Online dispute escalates, delays service for millions

Published: Thursday, Mar. 28, 2013 - 12:00 am | Page 6B

A squabble between a group fighting spam and a Dutch company that hosts websites said to be sending spam has escalated into one of the largest computer attacks on the Internet, causing widespread congestion and jamming crucial infrastructure.

Millions of ordinary Internet users have experienced delays in services such as Netflix or could not reach a particular website for a short time.

However, for the Internet engineers who run the global network the problem is more worrisome. The attacks are becoming increasingly powerful, and computer security experts worry that if they continue to escalate people may not be able to reach basic Internet services, such as email and online banking.

The dispute started when the spam-fighting group Spamhaus added Dutch company Cyberbunker to its blacklist, which is used by email providers to weed out spam.

Cyberbunker offers hosting services to any website "except child porn and anything related to terrorism," according to its website.

A spokesman for Spamhaus said the attacks began March 19 but didn't stop distribution of its blacklist.

Patrick Gilmore, chief architect at digital content provider Akamai Networks, said Spamhaus' role was to generate a list of Internet spammers. Of Cyberbunker, he said: "These guys are just mad. To be frank, they got caught. They think they should be allowed to spam."

Gilmore said the attacks, generated by swarms of computers called botnets, concentrate data streams that are larger than the Internet connections of entire countries. He likened the technique, which uses a long-known flaw in the Internet's basic plumbing, to using a machine gun to spray an entire crowd when the intent is to kill one person.

The attacks were first mentioned publicly last week by Cloudflare, an Internet security firm in Silicon Valley that was trying to defend against the attacks and as a result became a target.

The so-called denial of service, or DDoS, attacks have reached previously unknown magnitudes, growing to a data stream of 300 billion bits per second. "It is a real number," Gilmore said. "It is the largest publicly announced DDoS attack in the history of the Internet."

Spamhaus, one of the most prominent groups tracking spammers on the Net, uses volunteers to identify spammers and has been described as an online vigilante group. In the past, blacklisted sites have retaliated against Spamhaus with denial-of-service attacks in which they flood Spamhaus with traffic requests from personal computers until it falls offline. But in recent weeks, the attackers hit with a far more powerful strike that exploited the Internet's core infrastructure, called the Domain Name System.

The DNS system functions like a telephone switchboard for the Internet, translating website names such as Facebook or Google into a string of numbers that the Internet's underlying technology can understand. Millions of computer servers worldwide perform the translation.

In the latest incident, attackers sent messages masqueraded as coming from Spamhaus, to the machines, which were then amplified drastically by the servers, causing torrents of data to be aimed back at the Spamhaus computers.

When Spamhaus requested aid from Cloudflare, the attackers began to focus their digital ire on the companies that provide data connections for both Spamhaus and Cloudflare.

Questioned about the attacks, Internet activist Sven Olaf Kamphuis, who said he was a spokesman for the attackers, said in an online message, "We are aware that this is one of the largest DDoS attacks the world had publicly seen." He said Cyberbunker was retaliating against Spamhaus for "abusing their influence."

"Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet," he said.

A typical denial of service attack tends to affect a small number of networks. But in a Domain Name System flood attack, data packets are aimed at the victim from servers all over the world.

The attacks cannot easily be stopped, computer security experts say, because the servers cannot be shut off without halting the Internet.

"The No. 1 rule of the Internet is that it has to work," said Dan Kaminsky, a security researcher who pointed out the inherent vulnerabilities of the Domain Name System years ago.

© Copyright The Sacramento Bee. All rights reserved.





Sacramento Bee Job listing powered by Careerbuilder.com
Quick Job Search
Sacramento Bee Jobs »
Buy
Used Cars
Dealer and private-party ads
Make:

Model:

Price Range:
to
Search within:
miles of ZIP

Advanced Search | 1982 & Older

TODAY'S CIRCULARS