[QODLink]
Features

Q&A: Behind 'biggest' cyber-attack in history

Vulnerable servers around the world used to launch massive denial-of-service attack against anti-spam group Spamhaus.

Last Modified: 28 Mar 2013 11:39
Email Article
Print Article
Share article
Send Feedback
Spam emails are estimated to cost society about $20bn a year [AFP/Getty Images]

Got mail? Chances are good it's spam: an estimated 90 percent of all email traffic is junk, according to nonprofit anti-spam group Spamhaus.

A study published last year, co-written by researchers at Microsoft and Google, found the spam industry makes about $200m in revenue a year. But the amount spam costs society was estimated to be almost 100 times higher: $20bn.

Given the negative effects, organisations like Spamhaus try to identify spammers and block the mail from being sent.

But the group has raised the ire of attackers, who in recent weeks launched what may have been the biggest cyber-attack ever. Spamhaus blames Dutch hosting company Cyberbunker for the assault. Cyberbunker denies the charge, but its spokesman has accused Spamhaus of using "mafia tactics" against internet users it doesn't like.

Al Jazeera's Sam Bollier spoke with Dreas van Donselaar, the chief technology officer of SpamExperts, a Netherlands-based email security firm, about the attack.

Al Jazeera: How do denial-of-service attacks work?

Dreas van Donselaar: What happens is that you try and flood a system with data, and at some point the system gets so much data that it just doesn’t know anymore what to do, and crashes.

You can compare it to a door … people want to go in and out, and you just send a mass of people to the door. Everybody tries to get in, then there’s nobody that can get out anymore.

Basically, the denial of service attack is flooding a system with packets so it doesn’t know anymore what should go in and out.

AJ: How was such a massive attack possible?

"They managed to use millions of different servers around the globe to initiate the attack."

- Dreas van Donselaar, SpamExperts CTO

DD: If you want to flood a system with packets … you normally have one system and you start flooding another system. It’s very easy to block that one system.

What they did in this specific case is they didn’t originate the attack from one single source. They managed to use millions of different servers around the globe to initiate the attack. Although probably the attack itself was started from a single location, they set it up in such a way that millions of servers around the world started to amplify that attack from their own location.

[The attack targeted] systems that are basically set up incorrectly. So they track down all these servers that are set up incorrectly worldwide and instructed all those servers … to start forwarding this attack back to Spamhaus. … That’s how it became so massive.

AJ: How can these types of attacks be prevented in the future?

DD: It’s very hard. The internet is a complex network with different types of servers and services all around the globe. The biggest problem is that a lot of these computers are just not well-protected. Many computers get infected by a virus, for example, and as soon as your computer is infected by a virus, your computer can be used in these types of attacks.

In this attack specifically, they identified 25 million DNS servers worldwide that can be abused for an attack, to basically enhance the attack that has been initiated. That’s a very, very large number.

What they’re trying to do now is to have all the different internet providers warn the people operating vulnerable servers in their network so they can get repaired or shut down.

But it’s an endless fight, because there’s always new issues found in new systems. And it’s very hard for the internet as a whole to stay secure in that sense, because there’s just so many different devices connected to it.

AJ: Has this attack had any effects on ordinary users of the internet?

DD: We’ve never seen an attack that is of such scale … Spamhaus is using a distributed setup, which means they have servers in all kinds of countries and locations.

Because the attack is so massive, part of the internet infrastructure that is connecting all the different servers on the internet was getting overloaded. That would’ve caused delays or unresponsiveness to completely unrelated websites that are sharing the same lines that Spamhaus is also using.

AJ: Some people have accused Spamhaus of arbitrarily blocking websites that are not spammers. Is there any truth to those accusations?

DD: I’m absolutely convinced that the far majority of Spamhaus blocks are correct. They can make a mistake, because for example internet addresses may be shared between organisations. If you have an IP address that is causing abuse or sending out spam, and it also provides services for a legitimate company … the legitimate company on that same IP address is also affected.

What Spamhaus says, and I think that’s correct - the legitimate company has to figure out with their provider to make sure that there’s no more spam sent out to prevent being affected by confirmed abusive clients in the network. This situation is very rare, though, and Spamhaus is always very responsive to resolve any such complex situations.

899

Source:
Al Jazeera
Email Article
Print Article
Share article
Send Feedback
Topics in this article
People
Country
Featured on Al Jazeera
Swathes of the British electorate continue to show discontent with all things European, including immigration.
Astronomers have captured images of primordial galaxies that helped light up the cosmos after the Big Bang.
Critics assail British photographer's portrayal of indigenous people, but he says he's highlighting their plight.
As Western stars re-release 1980s charity hit, many Africans say it's a demeaning relic that can do more harm than good.
Featured
No one convicted after 58 people gunned down in cold blood in 2009 in the country's worst political mass killing.
While hosting the World Internet Conference, China tries Tiananmen activist for leaking 'state secrets' to US website.
Once staunchly anti-immigrant, some observers say the conservative US state could lead the way in documenting migrants.
NGOs say women without formal documentation are being imprisoned after giving birth in Malaysia.
Public stripping and assault of woman and rival protests thereafter highlight Kenya's gender-relations divide.