The Biggest Cyber Attack in History
Wednesday, March 27th 2013 will go down in the history as one of the most important days in cyber history – the internet’s biggest cyber attack to date.
Most people are not even aware of what happened, why it happened and who was effected. This is mainly because most people around the world did not notice any real issues with their ability to send email, visit websites and conduct their daily online activity. However, something important did happen.. SpamHaus, which is a free service that helps filter out spam emails around the world (most mail servers are connected to services like SpamHaus to get updated lists of potential spam domains), was attacked by a group of hackers because they added a Dutch hosting company called Cyberbunker, to its list of spam domains. But before we get into the details of what happened and why, I’ll explain some of the background information first, so you’re clear on why this happened.
SpamHaus is a free, online spam filtering website that many mail servers connects to. It basically monitors the internet and accepts complaints about spam being received. If it detects that your domain, or server ip address, is sending out a lot of spam, chances are it will add you to their blacklist, which is then passed on to millions of mail servers around the world. A direct result of being on the SpamHaus (and other) blacklists is that you may notice you’re not able to send email to specific domains any more, and you get a bounce back saying the recipient server rejected your email because your domain ip is on a blacklist. If you’re really not spamming everyone, chances are maybe a spambot got into someone’s email and sent out thousands of spam emails, which then effected your domain’s reputation. The first step, if this happens, is to change everyone’s email passwords and scan all computers for malware. SpamHaus has indeed annoyed many hosting companies by adding them to their blacklist at one point in time or another (including the Evolution in DesignZ server! We were blacklisted in 2009, but are not any longer), and it looks like Cyberbunker took this very personally.
So what exactly is Cyberbunker? I had never heard of them either, until yesterday. Cyberbunker is a host based in the Netherlands, that offers hosting to everyone, as long as you don’t host porn or anything linked to terrorism. Makes sense, that’s how I offer hosting with Evolution in DesignZ. But.. SpamHaus added them to their blacklist as poor reputation ip. This seemed to have ticked them off a tad, so they, along with a couple of Eastern European gangs, allegedly enlisted the services of a bunch of hackers who apparently exploited the network security on a bunch of private networks, to turn all computers connected to those networks into something like a zombie army that would knock out the SpamHaus servers.
But, they were a little smarter than that.. they knew that direct attacks to the SpamHaus servers would be deflected, so instead they instead exploited DNS servers. A DNS server will translate a domain, like www.evolutionindesignz.com, into computer readable ip addresses, like 65.255.213.96. What happened after that was pretty straightforward – they ‘spoofed’ (spoofing means to pretend to send something as one person or source, when it is actually coming from a completely different source) DNS lookups which pretended to come from SpamHaus servers, so the result was delivered back to the SpamHaus servers. Heres’s the catch – they didn’t simply send a couple of DNS requests, they sent millions. With that amount of traffic being sent back to the SpamHaus servers, the goal was to flood SpamHaus servers with traffic and knock them out of commission. Fun, huh?!
So now you may be thinking ” ok, but how would this have effected me?”. Well, chances are it probably didn’t, but you may have noticed the internet was a little slower in some places yesterday, you may have not been able to send/receive emails for a period of time, or maybe your favourite online streaming site was down for a while. Unless your router was exploited in this attack, then you were part of the problem! Shame on you.