A man was arrested last week in Barcelona, in what is thought to be part of an investigation into the DDoS attack on Spamhaus in March of this year. The man, rumoured to be Sven Kamphuis, is the owner of Dutch hosting firm CyberBunker, who had already been implicated in the attack which began on March 19th and was on going for over a week.
It is reported that the attack started because Spamhaus, who publish a blacklist on internet spammers, added CyberBunker to their blacklist. CyberBunker, who claim to host websites for anyone excluding “child porn and anything related to terrorism”, retaliated by focusing a DDoS (distributed denial of service) attack on Spamhaus.
A DDoS attack aims to take a target machine or entire network offline by flooding its internet connection with useless data, so much so that the network becomes unable to function. These attacks are intended to render their target, often a website, completely unusable, and leave users unable to access the website’s features for a short period of time. In most cases, an average DDoS attack will send anything between 4 Gbps or 10 Gbps of data, the attack on Spamhaus began at 10 Gbps and peaked at 300 Gbps, a staggeringly high number, the likes of which have never been seen before in this type of attack. Typical DDoS attacks are also much shorter than the Spamhaus attack, which carried on for over a week.
Also involved in the attack were internet security firm CloudFlare, who were brought in by Spamhaus to defend against the attacks. When CyberBunker got wind of their involvement, they also made CloudFlare a target in the overall attack. The head of CloudFlare, Matthew Prince, eluded to the far-reaching consequences of the attack, which was reported to have slowed down internet speeds globally; ”We haven’t seen anything larger than this publicly. Its hard to get an attack this large, because what you end up doing is congesting [portions of the Internet].” Dan Holden, director of another security firm Arbor Networks, said the magnitude of the attacks makes it likely that they will have caused damage far beyond the intended target.
Kamphuis was arrested in Barcelona on the request of the Dutch public prosecutor. It has been revealed that he was known to be in Spain around the time that the Spamhaus attack was launched, however he was not caught until last week. When arrested, Kamphuis was believed to be operating out of a van, which he was using as a mobile office. The house he was staying at the time was searched, and hardware such as “computers, phones and hard drives” were seized. The content of these devices will undoubtedly be instrumental in his prosecution, once he is deported back to the Netherlands.
Previous famous DDoS attacks include those on Playstation Network in 2011, and HSBC last year.