Threat Wire 0019 – Cyberbunker vs Spamhaus: Biggest Cyber Attack Ever?

The Biggest Cyber Attack in History wreaks havoc on Internet Exchange Points

This week while so much is going on in the realm of privacy and cyber security I’d like to take a look at what’s on your mind with one of the stories posted to our Google+ community which reads “biggest cyber-attack in history”

CyberBunker – a Dutch web hosting company known for their tolerance for basically anything that isn’t terrorism or child pornography has come under fire from the Spamhaus Project.

CyberBunker – named from the Netherlands nuclear war bunker in which it resides – has had a controversial history. Previously it has hosted; the Russian Business Network, a cybercrime organization and alleged operator of the Storm botnet; and the Pirate Bay, who should need no introduction.

Spamhaus  – a London and Geneva based NGO – operates several block-lists from which other service providers can subscribe to thwart known spammers.

This month Spamhaus added CyberBunker to its blacklist and shortly afterwards suffered a massive Distributed Denial of Service attack, or DDoS. The attack, which basically overwhelms a server by saturating its connection or eating up all of its resources, is being called the biggest in history.

Peaking at 300 gigabits per second – three times larger than the previous record holder for a DDoS – the attack exploited a known vulnerability in the Spamhaus DNS servers. At time of recording the attack has lasted over a week and though Spamhaus is the target it is not without casualties.

Internet Exchange Points, or IXPs, have actually suffered a blow in this attack. The London Internet Exchange, or LINX, suffered a substantial outage on the 23rd with its traffic at peak time dropping from 1.5 Terabits to about half that. The network recovered after operators made configuration changes to handle the load.

IXPs connect tier 1 and 2 networks. “Tier 1” networks are the dozen or so major backbones which “peer” with one another to share data at no cost while the “tier 2” networks are the Internet Service Providers who purchase a large volume of bandwidth to sell to the downstream providers – in this case CyberBunker and Spamhaus.×894.png


The technique used in the DDoS attack is called DNS Amplification. This is where a single DNS query packet is sent to an open DNS server with the victims IP spoofed origin which results in the victim receiving an order of magnitude more packets in response.

CyberBunker claims it is currently engaged in a blackmail war with Spamhaus and at time of recording their site is offline.



Last week we asked how you feel the fight for privacy – legislation versus practical encryption. There’s no technological reason why every message couldn’t be encrypted, but security isn’t exactly convenient – and yet many are appalled by the privacy intrusions governments here and abroad seek. Is the solution on capitol hill or in your hands?

Our comment of the week comes from Malkhut Sefirah who writes:

The solution must come from both sides: encryption and legislation. I watch Hak5 and I can follow 10% of what you’re talking about. Compare that to my father. I asked him what browser he uses and he said “the one that comes with the computer.” What chance does he have? He’s smart, he was just educated in the age of slide rules. Putting the onus on the individual lets the government off the hook. You need a warrant to open a letter, how is reading an email allowed to be different under the law?

To answer your question – because it’s “on a computer” — Ooooooo! Insert rant on CFAA here.


This week I’d like to know your take on dealing with a DOS attack. Security researcher Dan Kaminsky is quoted as saying “You can’t stop a DNS flood by shutting down those servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them.” Do you agree? Let us know in the comments.



Remember you can find all the ways to subscribe at and get involved with our Google Plus Community – that’s where the conversation continues all week.


1 Comment

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>