It is sometimes hard to yawn when it comes to cyber catastrophes and predictions of global internet meltdown, but the latest round of clashes in the global internet backyard has some experts worried. This is exactly what has been happening for a week, with London and Geneva based Spamhaus waging a battle against a DDoS (distributed denial of service) attack from Dutch hosting company Cyberbunker.
It seems so childish, which is what you expect when you start surrendering conventional battlegrounds to adolescents. With names like Spamhaus and Cyberbunker, the teenagers are running riot with their lingo and their barely pubescent attitudes riddled with angst and acne.
Victims in the battle – a term to be used advisedly – have included Netflix and an assortment of other famed websites, though one can’t help but get the feeling that there is much in the way of gong, and little in the way of dinner here. What seems to be happening is a gang land battle between computer nerds rather than any meaningful confrontation.
Suggestively, Spamhaus makes its business battling those naughty unwanted messages that make their curving way into an email account. The way it does so is through blacklisting servers it believes are responsible for the heinous activity, meaning that you will be free from such emails as, “Mr Wong has a business offer for you.” Blacklisting does come at a price, as it might involve cutting another company’s grass.
Some companies responsible for hosting servers do take offence, which is exactly what Cyberbunker did when it made it to Spamhaus’s naughty list. It would seem that the sin of Cyberbunker was its libertarian approach to hosting websites, more or less everything bar terrorism-related activities and child pornography.
The opening shots were then fired, with Spamhaus being attacked by a DDoS comprising a heavy 300 gigabits per second, a staggering amount when one considers it is three times that needed to take down government sites. Similar attacks against bank sites tend to be in the order of 50 Gbps. According to Cyberbunker’s Sven Olaf Kamphuis, Spamhaus had become something of a self-appointed dictator in cyberspace, a moral policeman determining “what goes and does not go on the internet.”
Computer analysts have been keen to see the fall out from this cyber skirmish as something of considerable magnitude. According to Arbor Networks, a firm that earns its bread with protective programs against DDoS attacks, it was one of the biggest attacks on record. “The largest DDoS attack that we have witnessed prior to this was in 2010 which was 100 Gbps,” claimed the company’s director of security research Dan Holden (BBC, Mar 28).
The response from such news outlets as the BBC was dramatic. “Global internet slows after ‘biggest attack in history,’” seemed melodramatic, but it was based on the accounts of specialists keen to impress audiences about gloomy prospects. Professor Alan Woodward of University of Surrey was happy to add to the image of global internet paralysis. “If you imagine [the internet] as a motorway, attacks try and put enough traffic on there to clog on and off ramps.” In this case, the traffic was so heavy, jams were likely.
Oddly enough, the portents of calamity have barely been registered by users and consumers of the internet. Hardly anyone has actually noticed a more than usual sluggishness in services, and organisations monitoring the state of the internet found “zero evidence of this Dutch conflict spilling over into our online backyards” (The Guardian, Mar 28).
A more traditional approach, as reported in the Washington Post (Mar 28) would be to sever the internet cables altogether, an attempt of which was recently made by divers against Telecom Egypt.
Spamhaus claims that the attacks have been contained, and it has supporters from numerous large companies (Google, for one) that have an interest in spam filters. The “slowing” has, for that reason, been far from noticeable. This would suggest that organisations like Spamhaus can withstand major attacks, while many governments and banks are incapable of doing the same, at least for now.
A redistribution of power has taken place before our very noses (and mouses), and the cyber teams in the employ of the state should start taking note. The question here is what they should be guarding against. This, according to Joseph Farah’s G2 Bulletin, is already being done in the US. General Keith Alexander, head of Cyber Command at the Pentagon, claims that 100 cyber teams are at work defending mainly military networks.
Even given this cautionary note, when the proof comes out of this overdone pudding, we might find that this entire episode had less to do with cyber disruption than public relations. One can, at least for the moment, place orders via Amazon with comfort.