Is it "the biggest cyberattack in history"? Or just routine flak that network-security providers face all the time?
News websites across the Western world proclaimed Internet Armageddon today (March 27), largely due to a New York Times story detailing a "squabble" between the spam-fighting vigilantes at Spamhaus and the dodgy Dutch Web-hosting company Cyberbunker.
"Fight Jams Internet," the Times headline said. "Global Internet slows," the BBC proclaimed in the wake of the Times' story. Both websites alleged that Netflix streaming was slowing down as a result.
The reality is less exciting, though still serious. The Internet disruptions, which were centered in Western Europe, appear to be largely over, and were largely unnoticed even when occurring.
But, if anything, the incident may prompt a fix for a basic security flaw in the Domain Name System that serves as one of the underpinnings of the Internet.
"Despite the work that has gone into making the Internet extremely resilient, these attacks underscore the fact that there are still some aspects of it that are relatively fragile," said Andrew Storms, director of security operations at San Francisco-based network-security provider nCircle.
Too much information
Cyberbunker appears to be behind a massive distributed denial-of-service (DDoS) attack that first tried to first take down Spamhaus, then Spamhaus' network-reliability provider CloudFlare, and finally this past Saturday (March 23) hit CloudFlare's own bandwidth providers in Europe.
Boston-based Akamai Networks told the Times, and Spamhaus told the BBC, that the last round of attacks peaked at 300 gigabits per second, possibly the largest amount of bandwidth ever recorded during a DDoS attack.
According to a CloudFlare blog posting, the attack was launched on March 18 and immediately involved a tactic called DNS amplification, in which unprotected Domain Name System (DNS) servers are used to flood targeted servers with huge amounts of useless information, tying up bandwidth and processing time.
The attacks increased in volume during the week, finally peaking on Saturday when, according to CloudFlare, half of the infrastructure on the London Internet Exchange, an Internet node connecting several large-scale networks, was tied up by the attack. (CloudFlare is based in Palo Alto, Calif., but runs a global network.)
DNS servers are essentially the phone books of the Internet. Every Internet-connected device, from your computer to your smartphone, uses them to match a website address that humans use, such as "www.technewsdaily.com," with an Internet Protocol address that computers and routers use, such as "220.127.116.11."
DNS servers are essential, yet many remain "open," which means they will accept lookup requests from anyone, not just their specified clients.
Attackers make lookup requests using the IP addresses of their targets, then request tons of information, which ends up flooding the targeted servers with huge amounts of DNS information.
Did two wrongs make a bigger wrong?
Spamhaus, a group of related companies based in London and Geneva, was started in 1998 to track and combat email spam and spammers. It maintains a blacklist of Web-hosting companies known to host spammers, and a whitelist of known "clean" Web hosts.