Millions may be affected by web disruption in online attack

The interruptions came after Spamhaus, temporarily added CyberBunker to a blacklist that is used by email providers to weed out spam

Millions of people may have been affected by an attack that caused disruption and a slowdown of the internet, according to a not-for-profit anti-spam organisation that blacklisted a Dutch web-hosting company.

The interruptions came after Spamhaus, a spam-fighting group based in Geneva, temporarily added CyberBunker to a blacklist that is used by email providers to weed out spam. The attacks work by trying to make a network unavailable to its intended users by overloading a server with coordinated requests to access it, according to security firm Kaspersky Lab.

Calling the disruptions "one of the largest computer attacks on the internet," the New York Times reported on Wednesday that millions of Web users have experienced delays in services such as Netflix video-streaming service or couldn't reach a certain website for a short time.

"The size of the attack hurt some very large networks and internet exchange points such as the London Internet Exchange," John Reid, a spokesman for Spamhaus, said in an e-mailed response to questions by Bloomberg News. "

It could be thousands, it could be millions. Due to our global infrastructure, the attackers target places all over the world."

Spamhaus was targeted with a so-called distributed denial of service attack on the evening of March 15, Reid said.

Dutch bunker
The attackers pretended to be Spamhaus and bombarded the internet's Domain Name System with simultaneous requests for information, according to Michael Sutton, vice-president of security research for Zscaler. The System thinks the requests are from Spamhaus and sends them back to its website, creating a wall of data so large that the site crashes, he said.

"This attack isn't new but I've never seen it abused to this scale," he said in an interview. A traditional denial-of- service attack floods a website with tens of thousands of requests a second, causing it to temporarily shut down.

CyberBunker, which was founded 1998 and is based in a military bunker near a Dutch town called Goes, offers web-hosting services for all sites except child pornography and anything related to terrorism, according to its portal.

"The only thing we would like to say is that we do not, and never have, sent any spam," CyberBunker spokesman Jordan Robson said in an e-mail. Such attacks are growing in quantity as well as scale, according to Vitaly Kamluk, chief malware expert of Kaspersky Lab's global research and analysis team. The two main motives for the disruptions are money through cybercrime and political and social activism, he said.

"This is indeed the largest known DDoS (distributed denial of service) operation," Kamluk said by email. "Such DDoS attack may affect regular users as well, with network slowdown or total unavailability of certain web resources as typical symptoms.