Thursday, March 28, 2013

A massive 'cyber attack' targeting a European spam-fighting group, 'thought to' originate in Russia


A massive 'cyber attack' targeting a European spam-fighting group, 'thought to' originate in Russia . . . . .
Posted By: Bob [Send E-Mail]
Date: Thursday, 28-Mar-2013 14:52:55
• Cyber Attack Thought to Originate in Russia
• Wall Street Journal – 1 hour ago
Latest Headlines
A massive cyber attack targeting a European spam-fighting group that slowed some global Internet traffic to a crawl appears to have been launched by a gang of hackers from Russia and neighboring countries, says the head of a Russian firm specializing in defending against such attacks.
By Lukas I. Alpert
MOSCOW–A massive cyber attack targeting a European spam-fighting group that slowed some global Internet traffic to a crawl appears to have been launched by a gang of hackers from Russia and neighboring countries, says the head of a Russian firm specializing in defending against such attacks.
Alexander Lyamin, of Moscow’s Highload Labs, says he believes the same group who have caused trouble around the world with their attack against the non-profit Spamhaus Project Ltd. had earlier launched a series of brief strikes on several top Russian Internet companies as a trial run of their weapon known as a Domain Name System (DNS) amplification attack.
“We first noticed incidents utilizing this technique a month-and-a-half ago in Russia. It started with a measly 10-20 gigabytes per second, but during the next month it grew to 60 and then 120 gigabytes. Apparently the attackers were growing their network of hacked servers,” Mr. Lyamin said.
The attacks against Spamhaus began on March 19 and appeared to have subsided on Wednesday. Some experts said the attack grew to as large as 300 gigabytes per second, which would make it the 'largest ever seen', although others – including Mr. Lyamin — dispute that.
A DNS amplification attack works by manipulating the basic system by which the Internet operates wherein a series of domain name system servers convert searches for particular sites, like www.wsj.com, to their INS address which is actually a numerical code and makes the connection.
The attack utilizes a network of hacked DNS servers to answer fake messages that appear to come from a targeted site with much larger responses. While this cripples the target site, it also severely slows the DNS server which results in bogging down scores of other searches.
In the Spamhaus attack, experts have said they believe millions of web surfers were affected.
Spamhaus has accused Dutch Web-hosting company - Cyberbunker - for being behind the attack, in a tit-for-tat retaliation for Spamhaus, putting Cyberbunker on a blacklist for allegedly allowing vast amounts of spam to be sent through its servers.
Spokespeople for Cyberbunker and Spamhaus did not immediately respond to messages seeking comment.
In a statement on its Website, Spamhaus said “a number of people have claimed to be involved in these attacks.
At this moment it is not possible for us to say whether they are really involved.”
While Mr. Lyamin would not name the Russian companies that were the earlier targets because of “the very sensitive nature of this matter,” but said they included services used by Russians every single day.
“The targets were companies with good visibility and big names, but the attacks were only for a short duration of time.
We think it was done for bragging rights.
Also lots of Internet trash was targeted – porn, scam, drugs, piracy, etc.
It was like a child playing Robin Hood or something,” he added.
He said the targeting of Russian companies, and the fact that the attacks tended to begin during daylight hours in Russia’s timezone, led his team 'to believe', the attacks were launched by “a group of Russians or from our closest neighbors.”
Mr. Lyamin says he suspects whoever was behind the spam that Spamhaus had targeted, had hired the hackers to launch the attack, which he said is a copycat of one undertaken in October 2010, about 20% smaller by volume of traffic.
“This is not new,” he said. “And I really doubt this is the biggest.”
http://www.rumormillnews.com/cgi-bin/forum.cgi?read=272814

No comments: