Thu March 28, 2013
Cyberattack Against Spam-Fighting Organization One Of The Largest Ever
Originally published on Thu March 28, 2013 5:38 pm
AUDIE CORNISH, HOST:
Police in Europe are investigating a large-scale cyberattack. Some are even calling it the largest of its kind. As NPR's Martin Kaste reports, the attack's target is an organization called Spamhaus, but the effects have spilled out into the broader Internet.
MARTIN KASTE, BYLINE: Spamhaus doesn't send spam. It fights it. It identifies the sources and helps companies filter what gets to your inbox. There are some people out there that don't like Spamhaus and they show their displeasure by attacking its website. That happens all the time, but this month, things got a little more intense.
JOHN REID: The traffic that spiked up on Friday, the 15th, it spiked up massively.
KASTE: John Reid is a senior investigator with Spamhaus. He says they were under a distributed denial of service attack, a DDoS. Basically, the attacker was trying to overwhelm Spamhaus' website.
REID: Because of hundreds of attacks in the past going back many years, we set up some very robust Internet connections. The fact that they managed to flood them and flood them quite quickly, we knew that this attack was fairly large.
KASTE: Spamhaus struggled to stay online, even when it got help and extra Internet capacity from other companies. In fact, that help seems to have provoked a bigger attack. There's evidence that other websites started slowing down, too. This is new, says Reid, a DDoS that harms innocent bystanders.
REID: The criminals normally don't use it to attack Internet infrastructure because if you bring down the internet, you bring down the very thing they're making their illegal money off on. This case seems to be something a little different and people are taking note.
KASTE: This attack exploited a known Achilles' heel in the Internet's architecture, vulnerable DNS servers. Those are the servers that translate Web address into numbers and route you to the place you want to go. The servers can be manipulated into amplifying a DDoS attack. Dan Holden is with the Internet security firm Arbor Networks. He says you trick the DNS servers into bombarding your victim with address help he never asked for.
DAN HOLDEN: So if you make that request on someone else's behalf, if you will, those requests are all going to flood back to them at the same time and that is what cause the denial of service.
KASTE: But did the attack on Spamhaus really come close to breaking the Internet, as some tech websites put it? Probably not, says Holden, in part because the internet is so decentralized.
HOLDEN: The question is, you know, does that level of attack actually affect others on the Internet. It would be more localized to where the attack was actually either originating from or going to.
KASTE: So if your Internet connection has seemed slow this week, don't blame the Spamhaus attack. The culprits are probably closer to home. Martin Kaste, NPR News. Transcript provided by NPR, Copyright NPR.