There's a war going on right now, and it's getting messy. A dispute between Spamhouse, a spam policing service, and Cyberbunker, a group that's hosting spam, has escalated from finger-pointing to become the largest distributed denial of service (DDoS) attack the world has ever seen. It's three times as powerful as the attack that previously held the title and roughly six times the strength required to break into a bank's website. Cyber security experts equate the strength of the assault to someone dropping a nuclear bomb on the Internet itself. And the worst part of it all? It's everywhere, all around the world, and nobody knows how to stop it.
Don't worry. Your Netflix account slowing down is pretty much the worst thing that can happen at this point in time. (Update: Gizmodo's Sam Biddle has it on good authority that the attack isn't affecting people in the United States at all and suggests it's actually a very successful viral marketing campaign. Among other debunking claims, Biddle says, "There are zero credible reports, whatsoever, that Netflix went down.") However, if the hackers behind the battle royale switch from nukes to, erm, whatever weapon is more powerful than a nuke, there's a chance the attack could affect email service and the financial sector. Steve Linford, chief executive for Spamhaus, assigned some numbers to that scenario in an interview with the BBC on Wednesday. "If you aimed this at Downing Street they would be down instantly, they would be completely off the internet," Linford said. "These attacks are peaking at 300 gb/s (gigabits per second). Normally when there are attacks against major banks, we're talking about 50 gb/s."
Before getting into the big picture what-does-it-mean aspects of this potentially very scary story, let's just take a second to review the dispute that caused all this chaos. The row is so silly that it's hard to tell if we should take it seriously or write it off as another hacker pissing match that got out of hand. In effect, it's just one group of cyber vigilantes protesting against what they view to be an oppressive Internet police force.
Essentially, Spamhaus hosts 80 servers around the world that help email providers spot and eradicate spam. The non-profit is doing the world a good service, and it would like to keep doing that. Spamhaus idenified and blocked servers owned by Cyberbunker, a Dutch organization that promises to host, in its own words, any website "except child porn and anything related to terrorism." Cyberbunker did not like this, so they aimed their DDoS cannon at Spamhaus's servers and lit the fuse.
The intial attack seems to have set off a chain reaction, much like the inner workings of a nuclear bomb. As Spamhaus's servers endured the attack, CyberBunker took aim at the Domain Name System (DNS), the Internet's switchboard. By targeting the machines that translate domain names to strings of numbers that computers understand, Cyberbunker successfully enlisted millions of computers in Spamhaus's network to sling packets of data at the non-profit's servers. Still, Spamhaus says it remains online, while Cyberbunker and friends continue the assault.
There doesn't appear to be any permanent damage so far. Though the attack could get worse, there are currently five national cyber security forces working on the case. Because the DDoS attack has taken the form of a DNS flood, they can't simply shut down the servers, since DNS servers need to stay on for the Internet to work. So it looks like they're going to have to physically break into the Cyberbunker's headquarters, which is literally an old NATO bunker in the Netherlands, to stop the attack.
This is CyberBunker's actual bunker. Apparently, Dutch police have tried and failed to storm it five times.
In the meantime, this world's largest cyber attack opens the door to some pretty good thought exercises about the state of the DDoS attack. Hackers have recently been pushing the message that a DDoS attack is essentially the same thing as a sit-in: assembling a large crowd to block a space in the name of good old fashioned activism. One could almost say that Cyberbunker's current attack is really kind of like an Occupy protest against what some believe to be oppressive Internet regulators. Almost.
There's big difference between a sit-in at a bank and a cyber attack that cripples the entire Internet. Because most Internet users don't really understand how or why these attacks happen — they just get pissed off that Netflix keeps freezing — we doubt Cyberbunker is going to drum up the support it needs to justify this attack. Let's all just hope they don't turn to a more destructive form of hacking to catch the world's attention.
Images via Akamai / Wikimedia