A major cyberattack against a European spam tracking company this past week appears to have originated from a gang of Russian hackers, The Wall Street Journal reported on Thursday.
Spamhaus, a Geneva-based spam tracking firm, had been the target of a massive distributed-denial-of-service attack, where at one point traffic flowing to the site reached levels of 300 Gbps.
Gbps, or Gigabits-per-second, is a rate at which data flows — a bit being the basic unit of information, and a Gbps 1,000,000,000 bits per second.
Those levels during the Spamhaus attack are three times the largest DDoS attack seen yet, according to ComputerWorld.
On Thursday, Alexander Lyamin of Russian cybersecurity firm Highload Labs told The Wall Street Journal that he believes “the same group who have caused trouble around the world with their attack against the non-profit Spamhaus Project Ltd. had earlier launched a series of brief strikes on several top Russian Internet companies as a trial run of their weapon known as a Domain Name System amplification attack.”
“We first noticed incidents utilizing this technique a month-and-a-half ago in Russia. It started with a measly 10-20 gigabytes per second, but during the next month it grew to 60 and then 120 gigabytes. Apparently the attackers were growing their network of hacked servers,” Lyamin told The Wall Street Journal.
A Wednesday piece by The New York Times attributed the attack to CyberBunker, a Dutch web hosting firm known for its almost-anything-goes hosting policy. CyberBunker has past ties to Russian organized crime and The Pirate Bay.
On a page answering questions about the event, Spamhaus said that even though numerous people have come forward to claim credit for the attack, it was “not possible” to say who was really involved with attack.
CyberBunker’s website was knocked offline Thursday morning after claiming to have engaged in a week-long cyber attack against the UK firm Spamhaus.
The attacks on Spamhaus illustrate a larger problem with the vulnerability of systems fundamental to the architecture of the Internet: the Domain Name Servers (DNS).
The DNS translates human-readable domain names, like dailycaller.com, into IP addresses that computers read. The system’s original design was made without security in mind, making it vulnerable to attack.
Rob Morton, spokesman for Internet content delivery network Akamai, told The Daily Caller that while the attack didn’t affect their network, the type of attack against Spamhaus was strong enough to create “collateral damage” to other Internet services.
This was also the consensus of Cloudflare, the DDoS mitigation service contracted by Spamhaus to fend off the attack, that the attack exposed a fundamental weakness at the heart of the Internet regarding the DNS
“Unlike traditional botnets, which could only generate limited traffic because of the modest Internet connections and home PCs they typically run on, these open resolvers are typically running on big servers with fat pipes,” Matthew Prince, CEO and co-founder of CloudFlare, wrote in a company blog post Wednesday.
“They are like bazookas and the events of the last week have shown the damage they can cause,” said Prince.
“What’s troubling is that, compared with what is possible, this attack may prove to be relatively modest,” he said.