Hacktivism and crime is a toxic combination for the health of the Internet. This was shown once again in the recent DDOS attack against Spamhaus.org that peaked at 300 Gbit/s. Spamhaus is a non-profit anti-spam organization that helps to filter spam for millions of Internet users. When Spamhaus goes down a lot of inboxes will be flooded with spam.
The DDOS attack was allegedly orchestrated by a Dutch webhosting company called Cyberbunker and CB3Rob. This webhosting company has roots in the hacker scene and has hosted Wikileaks and the Pirate Bay in the past. Cyberbunker claims to have a datacenter in a former NATO bunker in the Netherlands. It is not clear whether that is still true today, and what exact role Cyberbunker had in the DDOS attack against Spamhaus. The owner of Cyberbunker/CB3Rob does act as the spokesman of an attack that tries to blast a company away from the Internet as if that is a normal job. Here is where so called hacktivism on the Internet has derailed totally. The boundary between crime and hacktivism has been blurred. A reality check for Cyberbunker is in order.
Spamhaus claims that Cyberbunker/CB3rob is among the worst webhosting companies in the world. We do see problems ourselves too, but we wouldn’t rate CB3Rob as the worst webhosting company. However, CB3Rob claims that it will host anything except things related to child abuse and terrorism. This may be inspired by an idealistic view that anybody should have an uncensored access to the Internet and inspired cybercriminals as well. This is where hacktivism meets crime – a toxic combination.
A good illustration that crime corrupts hacktivsm is that the network of Cyberbunker has been used in a BGP hijack of an IP address of a DNS server of Spamhaus (https://greenhost.nl/2013/03/21/spam-not-spam-tracking-hijacked-spamhaus-ip/). The DNS servers of Spamhaus are a vital part of its antispam protection. The hijack was an attempt to inject lots of false positives into the spam reputation system of Spamhaus. Though this hijack did not cause a lot of damage as most networks did not accept the hostile BGP announcement, the intention was clear: someone using Cyberbunker/CB3Rob’s network tried to sabotage the spam reputation system of Spamhaus. It does not resemble hacktivism, but rather resembles crime.
In the past, web hosting company Cyberbunker was a nuisance to the entertainment industry because it hosted the Pirate Bay. It provoked authorities by hosting Wikileaks and based on own its website there were a few incidents with the local Dutch authorities. All of this doesn’t look like hardcore crime to me, but more like the work of a bunch of anarchists who don’t want to be told what to do. At that time the web hosting company did not look like a threat to Internet security.
But then criminal customers were attracted to the web hosting company and things went wrong, ultimately resulting in a 300 Gbit/s DDOS attack, the largest attack made public so far. Spamhaus stayed up, but it has suffered from many DDOS attacks in the past, and therefore has a lot of experience in dealing with them. What if the attackers send their junk to a less prepared company?
A lesson learned from this attack is that the Internet is pretty robust, but it needs to be more robust. In an earlier blog posting, we explained that two things have to be done to make DDOS attacks less powerful:
- secure open recursive DNS resolver
- don’t allow spoofed Internet traffic coming from your network
The recent 300 Gbit/s DDOS attack is a wakeup call for all network operators to take action now.