Since mid-March, a Dutch Internet hosting company has reportedly been waging the largest publicly known denial of service attack in history. But a McAfee security expert told The Times the attack probably won’t slow down Internet transmission speeds for regular users.
Spamhaus, a European nonprofit organization that works to block spam from the Internet, has been the target of an attack by CyberBunker for about two weeks now. CyberBunker, which says it will host any type of website with the exception of material related to terrorism and child pornography, decided to attack Spamhaus after being added to the nonprofit’s blacklist of sites that are blocked by spam filters.
The attack is a distributed denial of service, or DDoS, which occurs when large amounts of traffic are directed at one target with the hope of congesting it so severely that it or parts of it are knocked offline. Because Spamhaus blocks services that push out spam, it is frequently a target of DDoS attacks, but there has never been a publicly known DDoS attack of the magnitude CyberBunker is waging.
According to the New York Times, CyberBunker’s data stream is at 300 gigabits per second. According to the BBC, when other organizations, like banks, deal with DDoS attacks, those attacks peak at 50 gigabits per second.
The attack was severe enough to knock down one of Spamhaus’ sites and its email, but the nonprofit said its systems were able to continue running properly.
CyberBunker’s attack has been so massive that it is believed to have affected the Internet speeds of other users. Adam Wosotowsky, a threats researcher with McAfee, the cyber security firm, explained that the attack affects others’ speeds because the Internet works like a set of pipes and CyberBunker is clogging up those pipes.
“As that traffic piles down on Spamhaus, it starts to affect the things that are around it as well,” Wosotowsky.
However, Wosotowsky said Spamhaus and the rest of the Internet have probably already seen the worst of CyberBunker’s attack. Not only can Spamhaus improve its infrastructure and work with its Internet service providers, or ISPs, to better handle the attack, but it is also unlikely that CyberBunker can continue to change its attack or add any more bots to the attack it is pushing. Bots are infested computers that are used as part of DDoS attacks to produce those massive amounts of traffic.
“People usually don’t start up a DDoS attack and then two weeks into it say ‘Man, I guess we really should have used our heavy artillery,’ ” he said.
Wosotowsky said he expects that any users who have been affected by the CyberBunker attack will probably see their Internet speeds improve, not get worse.
“Once an attack is understood, then the ISPs work to get that traffic mitigated in some way,” he said.