Russian hackers blamed for cyber attack that slowed the net: expert

30 Mar 2013

A massive cyber attack launched against a European spam-fighting group, which slowed global internet traffic, was the handiwork of hackers from Russia and neighboring countries,  says an expert.

Alexander Lyamin, the head of a Russian firm specialising in defence against such attacks, said the same group that caused trouble around the world with its attack against the non-profit Spamhaus Project Ltd had earlier targeted several top Russian internet companies in a trial run of their weapon known as a Domain Name System amplification attack.

According to Lyamin, of Moscow's Highload Labs, the incidents, utilising the technique, first came to their notice a month-and-a-half ago in Russia, The Wall Street Journal reported.

He added, starting out with a measly 10 to 20 gigabytes per second, escalating next month to 60 and then 120 gigabytes per second, and said the attackers were apparently expanding their network of hacked servers.

The paper added the attacks against Spamhaus started on 19 March and appeared to have subsided on Wednesday.

According to some experts, the attack intensified to a level of 300 gigabytes per second, which would make it the largest ever seen, although Lyamin along with other experts, dispute that.

Without naming the Russian companies that had been targeted because of "the very sensitive nature of this matter," he said they included services the Russians used every single day.

Meanwhile, Sven Kamphuis, a Dutch internet operator, is facing accusations by security experts of mounting a wave of attacks on a scale that only governments were thought capable of mounting.

He is alleged to have engineered a vast flood of data with which he targeted Spamhaus, which is responsible for maintaining a catalogue of computer viruses used by security programmes to protect computer owners.

The internet slowdown around Europe caused disruptions to television or other streaming services such as Netflix.

However, speaking to The Daily Telegraph yesterday, Kamphuis said allegations against him were caused by a bitter row his company Cyberbunker had had with Spamhaus.

He added the row could be traced back two years when Spamhaus blacklisted Cyberbunker's internet provider for hosting clients, which included spammers and pornography providers.

Investigations by Dutch police are under way into allegations that Kamphuis was waging the attacks from a former Nato cold war nuclear command centre in Kloetinge, southern Netherlands.

However, The Daily Telegraph newspaper found the bunker was under renovation and its owners, BunkerInfo were angered by suggestions that their facility had been used by Kamphuis for mounting attacks.

Cyberbunker had operated internet servers in Kloetinge before its sale 18 months ago but had no association with the facility.