Spam dispute results in biggest ever cyber attack

Incident ‘almost broke the internet’

Communications House in London, a building listed as containing an office of the Spamhaus Project Ltd. One of the largest ever cyber attacks is slowing global internet services after an organisation blocking “spam” content became a target, with some experts saying the disruption could get worse. Photograph: Luke MacGregor/Reuters

Internet connectivity around the world has slowed, in some cases dramatically, in what experts have described as the biggest internet attack yet.

The slowing of the web is widely believed to be related to an ongoing dispute between a non-profit organisation called the Spamhaus Project and Dutch webhosting firm CyberBunker.

Spamhaus, launched in 1998 and based in London and Geneva, tracks spammers – who send unsolicited email messages in bulk. The organisation works closely with law enforcement bodies and maintains databases on which internet service providers (ISPs) rely to filter unwanted email from servers.

Internet users who send email from web addresses (called IP addresses) blacklisted by Spamhaus mostly find their email undeliverable as it is rejected by ISPs.


Spamhaus has made enemies, particularly among groups and individuals with businesses built on email offering cheap iPads and pharmaceuticals, and Nigerian princes’ fortunes.

In October 2011 Spamhaus began to flag IP addresses from Dutch internet hosting company A2B Internet, claiming spammers were using one of its clients, CyberBunker.

Spamhaus asked A2B to remove CyberBunker's internet connection. When A2B refused, Spamhaus blacklisted A2B's client list. This meant email from any A2B customer would be rejected if the relevant ISP used Spamhaus's database. A2B capitulated within a day, blocking CyberBunker's servers from web access, but filed a blackmail complaint with Netherlands police.

In a statement posted on its website, A2B referred to Spamhaus’s activities as “shady”, saying the blacklisting of its IP network was “disproportionate” and accusing Spamhaus of “lies and false remarks”.

CyberBunker – which claims on its website to offer hosting for any activity other than child pornography and terrorism – was blacklisted again by Spamhaus earlier this month.

Sven Olaf Kamphuis, who claims to be a spokesperson for CyberBunker, criticised the blacklisting, claiming Spamhaus should not be allowed decide what is permissible online.

Denial of service
Attacks on Spamhaus's website began on March 17th, when the organisation reported it was under a distributed denial of service (DDoS) attack. Such attacks involve sending sustained data traffic – such as email – to a website to overwhelm hosting servers and thereby render the site unable to respond to users.

Spamhaus’s attackers have since targeted the internet exchanges that connect the web’s various servers. Exchanges in London, Amsterdam, Frankfurt and Hong Kong were targeted, resulting in internet congestion that slowed the flow of data.

To deal with the attack, Spamhaus hired online security firm CloudFlare, whose chief executive, Matthew Prince, has said the incident exposes a weakness in the internet. Describing it as the "the DDoS that almost broke the internet", he said the way some networks are set up enables such "amplification attacks".

CloudFlare said it is encouraging networks to close systems to prevent amplification attacks. Since it identified the loophole earlier this year, 30 per cent of the machines suspected of vulner- ability to being used in such attacks have been secured.

Kamphuis was quoted as saying the DDoS attack was retaliation for Spamhaus “abusing their influence”.

Spamhaus’s website remained online after it was moved to CloudFlare. CyberBunker’s website was offline yesterday, suspected as having been a target of a DDoS attack.

David Cochrane

David Cochrane

David Cochrane is the former social-strategy editor of The Irish Times