Both lists are used by Internet service providers around the world, and Spamhaus is partly responsible for the huge drop in email spam in recent years.
Some Web-hosting companies have complained they've been unfairly placed on the Spamhaus blacklist. Spammers have launched DDoS attacks against Spamhaus' website and servers. (There's even a "Stophaus" website based in Russia and dedicated to combating what it calls Spamhaus' "underhanded extortion tactics.")
It appears Cyberbunker has both complained and attacked.
Cyberbunker bases its operations in a decommissioned NATO bunker, built to withstand a nuclear war, in the southern Netherlands. The company was founded in 1998 by a group of hackers who proclaimed the "Republic of Cyberbunker," a sovereign state "surrounded by the Netherlands on all borders."
The company pledges not to ask questions about what its clients are up to.
"In most cases we have no idea as to who or where our customers actually are," the Cyberbunker site proclaims. "Customers are allowed to host any content they like, except child porn and anything related to terrorism. Everything else is fine."
Such a policy has attracted some unsavory clients, including the file-sharing site The Pirate Bay, and, according to Spamhaus, the cybercrime gang known as the Russian Business Network. Cyberbunker also claims to have been raided by a Dutch police SWAT team, which apparently found nothing incriminating on the premises.
It was Cyberbunker's alleged hosting of spammers that caused Spamhaus to place both Cyberbunker and its ISP on the Spamhaus blacklist in the fall of 2011.
As a result, Cyberbunker's ISP dropped it as a client, but both the ISP and Cyberbunker posted long manifestos about why Spamhaus was evil.
The issue seems to have lain dormant until March 18, when a false Anonymous campaign called "Operation Stophaus" was proclaimed on the online bulletin board Pastebin.
It listed a litany of complaints against the "tax-circumventing self-declared Internet terrorists" of Spamhaus, then added a variant of the Anonymous "We Are Legion" tagline.
That posting may have been cover for the DDoS attacks that began the same day. In a statement to the New York Times, Sven Olaf Kamphuis, who claimed to speak for Cyberbunker, and whose Google+ page gives his residence as "Republic Cyberbunker," affirmed that the Dutch hosting company was behind the attacks.
"Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet," Kamphuis told the newspaper. "They worked themselves into that position by pretending to fight spam."
It's hard to see how such an attack can be legally justified. The Netherlands has famously lax laws governing the Internet and other digital communications, but odds are Cyberbunker will be facing another SWAT raid very soon.
Fixing a hole
For his blog posting, CloudFlare's Matthew Prince used the headline "The DDoS That Almost Broke the Internet." That's not entirely accurate, since the problems were rather localized.
However, the attack may prompt an overhaul of the DNS system. Prince and others have been vocal about the need to lock down most or all DNS servers so they no longer respond to lookup requests from anyone.
That move would go against the model of openness and accessibility that's guided the Internet for 40 years. The idea has always been that any Internet-connected device can reach any other using any path, and open DNS servers are essential to that model.