announcement of the long overdue attempts to bring intra-UK intelligence sharing together with a Cyber Security Information Sharing Partnership and a Fusion Cell following on from the announcement of a Cybercrime Reduction Partnership Hopefully some of the contracts for work on cyber security skills will soon be signed so that we can move from words to action.
So how serious were last weeks cyberbattles and what are the likley consequences?
Did a consortium of five major law enforcement agencies and anonymous industry partners (with Google apparently willing to be named as one of them) square up under the banner of Cloudfare to do battle with a consortium of Cyberbunker customers (supposedly including the Russian Business Network) under the banner of Stophaus?
If so, are they going to follow through on their “victory” by using civil law (and tort) to begin the removal of not only Cyberbunker but the twenty or other, similar, operations which allegedly account for half the world’s spam and malware distribution?
Will they have the co-operation and support of the Chinese, Indians and/or Russians or was this actually a proxy fight as part of the Cool War, hence the attack on London and not New York or Fairfax County?
Will the UK’s new cyber-security partnership operations take a leading role – bearing in mind that the main attack last week was supposedly on London?
And did the Internet really slow down?
It depends who you ask. A couple of times last week I left my machine to make a cup of tea because I got tired of websites waiting to respond even though the line was supposedly running at over 70 mbps. Also at least one e-mail sent to me last monday has not arrived – perhaps hung on a security filter because of the topics being refered to.
Today my connection seems to be running ok … touch wood.