Q&A: Behind 'biggest' cyber-attack in history

Vulnerable servers around the world used to launch massive denial-of-service attack against anti-spam group Spamhaus.

Last Modified: 28 Mar 2013 11:39
Email Article
Print Article
Share article
Send Feedback
Spam emails are estimated to cost society about $20bn a year [AFP/Getty Images]

Got mail? Chances are good it's spam: an estimated 90 percent of all email traffic is junk, according to nonprofit anti-spam group Spamhaus.

A study published last year, co-written by researchers at Microsoft and Google, found the spam industry makes about $200m in revenue a year. But the amount spam costs society was estimated to be almost 100 times higher: $20bn.

Given the negative effects, organisations like Spamhaus try to identify spammers and block the mail from being sent.

But the group has raised the ire of attackers, who in recent weeks launched what may have been the biggest cyber-attack ever. Spamhaus blames Dutch hosting company Cyberbunker for the assault. Cyberbunker denies the charge, but its spokesman has accused Spamhaus of using "mafia tactics" against internet users it doesn't like.

Al Jazeera's Sam Bollier spoke with Dreas van Donselaar, the chief technology officer of SpamExperts, a Netherlands-based email security firm, about the attack.

Al Jazeera: How do denial-of-service attacks work?

Dreas van Donselaar: What happens is that you try and flood a system with data, and at some point the system gets so much data that it just doesn’t know anymore what to do, and crashes.

You can compare it to a door … people want to go in and out, and you just send a mass of people to the door. Everybody tries to get in, then there’s nobody that can get out anymore.

Basically, the denial of service attack is flooding a system with packets so it doesn’t know anymore what should go in and out.

AJ: How was such a massive attack possible?

"They managed to use millions of different servers around the globe to initiate the attack."

- Dreas van Donselaar, SpamExperts CTO

DD: If you want to flood a system with packets … you normally have one system and you start flooding another system. It’s very easy to block that one system.

What they did in this specific case is they didn’t originate the attack from one single source. They managed to use millions of different servers around the globe to initiate the attack. Although probably the attack itself was started from a single location, they set it up in such a way that millions of servers around the world started to amplify that attack from their own location.

[The attack targeted] systems that are basically set up incorrectly. So they track down all these servers that are set up incorrectly worldwide and instructed all those servers … to start forwarding this attack back to Spamhaus. … That’s how it became so massive.

AJ: How can these types of attacks be prevented in the future?

DD: It’s very hard. The internet is a complex network with different types of servers and services all around the globe. The biggest problem is that a lot of these computers are just not well-protected. Many computers get infected by a virus, for example, and as soon as your computer is infected by a virus, your computer can be used in these types of attacks.

In this attack specifically, they identified 25 million DNS servers worldwide that can be abused for an attack, to basically enhance the attack that has been initiated. That’s a very, very large number.

What they’re trying to do now is to have all the different internet providers warn the people operating vulnerable servers in their network so they can get repaired or shut down.

But it’s an endless fight, because there’s always new issues found in new systems. And it’s very hard for the internet as a whole to stay secure in that sense, because there’s just so many different devices connected to it.

AJ: Has this attack had any effects on ordinary users of the internet?

DD: We’ve never seen an attack that is of such scale … Spamhaus is using a distributed setup, which means they have servers in all kinds of countries and locations.

Because the attack is so massive, part of the internet infrastructure that is connecting all the different servers on the internet was getting overloaded. That would’ve caused delays or unresponsiveness to completely unrelated websites that are sharing the same lines that Spamhaus is also using.

AJ: Some people have accused Spamhaus of arbitrarily blocking websites that are not spammers. Is there any truth to those accusations?

DD: I’m absolutely convinced that the far majority of Spamhaus blocks are correct. They can make a mistake, because for example internet addresses may be shared between organisations. If you have an IP address that is causing abuse or sending out spam, and it also provides services for a legitimate company … the legitimate company on that same IP address is also affected.

What Spamhaus says, and I think that’s correct - the legitimate company has to figure out with their provider to make sure that there’s no more spam sent out to prevent being affected by confirmed abusive clients in the network. This situation is very rare, though, and Spamhaus is always very responsive to resolve any such complex situations.


Al Jazeera
Email Article
Print Article
Share article
Send Feedback
Topics in this article
Featured on Al Jazeera
The author argues that in the new economy, it's people, not skills or majors, that have lost value.
Colleagues of detained Al Jazeera journalists press demands for their release, 100 days after their arrest in Egypt.
Mehdi Hasan discusses online freedoms and the potential of the web with Wikipedia founder Jimmy Wales.
A tight race seems likely as 814 million voters elect leaders in world's largest democracy next week.
Activists say 'Honor Diaries' documentary exploits gender-based violence to further an anti-Islamic agenda.
As Syria's civil war escalates along the Turkish border, many in Turkey are questioning the country's involvement.
Treatment for autism in the region has progressed, but lack of awareness and support services remains a challenge.
The past isn't far away for a people exiled from Crimea by Russia and the decades it took to get home.
New report highlights plight of domestic helpers in the United Kingdom, with critics comparing it to kefala system.
join our mailing list