Spamhaus hit by denial of service attack

Anti-spam organisation Spamhaus was subject to a major distributed denial of service (DDoS) attack last month that has threatened its operations and led to a temporary shutdown of its website and mail.

The attack - which is said to be the biggest in Spamhaus' history - is thought to have been instigated by organisations blacklisted by the watchdog, which is engaged in an endless battle against spamming groups peddling dubious products like counterfeit medicines.

Anglo-Swiss Spamhaus has been credited with blocking up to 80 per cent of spam messages, and has been involved in the battle against notorious botnets including Virut, Festi and Grum.

The finger of blame in the latest DDoS attack has been pointed at a number of groups - including Dutch Internet activist Sven Kamphuis who owns blocked web-hosting service Cyberbunker - although Kamphuis has strenuously denied the allegations.

Other reports have cited an organisation called STOPhaus, said to consist of hacktivists and online criminals.

"A number of people have claimed to be involved in these attacks," said Spamhaus. "At this moment it is not possible for us to say whether they are really involved."

DDoS attacks are designed to overwhelm a server by inundating it with bandwidth traffic, measured in gigabits of data per second (Gbps). While most attacks are typically in the 10-20 Gbps range, while a major attack would be considered anything above 50 Gbps.

At its peak the Spamhaus attack was running at a staggering 300 Gbps, at a scale that was likely to have impacted 'local' Internet functioning, according to Spamhaus.

"Compare it to a big highway: If a traffic jam gets big enough, the on-ramps will slow down and fill up, and then the roads to the on-ramps will fill up too," said the anti-spam organisation.

"Attacks can be directed at core infrastructure precisely to inflict such collateral damage. With this attack, some collateral damage may have been seen locally, all depending on where you connect to the internet and when you look," it added.

The DDoS attack on Spamhaus was very sophisticated, according to online security form CloudFlare which helped the organisation fight it off by spreading the DDoS traffic across multiple data centres.

After targeting Spamhaus servers, the attackers then launched an assault on the network providers CloudFlare itself uses for bandwidth, said the firm in a blog post.

Another online security company - Prolexic - reported recently that it had seen a 19 per cent increase in DDoS attacks against its clients in the last quarter of 2012, with seven attacks in the 50 Gbps-plus category.