icon bookmark-bicon bookmarkicon cameraicon checkicon chevron downicon chevron lefticon chevron righticon chevron upicon closeicon v-compressicon downloadicon editicon v-expandicon fbicon fileicon filtericon flag ruicon full chevron downicon full chevron lefticon full chevron righticon full chevron upicon gpicon insicon mailicon moveicon-musicicon mutedicon nomutedicon okicon v-pauseicon v-playicon searchicon shareicon sign inicon sign upicon stepbackicon stepforicon swipe downicon tagicon tagsicon tgicon trashicon twicon vkicon yticon wticon fm
29 Mar, 2013 00:11

The Internet is falling? Reports of global web slowdown amidst mass cyber-attack overblown

The Internet is falling? Reports of global web slowdown amidst mass cyber-attack overblown

The vast cyber-attack – dubbed by many to be the biggest in history – might have caused problems for the anti-spam group it targeted, but has done little to slow down the World Wide Web, experts told RT.

On Wednesday, the non-profit group Spamhaus reportedly suffered a distributed-denial-of-service (DDoS) attack which at times peaked at more than 300 billion bits per second (300Gbps) of data – three times higher than the record attack of 100 Gbps.

Millions reportedly experienced delays with services such as the Netflix video-streaming service, while other sites were said to be unavailable.

Experts spoke of web congestion which could bring banking and email systems to a grinding halt around the world.

Steve Linford, chief executive for Spamhaus, told the BBC on Wednesday that this scale of attack could topple government Internet infrastructure.

"If you aimed this at Downing Street they would be down instantly," he said. "They would be completely off the Internet."

The Dutch-based webhost CyberBunker, which prides itself on providing bandwidth to everything but child pornography and terror-related content, allegedly began carrying out the attack on March 19 in retaliation for being put on Spamhaus’ real-time blacklist of sites to be blocked for spreading spam.

However, the scale of the actual attack has come under increased scrutiny as many of the doomsday reports failed to hold water.

‘Most users won’t notice anything’

Kaspesky Labs Global Research & Analysis Team told RT that “the data flow generated by such an attack may affect intermediate network nodes when it passes them, thus impeding operations of normal web services that have no relation to Spamhaus or Cyberbunker.”

However, as the DDoS attack was directed at a specific target and does not directly impact critical infrastructure, “the majority of global internet users are not likely to notice any disruptions that resulted from this attack. Therefore, the operation is definitely not as grave as it may sound,” Kaspersky continued.

Denial-of-service attacks (DDoS) work by overwhelming targeted servers with traffic which stems from multiple systems. When a server is overloaded with connections, new connections can no longer be accepted. In the case of Spamhaus, compromised servers from across the Internet were sending billions of bits of junk traffic to Spamhaus every second.

For a cyber-attack to truly ripple across the entire Internet, it would have to occur on a scale which would dwarf the targeted action against Spamhaus, cyber security expert and campaign manager for the UK Pirate Party Andy Halsall told RT.

“A cyber-attack that would have an impact on the entire Internet would really be shocking. But we have to remember that the Internet has a vast amount of capacity. This attack does appear to be massive, but it’s massive on a scale that it’s hitting the organization Spamhaus and causing them some problems – I know they have a good distributed network – but it isn’t having the global impact that some people are suggesting it might be having.”

While banks in Europe had reportedly suffered a slowdown in online services as a result of the DDoS attack, Halsall says the actual evidence does not point to any such phenomenon.

“From what I’ve seen on UK traffic, it doesn’t look like UK traffic is massively above what we would expect it to be. However, there are some reports that the attack is being carried out through UK routers and machines which have been hijacked. If that’s the case, then there must be some minimal impact on other users on those networks. But it certainly isn’t having the kind of global impact that some people are reporting. 300Gbps, which is what has been quoted in the media, is a huge amount of traffic, but it’s not a huge amount of traffic in the scale of the entire Internet.”

There have also been no reported spikes or dips in global Internet traffic which would indicate that the ongoing cyber-attack on Spamhaus has had any significant global impact, Sam Biddle wrote in Gizmodo, citing the latest data available from Internet Traffic report.

Biddle further says that reports of massive Netflix outages never in fact materialized.

PR Stunt?

Following the initial accusations leveled at CyberBunker, a spokesman for the firm Sven Olaf Kamphuis told RT in an exclusive interview that the allegations of web access slowing down world-wide may have resulted from a PR stunt effort by a web performance and security company CloudFlare, which had intended to help Spamhaus deal with the problem.

“That was basically just CloudFlare putting itself in the middle,” he explained. “CloudFlare took on a customer that was under attack in an attempt to make good PR for itself, and it kind of backfired,” Kamphuis said.

“CloudFlare highly underestimated the attack or highly overestimated their capacity and basically their PR stunt worked against them and they caused their other customers collateral damage, they did that themselves.”

Image from cyberbunker.com

As Biddle points out, it was in fact CloudFlare and Spamhaus who were in fact responsible for “the sky-falling Internet weather report.” CloudFlare, incidentally, is the “party that stands to profit directly from you being worried that the internet as we know it is under siege,” he argued.

Emboldening hackers

While the peak sizes of the attack against Spamhaus have been noted for their historical levels, Kaspersky said that “DDoS attacks of this type are growing in terms of quantity as well as scale” partly because of “the development of the Internet itself (network capacity and computing power).”

Kaspersky also noted that “failures in investigating and prosecuting individuals behind past attacks” had emboldened cyber-culprits.

Halsall concurred that the year-on-year growth in these attacks reflected increased broadband speeds and “the capability of the capacity of the hosts themselves which are being compromised."

“If you think about a home computer, two or three years ago it might have had a two megabit connection. Now it might have a hundred megabit connection. That gives hackers and attackers a lot more bandwidth to play with.”

Halsall argues that a primary feature of the Internet as it currently exists facilitates the types of attacks like the one currently targeting Spamhaus.

“The fundamental point is that the Internet wasn’t built with security in mind in a lot of areas. DNS (Domain Name System), the system that’s being used for this attack, has been seen as inherently insecure for a long time. But the technology’s changing. It will take a long time to fix the issues that we do have, but we will get there as these attacks increase, as the kinds of things we’ve seen over the last week happen. People will realize it is important and a priority to deal with them.”

A rash of cyber-attacks has recently made global headlines, bringing the issue to the forefront of both business and governments.

In one case, the hacktivist group Anonymous managed to take down the CIA website, as well as intercept a conversation between the FBI and Scotland Yard, which they later published online.

AFP Photo / KBS

Financial institutions often become targets for cyber-attacks as well. The websites of several US banks were downed in DDOS attacks, including high-profile attacks against JPMorgan Chase in March and Bank of America in February. 

On Tuesday, Wells Fargo became the latest bank to be targeted by a "denial-of-service" attack, as customers were prevented from accessing services.

The attacks on banks are reportedly becoming more sophisticated and complex, prompting financial institutions to invest more in web security Meanwhile, banks insist that their clients’ private information is safe.

“In terms of infrastructural damage, cyber-attacks now are as effective as the weapons of mass destruction, only with one exception: they are cheaper and they are impossible to trace,” RT`s Aleksey Yaroshevsky said.

Earlier this month, top US intelligence officials deemed Cyber-attacks and cyber-espionage a greater potential threat to US national security than Al Qaeda.