Was the largest DDoS attack in the history of the Internet a hoax?

In the last few days lots of alarms have gone off as it was revealed that what appeared to be the greatest denial-of-service attack in the history of the Internet could have affected the Internet’s stability worldwide. Although the causes, and those who are behind the attack, are officially unknown, everything could be related to a dispute between a certain international association that fights against spam, a Dutch hosting service that is a bit too permissive, and a computer security company with delusions of grandeur – a love triangle tied up in mystery, criticism, and inflammatory statements that has resounded in the most influential mass media in the world. Was there really an incident of such magnitude, or are we experiencing a digital theatrical show based on a hoax?

Background to the story

Let’s talk about the parties involved. Spamhaus is a German non-profit company that watches over Internet security. It works along with a wide range of email providers and computer security companies. It’s main focus is usually related to updating spam filters for public use. On the other hand, there is Cyberbunker, a Dutch hosting company whose open philosophy allows any type of content, regardless of its nature, to be housed on its servers, and proclaims absolute freedom of online information even if that means completely ignoring all kinds of regulations, copyrights, and international laws.

It appears as though Cyberbunker houses some domains that were sending massive amounts of spam, and was accused by Spamhaus in 2011 of housing websites that carried out suspicious activity. There has always been a lot of mystery surrounding the company for suspiciously keeping the identity of its clients a secret, and had already had some serious run-ins with the authorities in its country of origin. In fact, the very nature of its name goes beyond its online operations: Its central headquarters are in a military bunker that was built in 1955 just south of Holland.

The situation came to a breaking point at the beginning of this year 2013 when Spamhaus included on its blacklist many of the services housed on Cyberbunker’s servers, angering Cyberbunker to the point of causing this far-reaching attack that the Internet has experienced throughout this last week.

D-day

Starting on March 18, a series of denial-of-service attacks began against the DNS servers at Spamhaus.org. For those of you who don’t know, a DDoS (Distributed Denial of Service) is a way of attacking Internet servers and services that consists of saturating the server with an overload of requests until it collapses due to the volume of information that it has to process.

Throughout the first few hours, they were able to crash the Spamhaus.org website with a 10Gbps attack that lasted several hours, but during the next few days, the figure increased up to 75Gbps of requests, even though the parties involved claim that the amount of information got as high as 300Gbps at certain times. According to many sources, some related services, such as Netflix, could have been affected, and even a supposed worldwide slowing of Internet connection speed is attributed to the attack.

CloudFlare arrives like Gandalf at Helm’s Deep

Shortly after these recent attacks began, Spamhaus asked for help from CloudFlare, a company that specializes in computer security and web performance optimization, and is also an expert in dealing with attacks of this kind. Last week, un update was posted on the company’s official blog about the event and the way in which they had mitigated the problem, in addition to releasing a warning that stated the worst was yet to come. The title of the post exaggerates, to say the least: The DDoS that almost broke the Internet.”

Thanks to CloudFlare’s work of keeping Spamhaus from crashing, despite how greatly the intensity of the process was increased, the hackers decided to attack CloudFlare itself, which began on the 21st. The attack reached a level of 120Gbps, and even affected some of the root servers, which, so you can get an idea, are the pillars upon which the entire Internet is supported. The attack continued for a few more days, and then finally stopped, and no activity of the kind has been reported since.

Steve Linford, CEO of Spamhaus, told the BBC not long after that it is an unprecedented attack in the history of the Internet that could even affect the entire country’s Internet connection, but that they had Google’s support in fighting against the recent attacks, as well as that of five other important service providers that he didn’t disclose. Yes, the millenium will be here someday, but who can actually confirm this doomsayer and calamitous information?

Nuclear panic?

The e-activist Steve Olaf Kamphuis has been playing the role of spokesperson for the hackers. He dished out some strong verbal insults against Spamhaus saying that it is a company that blackmails service providers with unjust demands, under the threat of disconnecting any ISP without legal proceedings. Therefore, Spamhaus is the true threat to Internet freedom. He also states that the DDoS attacks continued for several days, even after the supposed attacks from Cyberbunker had ceased, to which he added that the claims that Spamhaus made about who was performing the activity are completely baseless, and that the attacks supposedly came from Russia and China.

Obviously, the attack was as real as life itself, and even other European sources such as ForoSpyware have echoed that their services were not working properly, which were also housed on CloudFlare. What isn’t so clear is if the consequences of what happend are really as catastrophic as the parties involved hope to make us think. Just to give you an idea, CloudFlare’s previously mentioned blog post compares the situation to that of a nuclear state of alarm. The only thing it’s missing is to say that next month the rivers will turn to blood and that fireballs will fall from the sky.

http://www.youtube.com/watch?v=7v_cP3_lsbs

In addition to all this, sources the likes of Gizmodo have taken things into their own hands, and are questioning everything that happened, trying to shed some light on this mess that newspaper media as popular as The New York Times, and other print and television media from many countries have covered. Gizmodo has contacted some principal Internet service providers and international businesses dedicated to supervising global activity on the web, such as Renesys, and in both cases the answer has been negative: The Internet was not about to crash.

Additionally, there isn’t any real report that confirms that Netflix experienced issues because of the event. Ultimately, the problem was centered around a series of servers housed in Holland that were affected, which used services provided by Spamhaus. And, as the end of Gizmodo’s article says well, Holland is not the world.

Obviously, this is a real and tangible problem, which is why it is very probably that a large-scale organized attack could cause certain problems. That being said, just as the Watchmen reminds us, “Who watches the watchmen? How do we know that Spamhaus correctly chooses what should and should not be prohibited on the Internet? And, on the other side of the coin, is it lawful for Cyberbunker to harbor any client, regardless of its activity? Clearly, we are just scratching the surface of the hidden war of self-interest that begins and ends on the Internet. For now, it’s best to question everything they tell us.