0 comments | Print

Online dispute escalates, delays service for millions

By John Markoff and Nicole Perlroth
The New York Times
Published: Thursday, Mar. 28, 2013 - 12:00 am | Page 6B

A squabble between a group fighting spam and a Dutch company that hosts websites said to be sending spam has escalated into one of the largest computer attacks on the Internet, causing widespread congestion and jamming crucial infrastructure.

Millions of ordinary Internet users have experienced delays in services such as Netflix or could not reach a particular website for a short time.

However, for the Internet engineers who run the global network the problem is more worrisome. The attacks are becoming increasingly powerful, and computer security experts worry that if they continue to escalate people may not be able to reach basic Internet services, such as email and online banking.

The dispute started when the spam-fighting group Spamhaus added Dutch company Cyberbunker to its blacklist, which is used by email providers to weed out spam.

Cyberbunker offers hosting services to any website "except child porn and anything related to terrorism," according to its website.

A spokesman for Spamhaus said the attacks began March 19 but didn't stop distribution of its blacklist.

Patrick Gilmore, chief architect at digital content provider Akamai Networks, said Spamhaus' role was to generate a list of Internet spammers. Of Cyberbunker, he said: "These guys are just mad. To be frank, they got caught. They think they should be allowed to spam."

Gilmore said the attacks, generated by swarms of computers called botnets, concentrate data streams that are larger than the Internet connections of entire countries. He likened the technique, which uses a long-known flaw in the Internet's basic plumbing, to using a machine gun to spray an entire crowd when the intent is to kill one person.

The attacks were first mentioned publicly last week by Cloudflare, an Internet security firm in Silicon Valley that was trying to defend against the attacks and as a result became a target.

The so-called denial of service, or DDoS, attacks have reached previously unknown magnitudes, growing to a data stream of 300 billion bits per second. "It is a real number," Gilmore said. "It is the largest publicly announced DDoS attack in the history of the Internet."

Spamhaus, one of the most prominent groups tracking spammers on the Net, uses volunteers to identify spammers and has been described as an online vigilante group. In the past, blacklisted sites have retaliated against Spamhaus with denial-of-service attacks in which they flood Spamhaus with traffic requests from personal computers until it falls offline. But in recent weeks, the attackers hit with a far more powerful strike that exploited the Internet's core infrastructure, called the Domain Name System.

The DNS system functions like a telephone switchboard for the Internet, translating website names such as Facebook or Google into a string of numbers that the Internet's underlying technology can understand. Millions of computer servers worldwide perform the translation.

In the latest incident, attackers sent messages masqueraded as coming from Spamhaus, to the machines, which were then amplified drastically by the servers, causing torrents of data to be aimed back at the Spamhaus computers.

When Spamhaus requested aid from Cloudflare, the attackers began to focus their digital ire on the companies that provide data connections for both Spamhaus and Cloudflare.

Questioned about the attacks, Internet activist Sven Olaf Kamphuis, who said he was a spokesman for the attackers, said in an online message, "We are aware that this is one of the largest DDoS attacks the world had publicly seen." He said Cyberbunker was retaliating against Spamhaus for "abusing their influence."

"Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet," he said.

A typical denial of service attack tends to affect a small number of networks. But in a Domain Name System flood attack, data packets are aimed at the victim from servers all over the world.

The attacks cannot easily be stopped, computer security experts say, because the servers cannot be shut off without halting the Internet.

"The No. 1 rule of the Internet is that it has to work," said Dan Kaminsky, a security researcher who pointed out the inherent vulnerabilities of the Domain Name System years ago.

© Copyright The Sacramento Bee. All rights reserved.



About Comments

Reader comments on Sacbee.com are the opinions of the writer, not The Sacramento Bee. If you see an objectionable comment, click the "Report Abuse" link below it. We will delete comments containing inappropriate links, obscenities, hate speech, and personal attacks. Flagrant or repeat violators will be banned. See more about comments here.

What You Should Know About Comments on Sacbee.com

Sacbee.com is happy to provide a forum for reader interaction, discussion, feedback and reaction to our stories. However, we reserve the right to delete inappropriate comments or ban users who can't play nice. (See our full terms of service here.)

Here are some rules of the road:

• Keep your comments civil. Don't insult one another or the subjects of our articles. If you think a comment violates our guidelines click the "Report Abuse" link to notify the moderators. Responding to the comment will only encourage bad behavior.

• Don't use profanities, vulgarities or hate speech. This is a general interest news site. Sometimes, there are children present. Don't say anything in a way you wouldn't want your own child to hear.

• Do not attack other users; focus your comments on issues, not individuals.

• Stay on topic. Only post comments relevant to the article at hand.

• Do not copy and paste outside material into the comment box.

• Don't repeat the same comment over and over. We heard you the first time.

• Do not use the commenting system for advertising. That's spam and it isn't allowed.

• Don't use all capital letters. That's akin to yelling and not appreciated by the audience.

• Don't flag other users' comments just because you don't agree with their point of view. Please only flag comments that violate these guidelines.

You should also know that The Sacramento Bee does not screen comments before they are posted. You are more likely to see inappropriate comments before our staff does, so we ask that you click the "Report Abuse" link to submit those comments for moderator review. You also may notify us via email at feedback@sacbee.com. Note the headline on which the comment is made and tell us the profile name of the user who made the comment. Remember, comment moderation is subjective. You may find some material objectionable that we won't and vice versa.

If you submit a comment, the user name of your account will appear along with it. Users cannot remove their own comments once they have submitted them.

hide comments
Sacramento Bee Job listing powered by Careerbuilder.com
Quick Job Search
Advanced Job Search | Search by Category
Sacramento Bee Jobs »
Buy
Used Cars
Dealer and private-party ads
Make:

Model:

Price Range:
to
Search within:
miles of ZIP

Search used

Advanced Search | 1982 & Older



Find 'n' Save Daily DealGet the Deal!

Local Deals

Find more great deals!
findnsave.sacbee.com