Spamhaus DDoS Attack Investigation Results in Arrest of Dutch Man
The suspect was arrested in Spain April 25 in connection with a massive distributed denial of service attack on the Web infrastructure of the Spamhaus organization that fights spam.A 35-year-old man was arrested last week in Spain in connection with the massive distributed denial-of-service (DDoS) attack on Spamhaus in March. The suspect was identified by authorities only as a Dutchman with the initials "SK," though he has been identified in reports as Sven Olaf Kamphuis, who has been tied to Web hosting company Cyberbunker that critics say does business with spammers and other cyber-criminals. The arrest could be a significant break in the Spamhaus incident that some have called the biggest DDoS attack on record. The attack was initially directed at the infrastructure of Spamhaus, a non-profit organization dedicated to fighting spam. Over the course of two weeks in March, the attacks escalated from targeting just Spamhaus' Websites, mail servers and name servers, to targeting Spamhaus' supporting networks and services—including various Internet exchanges. Leveraging open DNS resolvers, the attack was able to get control of massive amounts of traffic. At its height, the attack is said by some to have peaked at an estimated 300G bps.
"The attacks against Spamhaus used what techies call 'DNS amplification'," blogged Paul Ducklin, Sophos' head of technology for Asia-Pacific. "This relied on your home firewall, or your router at work, being wrongly configured. The attackers could then exchange tiny packets of data with you, asking you to get DNS information from Spamhaus; you'd then convert that into a much larger exchange of data packets with Spamhaus itself,” Ducklin wrote.