It seems that unbeknownst to most of us, a war has been going on in the cybersphere. A DNS DDoS cyberattack by CyberBunker on Spamhaus a may have been responsible for the loss of connectivity, or slow Internet access by millions of unassuming citizens worldwide. And what is the cause? Well it all started over an annoying little word we know as ... SPAM.
From Spam to DNS DDoS Attacks: Why CyberBunker Struck Out
Let's face it. Spam and the web seem to have gone together since the beginning like peanut butter and jelly on sandwiches, and though filtering systems work hard to combat these annoying at best to malicious at worst messages, we just can't seem to get rid of it all together. And it seems that those who try better be ready for some pretty intense opposition such as is the case when Spamhaus, a spam-fighting group based in Geneva, attempted to add a very large and dominant Dutch web-host named CyberBunker to a blacklist it offers to e-mail providers, aiding them in weeding out spam. Mad that their game was most certainly about to be up, the Dutch web-hosting company launched a massive DNS DDos cyberattack on Spamhaus that has affected more than just the offending party. It affected the browsing speeds of everyday Internet users like you and me.
DDoS Attacks: What Are They?
So what kind of cyberattacks am I talking about? Well the kind the world of hackers know very well. The classic "distributed denial of service" or DDoS attacks angry hacker kids often get up to that bring down gaming websites such as Minecraft and League of Legends, however, we have also recently seen a number of these kinds of attacks against business and government agencies as well. Basically the goal of a DDoS cyberattack, is to make a machine or network resource unavailable to its intended users. This may be by interrupting or suspending the services of a host connected to the Internet. Breaking it down to layman's terms, the host may be a website you want to visit. When a DDoS occurs, the site is unavailable to you the user.
Often hackers achieve a DDoS by saturating the target machine with tons of fake communications requests, so that it can't respond to the real traffic, or responds really slowly--to the point where it finally raises it's cyber hands in surrender and says "sorry can't help ya guys! The server is down!"
CyberBunker Launches Its Massive DNS Attack
So, back to the Spamhaus vs. CyberBunker DNS DDoS story. Basically, what it boils down to is Cyberbunker's straight up angry about being exposed for the kind of work they do and so they are fighting back. I mean, imagine the amount of money they must make creating and distributing spam around the Internet. Though DDoS attacks frequently happen on the web on a smaller scale, the disturbing thing about this particular attack is the size.
As the New York Times reported, the cyberattack by CyberBunker is "one of the largest computer attacks on the Internet." One in which millions of Internet users were affected. Some reported delays in services like Netflix video-streaming service or others said visiting certain websites was not possible for a window of time.
"The size of the attack hurt some very large networks and Internet exchange points such as the London Internet Exchange," said John Reid, a spokesman for Spamhaus, "It could be thousands, it could be millions. Due to our global infrastructure, the attackers target places all over the world."
Though CyberBunker adamantly declares they have never sent any kind of spam, still this massive DDoS on the Internet, doesn't exactly place them in the best light.
Inside the CyberBunker Attack: Why DNS Attacks Raise Serious Concerns
So how exactly did CyberBunker manage to pull off such a large attack against the web? The answer to that is quite frankly a bit disturbing to me. It seem the company launched a strike that hits the Internet's core infrastructure, the Domain Name System, or DNS. The DNS is basically how the internet figures out what IP address you are trying to access based on the web address you type in. So instead of typing in a long ten-digit code, you are sure to forget every time you want to access a particular webpage, instead we are given a neat ,worded addresses like "google.com" that we can remember. It is the DNS system however, that takes that little phrase of sorts and interprets it as the ten-digit IP address it represents. If the DNS is attacked however, the things get complicated because suddenly there is no one to figure out where it is we actually want to be. In a way, the DNS is like a librarian, but if someone locks the library and removes the librarian, it may be really difficult to access the books or in this case, IP addresses you're hoping to visit.
In order to get back at Spamhaus for blacklisting it, CyberBunker began screwing with machines or servers that did business with the company. Servers that may provide functionality for email and banking systems. With help from CloudFlare, Spamhaus was able to get its system back online, but still the company acknowledges this was no small peanuts.
These "Layer 3 attacks are difficult to stop with any on-premise solution," CloudFlare stated "Put simply: if you have a router with a 10Gbps port, and someone sends you 11Gbps of traffic, it doesn't matter what intelligent software you have to stop the attack because your network link is completely saturated."
Cyberattacks: Could This Be The Face Of The Next World War?
Indeed, the knowledge that such cyberattacks are taking place as we sit in our homes grumbling about our slow Internet access makes it frighteningly obvious that in this 21st century it may be that we will see a new type of warfare emerge. Perhaps not one that is fought with guns or sword or bombs or planes, but keyboard and monitors, and the click of a mouse. We already know our country suffers from a badly outdated power grid, one which legislators have fought to begin remedying as ignoring the outdated power structures leave our country increasingly more vulnerable to cyberattacks which could render us without power, or running water. Imagine hurricane conditions, only much worse, for longer time periods and much more wide spread. This recent DNS DDoS assault certainly raises once again the question of when and if and how much regulation should be put into to place regarding how people or entities behave on the web and if indeed some kind of international rules or regulations should be put into place. A report in the Japan Times this week, notes that Japan and the U.S. are planning talks for the first week of May on cybersecurity in Tokyo. The hope the two countries can work together to deal with growing Net-based attacks taking place around the world.