- The Washington Times - Wednesday, March 27, 2013

A cyberattack against an anti-spam email organization might be the most massive in the history of the Internet and has slowed Web traffic across the globe, technical specialists said Wednesday.

The huge scale of the assaults against Spamhaus, a non-profit that works with email and Internet providers and law enforcement to help fight spam — more correctly known as unsolicited commercial email — has noticeably slowed Internet access, especially in Europe where the attacks originate.

“Over the last few days, as these attacks have increased, we’ve seen congestion … primarily in Europe where most of the attacks were concentrated, that would have affected hundreds of millions of people,” said Matthew Prince, CEO and co-founder of security firm Cloudflare, which is working with Spamhaus to mitigate the assault.

The attack uses one of the oldest and in some ways most basic cyberattack techniques, known as Distributed Denial of Service, or DDoS.

In a DDoS attack, the target website is bombarded with millions of pieces of fake Internet traffic, often by networks of personal computers that unbeknownst to their innocent owners have become infected and enslaved — zombie soldiers in a computer army.

DDoS attacks knock websites offline because the computer servers that host them cannot cope with all the additional traffic and genuine users cannot get through.

But if the amount of traffic becomes too large, it can start to impact websites that are not being targeted, just because the networks people use to visit them may become overwhelmed with all the fake traffic heading for the targeted site.

On his company blog, Mr. Prince said the attack, which began last week, had in recent days reached a peak volume of 300 gigabytes per second. By comparison, an hour long standard definition online video might be a single gigabyte in size. 

Arbor Networks, another security firm that tracks Internet traffic said on its Twitter feed that this volume would make it three times the size of the largest DDoS attack ever previously reported.   

“The challenge with attacks at this scale is they risk overwhelming the systems that link together the Internet itself,” said Mr. Prince.

Five national police forces are investigating the attacks, reported the BBC, without naming them.

The attacks began after Spamhaus, based in both London and Geneva, blacklisted a Dutch-based libertarian anonymous Internet provider called Cyberbunker.

As part of its work to combat spam email, Spamhaus maintains lists of Internet service, address and email providers whose customers are known spammers.

Spamhaus’ clients, the email or web service providers it works with, can then block traffic from these blacklisted addresses, preventing spam email reaching their customers.  

Cyberbunker publicly states that it will provide hosting services to anyone — with the exception of child pornographers or terrorists — and Spamhaus listed them because spammers were using their services, according to the group.

The New York Times reported Wednesday that a Cyberbunker spokesman said the company was orchestrating the attacks to punish Spamhaus for “abusing [its] power.”

The non-profit should not be allowed to decide “what goes and does not go on the internet,” he told the paper.

Spamhaus has said Cyberbunker and Russian gangs of criminal spammers are behind the attack.

Cyberbunker did not return an email message requesting comment.