Activists unleash biggest DDoS cyber attack to date

Activists unleash a distributed denial-of-service (DDoS) attack in support of a web hosting firm, Cyberbunker, blacklisted by an anti-spam website

Activists have unleashed the biggest distributed denial-of-service (DDoS) attack to date in support of web hosting company Cyberbunker, after it was blacklisted by anti-spam website Spamhaus.

DDoS attacks typically flood the intended target with large amounts of network traffic in an attempt to render it unreachable.

A group calling itself STOPhaus – an alliance of hactivists and cyber criminals – is believed to responsible for bombarding Spamhaus with up to 300Gbps.

Steve Linford, chief executive for Spamhaus, told the BBC that his organisation had been fighting off the attacks for more than a week, but engineers had managed to keep Spamhaus services going.

The row erupted after Spamhaus blocked servers maintained by Cyberbunker, which has in turn accused the non-profit content filtering organisation of “abusing its influence” as a self-appointed censor.

Largest DDoS attack to date

Researchers at security firm Kaspersky Lab confirmed that the DDoS attack on Spamhaus is one of the largest to date, and warned that such attacks may affect unrelated web services.

Until now, the largest DDoS attacks have been around the 100Gbps mark, according to Arbor Networks.

Video streaming service Netflix is said to be among the services that have been affected, but according to thinkbroadband’s latest speed tests there has been no major slowdown at UK internet providers.

Although some parts of the internet and services may be having problems, it is not a major meltdown or logjam, the internet speed testing group said.

However, the DDoS attacks have raised concerns that further escalations of the retaliatory attacks could affect banking and email systems.

Such attacks could affect intermediate network nodes as they pass through, causing some web-based services to slow down or become unavailable, said the Kaspersky Lab researchers.

A group calling itself STOPhaus is believed to responsible for bombarding Spamhaus with up to 300Gbps

Attacks highlight internet vulnerability

The attacks on Spamhaus have highlighted inherent weaknesses in the crucial domain name system (DNS) that underpins the internet.

Experts have been warning for some time that flooding the DNS with traffic could bring down the internet by making it inaccessible to users.

According to Spamhaus’s Steve Linford, few organisations would be able to withstand the magnitude of DDoS attacks that have been unleashed by Cyberbunker’s supporters in the past week.

He said Spamhaus, based in London and Geneva, had been able to cope because it has highly distributed infrastructure in a number of countries and it is supported by some of the world's largest internet companies, which rely on it to filter unwanted material.

Rapid rise of DDoS attacks

Raj Samani, chief technology officer for Europe at security firm McAfee, said that while DDoS attacks are not new, there has been an increase in both volume and sophistication of these attacks, stemming from all parts of the world.

“Due to the connected nature of digital citizens, a dispute between key parties will impact everyone, from consumers to SMEs to large enterprises. Security will need to evolve so that there is more cooperation between businesses, governments and individuals to ensure attacks like these are minimised,” he said.

Researchers at Kaspersky Lab warned that attacks of this type are growing in terms of quantity, as well as scale, mainly due to the development of the internet itself in terms of network capacity and computing power, and past failures in investigating and prosecuting individuals behind past attacks.

DDoS attacks, they said, are typically carried out to extort money from targeted organisations or as a weapon to disrupt organisations or companies in pursuit of ideological, political or personal interests.

Flooding the DNS with traffic could bring down the internet by making it inaccessible to users

Bigger threats looming

Joakim Sundberg, solutions architect at security firm F5, said the Spamhaus attack is a demonstration of the kind of DDoS attack he has been expecting for some time.

With the crackdown on botnets by law enforcement organisations, hacktivists and other cyber criminals are finding new ways in which to amplify their attacks, he said.

While the Spamhaus attack is the largest to date, Sundberg predicted it could be seen as relatively small by the end of the year.

He also warned that DDoS attacks are often just a smoke screen for a more sophisticated attack that can potentially cost the company even more money.

“IT professionals need to be prepared to respond to other threats while a DDoS attack is underway. For businesses, it's important to know that there are things we can do to protect the internet infrastructure and also services,” he said.

“People running open DNS resolvers will need to start filtering requests, and companies under attack should filter DNS responses which will allow legitimate responses to be delivered and stop DNS reflection attack responses in their tracks,” said Sundberg.

Image: Thinkstock

Read more on Hackers and cybercrime prevention