Tag Archives: CloudFlare

Spamhaus DDoS orchestrator arrested in Spain

A man was arrested last week in Barcelona, in what is thought to be part of an investigation into the DDoS attack on Spamhaus in March of this year. The man, rumoured to be Sven Kamphuis, is the owner of Dutch hosting firm CyberBunker, who had already been implicated in the attack which began on March 19th and was on going for over a week.

It is reported that the attack started because Spamhaus, who publish a blacklist on internet spammers, added CyberBunker to their blacklist. CyberBunker, who claim to host websites for anyone excluding “child porn and anything related to terrorism”, retaliated by focusing a DDoS (distributed denial of service) attack on Spamhaus.

A DDoS attack aims to take a target machine or entire network offline by flooding its internet connection with useless data, so much so that the network becomes unable to function. These attacks are intended to render their target, often a website, completely unusable, and leave users unable to access the website’s features for a short period of time. In most cases, an average DDoS attack will send anything between 4 Gbps or 10 Gbps of data, the attack on Spamhaus began at 10 Gbps and peaked at 300 Gbps, a staggeringly high number, the likes of which have never been seen before in this type of attack. Typical DDoS attacks are also much shorter than the Spamhaus attack, which carried on for over a week.

Also involved in the attack were internet security firm CloudFlare, who were brought in by Spamhaus to defend against the attacks. When CyberBunker got wind of their involvement, they also made CloudFlare a target in the overall attack. The head of CloudFlare, Matthew Prince, eluded to the far-reaching consequences of the attack, which was reported to have slowed down internet speeds globally; ”We haven’t seen anything larger than this publicly. Its hard to get an attack this large, because what you end up doing is congesting [portions of the Internet].” Dan Holden, director of another security firm Arbor Networks, said the magnitude of the attacks makes it likely that they will have caused damage far beyond the intended target.

Kamphuis was arrested in Barcelona on the request of the Dutch public prosecutor. It has been revealed that he was known to be in Spain around the time that the Spamhaus attack was launched, however he was not caught until last week. When arrested, Kamphuis was believed to be operating out of a van, which he was using as a mobile office. The house he was staying at the time was searched, and hardware such as “computers, phones and hard drives” were seized. The content of these devices will undoubtedly be instrumental in his prosecution, once he is deported back to the Netherlands.

Previous famous DDoS attacks include those on Playstation Network in 2011, and HSBC last year.

Legal Concerns over Cloud Computing

A recent Backup Technology blog briefly touched upon the legal concerns that many businesses have when considering a move to the cloud. This post looks to explore those concerns further. Many of the concerns relate to the lack of regulation in cloud computing, which often makes some larger corporations fearful in case something goes wrong with the service.

Although cloud computing is picking up momentum, it is yet to be taken up on a large scale by big corporations, who still prefer to use hardware. Two of the reasons that many big corporations give for not moving more of their IT to the cloud is the concerns over responsibility for the service provided and data security. Understandably, lawyers of big corporations are concerned that when things do go belly up, they will not be able to hold the cloud provider responsible, and even more worryingly they may in fact be liable themselves. This is a major stumbling block for many large corporations who would otherwise be quite keen to make a push to the cloud.

There are many calling for tighter regulation of the cloud computing industry, as well as a change to legislation that is better suited to the cloud. As things stand, US law does not empower prosecutors to hold cloud providers accountable for criminal activity facilitated by the cloud. This is not to say that the cloud provider itself did anything illegal, but simply allowed crime to occur by hosting a service for the criminal organisation.

A prime example is that of CloudFlare and LulzSec. LulzSec, a hacking group with ties to other high profile groups such as Anonymous, used CloudFlare to host their operations during June 2011, in which they targeted websites such as that of the CIA, gaming website The Escapist and sandbox game, Minecraft. CloudFlare, a website optimisation and security company, managed to escape liability for the attacks even though they had been hosting LulzSec’s website for several weeks. In theory, CloudFlare could have helped with any attempt to prevent the attacks from happening but chief executive Matthew Prince chose not to take the website offline. In fact, his company did quite the opposite, and continued to provide their service designed to protect LulzSec’s website from attack.

A recent article in Cloud Times has suggested that legislation needs to change to allow it to police the cloud computing industry properly. This is emphasised by the CloudFlare story, where a company was knowingly defending and hiding the website of a criminal organisation, but was not held accountable by any authority, because current legislation does not allow it. For cloud computing to be adopted by big business on a large scale, this is something that needs to change.

Our Customers

  • ATOS
  • Age UK
  • Alliance Pharma
  • Liverpool Football Club
  • CSC
  • Centrica
  • Citizens Advice
  • City of London
  • Fujitsu
  • Government Offices
  • HCL
  • LK Bennett
  • Lambretta Clothing
  • Leicester City
  • Lloyds Register
  • Logica
  • Meadowvale
  • National Farmers Union
  • Network Rail
  • PKR

Sales question? Need support? Start a chat session with one of our experts!

For support, call the 24-hour hotline:

UK: 0800 999 3600
US: 800-220-7013

Or, if you've been given a screen sharing code:

Existing customer?

Click below to login to our secure enterprise Portal and view the real-time status of your data protection.

Login to Portal