Spamhaus

The Hacker Dutchman – Arrested in Spamhaus DDoS

April 29th, 2013

A 35-year-old Dutchman thought to be responsible for launching what’s been called “the largest publicly announced online attack in the history of the Internet” was arrested in Barcelona on Thursday by Spanish authorities. The man, identified by Dutch prosecutors only as “SK,” was being held after a European warrant was issued for his arrest in connection with a series of massive online attacks last month against Spamhaus, an anti-spam organization.

According to a press release issued by the Public Prosecutor Service in The Netherlands, the National Prosecutor in Barcelona ordered SK’s arrest and the seizure of computers and mobile phones from the accused’s residence there. The arrest is being billed as a collaboration of a unit called Eurojust, the European Union’s Judicial Cooperation Unit.

The dispute began late last year, when Spamhaus added to its blacklist several Internet address ranges in the Netherlands. Those addresses belong to a Dutch company called “Cyberbunker,” so named because the organization is housed in a five-story NATO bunker, and has advertised its services as a bulletproof hosting provider.

“A year ago, we started seeing pharma and botnet controllers at Cyberbunker’s address ranges, so we started to list them,” said a Spamhaus member who asked to remain anonymous. “”We got a rude reply back, and he made claims about being his own independent country in the Republic of Cyberbunker, and said he was not bound by any laws and whatnot. He also would sign his emails ‘Prince of Cyberbunker Republic.” On Facebook, he even claimed that he had diplomatic immunity.”

Cyberbunker’s IP ranges. Its WHOIS records put the organization in Antarctica.

Spamhaus took its complaint to the upstream Internet providers that connected Cyberbunker to the larger Internet. According to Spamhaus, those providers one by one severed their connections with Cyberbunker’s Internet addresses. Just hours after the last ISP dropped Cyberbunker, Spamhaus found itself the target of an enormous amount of attack traffic designed to knock its operations offline.

It is not clear who SK is, but according to multiple sources, the man identified as SK is likely one Sven Olaf Kamphuis. The attack on Spamhaus was the subject of a New York Times article on Mar. 26, 2013, which quoted Mr. Kamphuis as a representative of Cyberbunker and saying, “We are aware that this is one of the largest DDoS attacks the world had publicly seen.” Kamphuis also reportedly told The Times that Cyberbunker was retaliating against Spamhaus for “abusing their influence.”

Get your personal as well as office laptops encrypted by Alertsec

Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen.

Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.

Enhanced by Zemanta

A look at the Biggest Cyberattack in History

March 28th, 2013

 

A recent cyber attack has captured everybody’s attention, primarily targeting a single company, now being described by experts as one of the biggest Distributed Denial of Service (DDoS) attacks in the history of Internet. The privacy violation which began affecting every element related to Internet’s physical infrastructure, also due to which the Internet speed may slow down all over in Europe for a while.

It all started when the attacks targeted an anti-spam company Spamhaus, based in Europe. This company work by refraining the main source of the email spam and later sell those blacklists to the Internet Service Providers. The cyber attack began to hit as the waves of typical DDoS assaults when Spamhaus blacklisted a dodgy Dutch web hosting company, Cyberbunker. But it did not took the responsibility of the cyber attack directly against Spamhaus.

Commonly, in such attacks, computer hackers send fake traffic at a specific server for the purpose of overburdening it. The computer systems involved in the DDoS operated cyber attacks have already been infected with malware before computer hackers get control of the machine without the owner’s prior knowledge. Spamhaus entered into a contract with CloudFlare,  a data security firm which mitigates the cyber attacks soon after they proceeded. Now, it’s CloudFlare’s  responsibility to defend Spamhaus by dispersing the attacks across multiple data centers. It is a technique that keep a website online even after hitted by the maximum amount of traffic a usual DDoS can generate.

“Usually these DDoS attacks have kind of a natural cap in their size, which is around 100 gigabits per second,” CloudFlare CEO Matthew Prince told Mashable before explaining the limitation in typical DDoS attack size is due to routing hardware limitations.

“Usually these DDoS attacks have kind of a natural cap in their size, which is around 100 gigabits per second,” CloudFlare CEO Matthew Prince told Mashable before explaining the limitation in typical DDoS attack size is due to routing hardware limitations. When computer hackers failed to knock down Spamhaus while CloudFlare was protecting it, they chose to target CloudFlare’s network providers by exploiting a known fault in the key piece of Internet Infrastructure, i.e., DNS. “The interesting thing is they stopped going after us directly and they started going after all of the steps upstream from us,” said Prince. “Going after our immediate transit providers, then going after their transit providers.”

Basically, DNS alters a URL into the desired website’s IP address and eventually helps in delivering desired Internet content to user’s computer. Also, there’s a vital element of the DNS system, known as DNS resolvers. “The attack works by the attacker spoofing the victim’s IP address, sending a request to an open resolver and that resolver reflecting back a much larger response [to the victim], which then amplifies the attack,” said Prince.

Prince said that these attacks have been “certainly the largest attacks we’ve seen.” he added. According to a leading data security research group, “it is one of the largest DDoS operations to date. “Due to Internet reliability on DNS, Internet speeds world over can be affected by such large-scale DNS amplified DDoS operations.

“Anyone that’s running a network needs to go to openresolverproject.org, type in the IP addresses of their network and see if they’re running an open resolver on their network,” said Prince. “Because if they are, they’re being used by criminals in order to launch attacks online. And it’s incumbent on anyone running a network to make sure they are not wittingly aiding in the destruction of the Internet.”

Because of the past few continued cyber attacks, the data security industry is likely motivated. Though it has been talking about it, but they have taken the issue apparently insufficient to act upon. Prince however advises that these DNS-amplified DDoS operations won’t be leaving away any time soon. “The good news about an attack like this is that it’s really woken up a lot of the networking industry and these things that have been talked about for quite some time are now being implemented,” said Prince.

Get your personal as well as office laptops encrypted by Alertsec

With so much vulnerability on public networks Unencrypted laptops present a major risk of data loss. 80% of information theft is due to lost or stolen laptops and other equipment. About 50% of network intrusions are performed with credentials gathered from lost or stolen devices. The penalties for a data breach are severe not only in terms of the monetary fines imposed on the organization, but also the potential loss of trust from customers and suppliers. Encryption software greatly enhances the security of your organization’s data as the information is not compromised if a laptop is lost or stolen. Alertsec Xpress is the full disk encryption service that delivers a mobile data protection system for all information stored on laptops used throughout your organization.