The internet has been targeted time and ever by hackers and spammers. Anyhow, it never happened in history that an attack brought half of the world’s netizens to a halt. The recent attack led to internet speeds in Europe falling to near zero thereby interrupting crucial work. This attack has set an unconditional fear among people.
Reason For The Biggest Cyber-Attack Ever In The History
This attack was basically targeted at a website called Spamhaus.org is a website that makes a list of spamming websites and mails the list to internet service providers. So it takes the responsibility of removing spam from the internet and keeping it clean. Anyhow this could not be digested by some possible spammer who revenged it by launching this attack. Interestingly this attack was carried out hours after Spamhaus.org blacklisted Cyberbunker.com which falls as the prime suspect to this activity. The management of Cyberbunker.com completely denied any involvement in this act.
Suspects For The Biggest Cyber Attack @ Spamhaus
Basically two organizations are suspected behind this attack. The first one being Cyberbunker.com! The reason to suspect it is that the attack took place a few hours after it was blacklisted by Spamhaus.org. Thus Cyberbunker.com must have been the maximum beneficiary of this attack since its mail data could have been erased well in time. Anyhow, its management does not accept the responsibility for any such act. They have clearly denied the allegations. The second suspect is Mr. Sven Olaf Kamphuis owner of CB3ROB. He is also the co-owner of Cyberbunker. This person is under serious investigation for this happening and everyone eyes him for it. The profiles of these 2 Internet chip-nicks are as follows:
- Cyberbunker: This website provides internet hosting but is well criticized for its habit of spamming. This was the reason it was under the scanner.
- CB3ROB: It is basically an Internet Service Provider. It was under the scanner for its allowing illegal activities online.
Mr. Kamphuis has denied any involvement in the same straight away. But no one knows whether he is serious or just attempting to save himself from the law.
How The Attack At Spamhaus Carried Out?
The biggest cyber-attack was of the type Distributed Denial of Service (DDoS) Attack. In typical DDoS attacks, the attacker or hacker, first accesses the base system and infects it with a virus so that it becomes in defendable. Then it attacks it by sending heavy bogus traffic to the website so that it hangs up due to overloading. Usually these attacks have a cap rate of 100 Gbps and this is known by security agencies so they are well prepared to handle any such situation. But in this case the attack was way above the cap rate and possibly was of 300 Gbps. Now what happened exactly was as follows:
- Spamhaus had a security tie up with CloudFlare. CloudFlare is an IT security organization.
- The hacker knew this fact, as well as the fact that Spamhaus’s site was not as easy to access.
- So the hacker penetrated through CloudFlares server first thus disabling it.
- To do this the exploited CloudFlares DNS. The DNS is the service which converts the alphabetical IP address into a form understandable by the internet, thus making it a very crucial parameter. Anyhow the worst part is the details of CloudFlares were freely available on the net.
- The hacker performed the act step by step in an organized manner and thus remained undetectable till the damage was done. The steps he followed were as follows:
Initial Attack At Spamhaus
Initially a large number of computers were attacked in such a manner that they worked as reflectors and the attack was reflected back by them.
- 1000 plus computers were attacked at the same time. All of these computers acted like reflectors to the attack that the attacker planned.
- Each of those computers sent a request to an internet server and that server was called an open resolver.
- The resolvers got confused and replied thus amplifying the attack. This amplified attack was much larger as compared to initial attack on the 1000 computers.
- Spamhaus was unable to respond to such high traffic. Thus its server collapsed. The attacker is bound to have taken advantage of this fact thereby editing or deleting crucial information from Spamhaus’s server.
Spamhaus’s Response To The Biggest Cyber- Attack Over It
CloudFlare, Spamhaus’s security provider, increased its traffic handling capacity so that they could prevent it from going offline.
- Spamhaus’s security provider CloudFlare comes into action. It judges the attack and plans a counter measures.
- As a counter measure, CloudFlare increased Spamhaus’s traffic handling capacity so that it could at least help itself recover from the problem temporarily. Anyhow the danger was still not over. But the main point is that the attacker could not bring Spamhaus offline now. So in short they got enough time to plan their next security measure.
Re-Attack By The Attacker
The attacked launched another attack again but this time in a different manner.
- However, the attacker was not ready to give up at any cost. Since the hacker could not bring Spamhaus offline now, it attacked exchanges in Europe and Asia as well as CloudFlare’s website.
- After this the hacker spoofed the IP address of CloudFlare, attacked his open resolver, deactivated it and went on with its job at Spamhaus.
- Thus the net speeds were slowed during this problem. This slowing down of speeds was the main cause we call it the biggest cyber attack in history.
Losses In The Biggest Cyber-Attack Ever In The History
This attack slowed down internet speeds to crucial levels. Spamhaus came over its pride that it can never be hacked. Internet standards were exploited. Exchanges in Asia and Europe are still to recover from the loss that occurred during this act. Most servers in these exchanges are still to be repaired.
Prevention Measures Considered For Future
As a rehabilitation measure for what all happened the following measures have been considered:
- New standards have been set for DDoS related threats. The new figure is somewhere near 300 Gbps.
- All cyber security companies have been alerted about this form of attacks and are looking forward to find ways to counter this.
- Technologies are being implemented to prevent IP spoofing.
- All free DNS servers are being closed. Heavy security is being imposed on them in order to avoid any such activity in future.