Biggest DDoS Attack in History?

Experts Say Attack More Hype Than True Assault

By , March 28, 2013.
Biggest DDoS Attack in History?


See Also: The Enterprise at Risk: The 2015 State of Mobility Security

he distributed-denial-of-service operation known as Operation Stophaus has been blamed for major online disruptions last week in Europe. In fact, some media outlets have dubbed it the "biggest cyber-attack in history."

But some DDoS and online-activity monitoring experts say the attack pales relative to the DDoS activity U.S. banking institutions have been withstanding since the fall of 2012. In short, they say that Operation Stophaus is more hype than reality.

"This was a DNS reflection attack," Dan Holden of DDoS-mitigation provider Arbor Networks says about the attacks waged against The Spamhaus Project, a Geneva-based not-for-profit organization dedicated to fighting Internet spam operations.

At the height of the attack, which has since subsided, Spamhaus was seeing traffic at an unprecedented pace of 300 gigabytes per second, or roughly three times the strength of even the biggest DDoS attacks against U.S. banks, according to Spamhaus hosting partner CloudFlare, which refers to this incident as, "The DDoS that almost broke the Internet."

But some DDoS experts say this attack wasn't necessarily as menacing as reported, and it has no relationship, whatsoever, to the bank attacks credited to the hacktivist group Izz ad-Din al-Qassam Cyber Fighters.

Spamhaus Attack

For several weeks, The Spamhaus Project and the countermovement known as Operation Stophaus have been dueling it out in public forums such as Pastebin. Operation Stophaus attackers took aim at Spamhaus, claiming the group was using The Spamhaus Project as a front to conceal an offshore criminal network of Internet terrorists pretending to be spam fighters.

Early on March 28, 10 days after the DDoS assault began, Spamhaus found itself so besieged by press inquiries that it set up an FAQ page to address questions about the attack.

On that FAQ page, Spamhaus claims the DDoS attack has subsided, and declines to point fingers at a single source to blame for the attacks. "A number of people have claimed to be involved in these attacks," Spamhaus states. "At this moment, it is not possible for us to say whether they are really involved."

News reports, including one by The New York Times, say the attack began on March 18 after Spamhaus added CyberBunker, a Dutch data storage company, to its blacklist of spammers. CyberBunker has not claimed credit for the attack, which is said to have been so massive that it jammed Internet traffic to the point where users had difficulty accessing Netflix and other consumer sites.

Spamhaus also dodges the question of whether this is truly "the biggest cyber-attack in history," saying only, "It certainly is the biggest attack ever directed at Spamhaus."

But the organization is using the incident as a global rallying cry for organizations to improve their abilities to detect and deflect DDoS.

"These attacks should be a call-to-action for the Internet community as a whole to address and fix those problems [that enable DDoS]," Spamhaus says.

'Almost Broke the Internet'

CloudFlare, retained by Spamhaus to help mitigate the attack, has posted two blogs about the incident. The latest posting, The DDoS that Almost Broke the Internet, goes into great technical detail about the attack, which relied not on just a botnet of PCs, but on the strength of open recursive DNS resolvers, which are used in the DNS process to translate URLs into IP addresses. Using open DNS resolvers gave the attackers massive strength, CloudFlare says.

"Unlike traditional botnets, which could only generate limited traffic because of the modest Internet connections and home PCs they typically run on, these open resolvers are typically running on big servers with fat pipes," CloudFlare writes in its latest blog. CloudFlare goes on to compare the attack vectors to bazookas, which caused the collateral damage of jamming the Internet for millions of users.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE U.S. Charges 6 Chinese with Insider Theft

Federal authorities have arrested a Chinese professor, accusing him of pilfering trade secrets from...

Latest Tweets and Mentions

ARTICLE U.S. Charges 6 Chinese with Insider Theft

Federal authorities have arrested a Chinese professor, accusing him of pilfering trade secrets from...

The ISMG Network