The biggest cyberattack in Internet history has gotten tons of coverage from major reputable sources, but the details remain murky. According to initial reports, a spat between Cyberbunker, an internet service provider, and Spamhaus, an organization that searches for sources of email spamming, led to a cyberattack of a massive scale — almost 300 gigabits per second, which is six times the highest recorded DDoS cyberattack. Who exactly is behind the attacks against Spamhaus and why do cyber-activists feel so slighted by the seemingly-reputable company? We spoke to Sven Olaf Kamphuis, the spokesperson for Cyberbunker and offshoot group Stophaus, about everything from his personal beliefs to the reasons for the attack and who was behind it.
Ian Kar: Let's start with something basic. Where were you born and where are you living now?
Sven Olaf Kamphuis: (Laughs) Who do you work for?
I: Oh, I'm sorry I didn't realize. If you don't want to answer that, it's fine.
S: No, no, it's fine. I was born in the Netherlands.
I: How did you get involved in Internet activism and Cyberbunker?
S: Well, back in 1996, both Cyberbunker and my company started, and we started doing security checks for Cyberbunker in 1998. In '99, we merged our internet activities, meaning our company started to sell on the same network as ours. Basically, we do the networking stuff and Cyberbunker does the building, and we kinda merged in that sort of way.
I: Can you set the record straight about which organization is targeting Spamhaus?
S: Yeah I've read your article, you're from Heavy.com, right?
S: Yeah, "The Biggest Internet Attack Ever..." The people targeting Spamhaus is a group called Stophaus.
I: How are you affiliated with Stophaus?
S: Stophaus is a group of people that found themselves because they were all targeted by Spamhaus and blackmailed by Spamhaus in the past. Basically, one guy called on other people through chat and I notified a few customers that were targeted in the past. And basically then a forum was started, where we started to gather intel on Spamhaus and their entire off-shore Christmas tree of companies and how they operate and we made a database. Actually, the Russians already mirrored a database we used so we integrated that.
I: So are you the spokesperson for Stophaus?
I: There's been a lot of speculation about the largest cyberattack in history, but not many facts. Could you give us a background on Stophaus and Spamhaus and how it developed into a massive cyberattack?
S: Well, basically, a few people from the Stophaus group had a common agenda and think for themselves and have they all have their own interests, and they decided it was a very good idea to take down Spamhaus. And they did. Fine. (Laughs). We fully agree with that, although we couldn't do that ourselves. Well, technically we can, but we couldn't, but it'd be a little difficult. Diplomatically, it would cause a lot of trouble.
I: So the people who are attacking Spamhaus aren't affiliated with Cyberbunker.
S: They are not affiliated with Cyberbunker, no.
I: They are their own separate group.
S: They're not a separate group, they're members of our group, but they do this effort on their own and on their own account. We're all trying to destroy Spamhaus, not in the same way, but yes we're all trying to destroy Spamhaus.
I: I saw a rumor online that you were the owner of Cyberbunker. Is that true?
S: Our entire foundation...no one in Cyberbunker and no one in any Cyberbunker affiliates has any personal, direct, property in such things to avoid certain issues.
I: What do you think about Cloudflare's involvement in the DDoS attack and their support of Spamhaus?
S: Cloudflare seems to support Spamhaus in recurrent for Spamhaus removing their listings. A week before that, Spamhaus was claiming that Cloudflare was a spam-supporting ISP [Internet Service Provider].
I: So it's a form of blackmail and exploitation, correct?
S: Yeah, I mean Cloudflare may not admit that because they tried to make a stand by taking them on as a client. Basically, Cloudflare positioned itself in the middle of an ongoing attack, tried to make a PR stand, and it like backfired when their network was not as good as they thought it was...when the attack was a bit larger than they thought it would be. And then it started to impact their other clients, at which point they should have just decided to no root Spamhaus or just take it off the network.
I: Why do you think they didn't?
S: I don't know why they didn't. It'd be the normal step to do. You can try to host attack targets, and there would be no problem with that, unless the attack is larger than your capacity to handle it, at which point you're supposed to make sure it doesn't impact your other clients.
I: Do you think it was arrogance, or stubbornness, or what?
S: I think it's stubbornness. Or, some other motivation. Maybe their being motivated in another way. I don't know...personal interests. No idea. Maybe they didn't want to be called a spam-supporting ISP anymore by Spamhaus. Could be one reason (laughs).
Think your friends should know about the man behind the biggest cyberattack ever? Share this article!Share on Facebook Twitter Google+ Email
I: How do you feel about Spamhaus? Reports say that they're a reputable company, but others say that their crusade is sometimes personal.
S: Yeah well, they basically operate clearly in the criminal field. They spread slander about everyone, they call everyone criminals without court documents whatsoever, they call anyone "spammers" that has never sent out email and doesn't even use that old junk, you know? I don't even have email and they call me a spammer (laughs). The entire protocol should just die and be replaced by something like Skype, but a bit more open-source [Author's note: We used Skype to conduct our interview].
Having a friend list basically solves the spam issue, Steve Linford. I never get spam in Skype! There's not a Nigerian guy asking me for money on Skype! (laughs).
They solved this [email spamming] 12 years ago, when they invented Skype and Facebook and Java and ICQ.
I: There are some spam issues with Facebook and stuff like that though.
S: Yeah and then they're instantly resolved by just changing Facebook itself, something that they have not done with SMTP since 1964.
I: You're not a fan of SMTP at all.
S: No. And actually, I don't think any...Spamhaus keeps claiming that there are millions and millions and millions and millions of euros in the spamming market, in e-marketing, which is absolutely not the case. No one in the world still reads their f*cking email, you know? That was hot in the 1990's and Steve Linford is a man thats stuck in the 1990's. He is communicating in a little Usenet group with his little cronies, the net abuse, the net email Usenet group. That is something that dates back to the 70's or something. And he still thinks that is current use of the Internet and if he posts something there, other people will actually read it. No Steve, no one goes there. Just you and your friends. And no one gives a crap about SMTP, not even the spammers. I mean, ISP's have better things to do. Email is not the Internet. The Internet has moved on. And yet he [Steve Linford] keeps calling everyone a spammer, and if they do not take him seriously, he calls them a criminal, and if you don't take him seriously on that one, then he calls you a Russian, which is even worst than a criminal apparently (laughs).
I: What do you think about the allegations that Spamhaus is blackmailing and exploiting these companies?
S: Yeah well they are blackmailing these companies, you know? As far as Spamhaus, as far as their argument goes, they say "We are a spam fighting club of volunteers that protect the Internet against spam and people can choose to use our services." Right? This argument doesn't go in a number of scenarios. A) When ISP decide to use their [Spamhaus'] list for all of their end users. At which point the end users definitely did not choose to have their emails filtered according to Spamhaus' standards. B) When Spamhaus lists any other IP that is not directly sending out spam to their list. I mean if their entire network of ISP or if they add IP addresses which have websites on them which have been mentioned in emails sent from other networks about which you cannot do anything, but if they mentioned Google in the spam mail. At this point, it become blackmail because it starts to impact other customers of the ISP besides the one that was actually sending out spam. At the moment, I list an IP address that actually was sending out spam. At that point, people that choose to use their service can no longer receive email from that IP. Case closed with any other DNS blacklist. Not with Spamhaus. Spamhaus insists that you illegally breach the contract with that client, and if you do not do so, based on hardly any evidence at all in most cases, usually its just Spamhaus shouting something really vague, then Spamhause starts to work to disconnect your entire ISP from the Internet.
I: So they shut down an entire company from the Internet, essentially.
S: Yeah, which is what they did with ours, but we fixed that, but we won't be happy until Spamhaus is gone. Spamhaus is the biggest DDoS attack in the world.
I: Spamhaus itself?
S: Yes. They aren't the target, they are the DDoS attack, this is what they do. They try to dictate through the Internet. Their definition of what should and should not go on the Internet is not just for the users of their [spam] lists, but for everyone. And that is just not going to fly, of course. It's been going on for 10 years and people have had enough of them and basically, the Stophaus group is just the tip of the iceberg. Especially considering the Stophaus group stopped attacks against Spamhaus two days ago, but a lot of people are still attacking them through DDoS.
I: There have been conflicting reports that Stophaus' feud with Spamhaus has spilled over to other parts of the Internet. Have you guys seen any changes in terms of Internet speed globally, or other repercussions of the DDoS attack?
S: I think that is just Cloudflare trying to make their contribution look more important than it actually is. The only thing that actually happened during the attacks was that the airport at the Hong Kong Internet Exchange went down because their router could not handle it, and the same goes for the London Internet Exchange. Their router couldn't handle it, so their router went down. No one else sent out any form of message that they were experiencing issues. Just Cloudflare. As for the statistics of the London Internet Exchange that they [Cloudflare] keep throwing around, the statistics show about 1.5 terabite per second, and 300 gigabite per second is pretty much nothing. The fact that there were some dips in that graph [seen below], where the green stuff goes all the way to the bottom and is basically zero, that is not the normal Internet exchange not functioning, but the overflow where the counter in the switch was not read out fast enough to make sure the numbers still fit the counter. So this does not affect the functionality of the Internet exchange or the switch in any way, just a little problem with the traffic. This happens on our networks too.
I: What was the attack against Spamhaus trying to accomplish? Was one of the goals shutting down the Internet?
S: No...Spamhaus' goal is shutting down the Internet as far as I'm concerned. At least the parts of it that they don't like for whatever vague reason they may have.
I: So the goal was to shut down Spamhaus, not the Internet.
S: The goal was to shutdown Spamhaus. We want to have an investigation into Spamhaus and we want to have a discussion about Spamhaus and we want Spamhaus shut down because they're a bunch of f*cking criminals. Their censorship just pretends to fight spam over the past 10 years. They've never fought spam in their lives. They claim left, right, and center, that they work together with law enforcement. Which country would that be? I've never seen a police report from the about anything! (laughs). I did however see a lot of reports against them.
I: Yeah I've seen the same reports saying they take things a little too personally...
S: Yeah, that the national service, the Emergency Response Team of Latvia complained about them when they blackmailed when they complained about NIC.LV, an old domain register for Austria. Basically what happened there was Spamhaus classified them as spam, but you cannot go to another country's agency and demand they remove domain names because you don't like them. It doesn't work that way, Spamhaus.
Was the goal accomplished of shutting down Spamhaus accomplished or are they still working towards that goal?
They are still working. But I'm quite sure that it's turned into a big diplomatic incident by now (laughs).
I: What can you tell me about Stophaus? Why it was created and who else was involved?
S: Basically it's a lot of people who have been victims of Spamhaus and their extortion tactics and their DOS attacks. It's basically what Spamhaus does: They make your network unusable and they think that they've accomplished their goal. Well, basically, their excuse is that you do not work together with them, but there is no legal obligation whatsoever to work with them. They can go to hell as far as I'm concerned. I have no legal responsibility to even answer their emails. And they don't really like that. They think everyone should take them as personally as the Internet believes, or else they are the worst spam-supporting ISP in the world. With is a bit contradictory because I think that would make us the best spam-supporting ISP in the world.
I: Is Stophaus affiliated with Cyberbunker?
S: Cyberbunker supports Stophaus as well and a lot of our clients. We fully support Stophaus and every effort to take down Spamhaus. That is every effort to take down Spamhaus. Which also includes the DDoS attack, but we do not participate.
I: Is it true that a Dutch Swat team attempted, but failed, to enter Cyberbunker's facility?
S: Oh yeah they did that a couple of years ago, that was quite funny. The local mayor of the surrounding town seems to have a bit of a misunderstanding. He seems to believe that Cyberbunker would be part of his little city, which it most definitely is not.
I: I heard Cyberbunker occupies an ex-NATO building.
S: Well, technically, it is a NATO base. In 1955, there were a lot of radio relay bases built and also to spy on Communists in those regions. Basically, the building was sold in 1996 and it was never made into Dutch territory. We tried to make it Dutch territory at first, but we realized we do not actually need you people (laughs). They weren't quite responsive back then. But if he should have anything to nag now...
I: Who has anything to nag about?
S: If he has anything to complain about now, he shouldn't have been as apprehensive in 1996. The former mayor of the town. He was, incidentally, caught shifting 12 million Euros of tax money to Iceland. So, he's no longer the mayor of the city.
I: That's interesting.
S: There are a lot of interesting things going on around these parts.
I: How do you feel about the report that five different government are investigating the cyberattack?
S: No we're really worried because we are not — at least I'm not doing anything illegal — I am a citizen of a soverign nation, I can do whatever the f*ck I want anyway, but I'm not doing the attack.
I: Do you think the people involved with Stophaus should be worried?
S: Some of them, but I hear some of our members have already gotten political asylum. Not the Republic of Cyberbunker, but larger countries already are offering it [asylum] to the few who are potentially facing trouble at this point.
I: So you would say Cyberbunker is a republic.
S: Cyberbunker is a republic, yes. We're not like Sweden, we do not try to solve anything or make a huge show out of it, but yeah.
I: So it's a self-governing state?
S: Yeah it's self-governing as a state. But, we are very good friends with the Netherlands in most respects. I don't think it'd be a good idea for the Netherlands to breach that relationship.
I: Was this an example of "hacktivism" or was it personal? If it was hacktivism, how so?
S: No this is the Internet. What we see here is the Internet puking out Spamhaus. Spamhaus is a cancer that has settled itself and basically gained the position to point it's finger to stuff that it doesn't like and have it removed or they can interfere with your business in other ways. We have laws against spamming and Spamhaus has been obsolete since those laws went into effect. People have been arrested, but I haven't seen Spamhaus help get a spammer arrested, yet they claim that half the world are spammers. Now if there were so many spammers in the world as Spamhaus claims, the Internet would DDoS itself with spam.
I: So it was more personal than hactivism, correct?
S: No this is, from my side, this is both hactivism, business, and...of course, we do not really like censorship clubs.
I: If you could restructure the internet from scratch, what would you do?
S: I think I would start by redesigning a lot of protocols, so that DDoS attacks are not possible in the first place. I think we would skip the SMTP thing completely because its just a crappy, dinosauric, protocol that should even be around anymore. Look, SMTP is protocol that was made when a bunch of nerds were very excited about sending a message from one computer to another in the same building, and the first spam was sent an hour later. (Laughs) I'd say it's about time...SMTP is over compared to ITP4. It wasn't even called "The Internet" when SMTP was written. It hasn't changed since, so its not worth protecting, even if people use to spam, which they do not from our network because we firewall that old junk. Spamhaus can claim all they want that our clients are spammers but its really hard to spam from a network that doesn't allow outgoing email, isn't it? Because basically the whole protocol is trouble. It's a pile of crap.
I: Email in general?
S: No just SMTP. There are other email protocols that do not have all of these problems. With SMTP, you cannot tell who actually sent the message. This is problem number one. If you get an email from someone and you want to send an email back that says "please click here that confirms you're a human" and they click on a website. At some point, people start to complain because you are sending out "spam" because spam comes from fake email addresses. You send out these emails to people that don't know you in the first place and they say "ew, spam!" It's completely unworkable. There is no solution like the friend list in Skype in SMTP email. This protocol cannot be fixed, not even by Spamhaus. They claim that they've been trying for the past 10 years — Spamhaus was founded in 2001 — and before that there were some other groups and basically they merged all the other idiot groups that still complain about SMTP into Spamhaus, so they can combine the worst of all of the organizations. This SMTP stuff preludes the Internet, and Spamhaus has been working on it since 2001. What did they fix? Nothing. People no longer use email, people use Skype or Facebook and no one still uses SMTP, because it's unreliable and not real-time anymore. This is all they did: they basically killed SMTP themselves. They didn't stop spamming because I still get spam. They only reason Spamhaus keeps trying is because they have a censorship infrastructure up. That is all they're really doing. They basically use their infrastructure against people they don't like.
I: What's the next step for Cyberbunker?
S: The next step for Cyberbunker is to get our own network back up and then we will concentrate our actions against Spamhaus, especially in the PR field. They've done an excellent job of trying to shut down our own networks of communication by basically extorting all of our transit providers into disconnecting our networks and to get one of our domain names deleted. Spamhaus deleted our cb3rob domain on a false address claim. I don't know but I have company registration papers that says the address is perfectly valid.
I: What was the address?
S: CB3Rob. They filed a false address claim on one of our domain names and basically forced domain registers to have it deleted. The only false address I see is, with no working telephone number or no working email in WhoIs, is Spamhaus.org itself. So why isn't Spamhaus.org themselves off of the Internet.
I: I tried to reach them for a comment but I couldn't find a phone number.
S: You go on WhoIs and try to call them or send them an email and none of their email addresses work and none of their phone numbers work. Their address is false as well. At least there is no company registration of that exact name with that exact address. Because it doesn't even have Limited or AG behind it or whatever. It just says "The Spamhaus Project," it doesn't even say which one.
I: What's the next step for Stophaus?
S: Will be to expose them [Spamhaus] a lot more than we're already doing.
I: Do you think Stophaus will launch a larger attack?
S: I don't think DDoS attacks are the way to go long term. There are clearly other people still doing the attacks, but Spamhaus has infringed Russian and Chinese trade interests for the past few years, and they've keep calling criminals according to what they say a criminal is. They keep calling them Russian's as well.
I: What about the reports that said Stophaus was working with Russian and Eastern European crime syndicates?
S: Crime syndicates? More like government agencies. (Laughs) If Spamhaus chooses to call them "crime syndicates," then they're perfectly free to do that because they do that all the time, don't they.
I: That's what a report said. You think government agencies are helping Stophaus, right?
S: Yes, I think you can put it that way. The Russian's are quite clear the fact that they consider Spamhaus an illegal organization. The Russian telecom regulator issued a report in which they announced that they would revoke any Russian Internet provider as soon as they used Spamhaus, because using Spamhaus resolves anything but filtering spam. Everything that is on the blacklist is not actually spam it's just IP ranges that they list as a method of blackmail and putting pressure on people. So, if a Russian Internet Provider uses Spamhaus, then basically they can get their license revoked because Spamhaus is a very vague organization with a very vague agenda. It needs a lot investigation, including their cash flow. Having a dormant non-profit organization in the UK, then claiming to be a non-profit but in the meantime having a number of off-shore in the Bahamas. It smells a bit like tax fraud doesn't it?
I: How would you describe your political beliefs?
S: I support the idea of a minimal state, direct democracy, although everyone is free to do, in their own country, whatever they want to do in their own country.
I: There were allegations that you were an anti-Semite and a homophobe. Do you have any comment on that?
S: I'm a homophobe? I'm gay. I do have a problem with Zionists, not necessarily Jews in general, but Zionists, yes. Because they are Jews that seem to think that Jews are better than every other people in the world and are free to f*ck everyone else in the ass. Now I do have a problem with that, because they clearly are more racist than everyone else. As for homophobe, I don't know where they got that one from. (Laughs) I would say that there are a whole bunch of guys that don't agree with that view.