According to an early report from the BBC, the Internet slowed down considerably across the world after a massive distributed denial of service (DDoS) attack was launched. The BBC writes that experts are calling the attach the "biggest Internet attack in history." Apparently, the cyber-attack is still going on. But what do we know about the biggest cyber-attack we've ever experienced? Here's what you need to know.
This story is developing, so stay tuned for more updates.
1. What is a DDoS attack?
A DDoS attack is the preferred method of attack for most Internet hackers. A DDoS attack essentially fills a website with fake traffic, so much so that the site won't be accessible for users who simply want to use the website. Essentially, a DDoS attack is the same as a traffic jam; there will be so much traffic that the "highway" will be packed, bumper to bumper.
However, the New York Times writes that this attack is unique because it takes advantage of the Domain Name System, or DNS, of the Internet, which is essentially the core infrastructure that supports the Internet. Websites like Facebook and Google all use DNS and the system operates as a "telephone switchboard for the Internet," turning addresses like Facebook.com and Google.com into code. Matthew Prince, CEO of CloudFlare, a company helping Spamhaus, said that “These things are essentially like nuclear bombs...It’s so easy to cause so much damage.”
The attack is classified as a "DNS Flood," which is a more advanced version of a DDoS attack, which has shut down the critical infrastructure of many companies, including Goldman Sachs.
2. Who is Involved In The Attack?
The DDoS attack is targeting a group called Spamhaus. Spamhaus is a non-profit group originating from London and Geneva and is a reputable company that works with email providers to filter spam and other unwanted content into your inbox. A group called Cyberbunker is apparently spearheading the attack, according to a Spamhaus spokesperson who spoke to the BBC. Spamhaus says the group is working with Russian and Eastern European crime syndicates as well.
Spamhaus initially blacklisted Cyberbuster, which classified them as a company that send spam to email accounts. Cyberbunker, named after the five-story former NATO building they occupy, didn't take too kindly to the blacklisting, and began attacking Spamhaus on March 19th. The attack has grown exponentially, and the 300 Gb/second attack is the largest publicly reported DDoS attack in the Internet's history. Cyberbunker feels slighted because they don't think that Spamhaus is qualified to censor the Internet.
“Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,” Sven Olaf Kamphuis, an Internet activist and apparently the spokesperson for the attackers, said. “They worked themselves into that position by pretending to fight spam.”
3. What has been Affected?
It's hard to say, since most of us are just finding out about the attack. According to the New York Times, popular services like Netflix have already been slowed down in recent days, and the Internet globally has slowed down as well. The Times reported that the attack seems to be growing even more, and hypothesized that, if the attack continues, simple Internet services like e-mail and online banking may be halted.
It's unknown which companies or email services Spamhaus works with, but with early reports are indicating that the attack will affect the Internet across the world, we can expect the attack to become more powerful. We've reached out to Spamhaus to see how, if at all, this attack will impact average Internet users, so stay tuned.
As one of the biggest email providers, it's unknown if Gmail has been affected by the Cyberbunker DNS flood. We've reached out to Google to for a comment and we'll update this post when they do.
4. How "Massive" is the Attack?
Pretty massive. According to Business Insider, a DDoS attack of 50 gigabites per second is enough to take out a large bank or company — like Goldman Sachs or Apple, hypothetically. Spamhaus reported that the DDoS attack against them is registering at 300 gigabites per second. The only reason Spamhaus has been able to survive this attack is because the way the infrastructure is distributed helps alleviate the pressure of the DDoS attack. The attack has already affected services like Netflix, and is only growing exponentially.
5. Why Hasn't The Attack Been Stopped Yet?
It's difficult to say why the attack from Cyberbunker hasn't been stopped yet. Spamhaus is working with a company called CloudFlare to help defend themselves against the attack. A DNS flood is very difficult to stop. The problem with a DNS flood is that it forces servers around the world to send massive amounts of data to its victims. The only way to shut down the attack would be to shut down the servers, which would in turn shut down the Internet. Dan Kaminsky, a researcher who pointed out the security flaws in Domain Name Servers, said to the New York Times, "You can’t stop a DNS flood by shutting down those servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them." However, those efforts have failed, apparently. The company alleged on it's website that a Dutch SWAT team attempted to enter their bunker, and Cyberbunker fended off the attack.