The Huge DDoS Attack That's Clogging Up the Whole Internet—Right Now

At this very moment, the largest cyber attack ever declared is emanating from a decommissioned, nuclear-war proof NATO bunker with five foot-thick concrete walls and a reputation for harboring spammers and cybercriminals. It’s all part of a dustup between CyberBunker—so named for the building just outside Kloetinge, in the Netherlands, that houses its servers—and the international non-profit Spamhaus.



Latest from Quartz:
Loading feed...

CyberBunker does what its name suggests: It’s a safe place full of computers, which host websites and data stores for various companies. Spamhaus, meanwhile, tracks internet addresses that are sources of email spam, and adds their addresses to a blacklist. Companies that use this blacklist—which include pretty much every email provider and most internet service providers on the planet—automatically block those addresses.

The conflict between Spamhaus and CyberBunker began in 2011, when Spamhaus blacklisted all of the internet addresses hosted by Dutch internet service provider A2B. One of A2B’s clients at the time was CyberBunker. It appears that Spamhaus blocked the entirety of A2B after being unable to convince A2B to block CyberBunker by itself.

According to an essay on CyberBunker’s site (corroborated by news accounts at the time) this led to a great deal of collateral damage for companies that used A2B’s services but had no connection to CyberBunker. As a result, Spamhaus’s blacklisting of A2B knocked out, among other things, the email service for “a high street retail chain.”

Now CyberBunker has moved off of A2B and onto a new internet service provider. Spamhaus is now able to blacklist CyberBunker directly, and did so. CyberBunker is annoyed about this. And so, as if to prove Spamhaus’s point, CyberBunker responded by launching a massive cyberattack on Spamhaus.org’s infrastructure—a flood of 300 billion bits of data per second designed to clog Spamhaus’s connection to the internet. The attack is so big that it is affecting service for regular folks who happen to rely on some of the internet connections it’s commandeering. That means delayed Netflix streams or brief outages for unrelated websites.

Patrick Gilmore, chief architect at the internet hosting service Akamai, told the New York Times that the bottom line for CyberBunker is that “they think they should be allowed to spam.” CyberBunker is explicit on its homepage that it will host anything but child pornography and “anything related to terrorism.”

It’s not clear when this cyber-attack will abate. Massive networks of “zombie” PCs, used to carry outthese and related attacks, can be had for a pittance, so it’s possible a flood of bits could be directed at Spamhaus more or less indefinitely.