Skip navigation
May 06, 2013

Spam

Posted by: Dave Ryman

Finn Brunton, author of recently released, Spam with some insight on the arrest of a suspect in the largest DDoS attack in history, aimed at Spamhaus, an anti-spam project. 

It's always a bad sign when real people start acting like their cinematic stereotypes. A police officer behaving like a movie cop, ploughing through fruit carts and shooting bad guys in parking garages, is a civic crisis; an intelligence agent who handles things like a Hollywood spy is an international disaster. (And the less said about loveseekers behaving like romantic comedy characters, cruising for a tasing and a restraining order, the better.) This is especially true of "hackers," that nebulous and ill-defined group whose members range from brilliant, unorthodox, playful explorers, mapping systems and opening technological black boxes, to scammers and thieves, password harvesters and invasive surveillance trolls. There is no group -- aside, perhaps, from people in financial services -- who are at once so significant in the contemporary world and yet so boring to watch as the hackers. The great breakthroughs, the legendary turns, almost entirely take the form of someone with headphones in typing, thinking, taking a swig of Diet Coke, typing a little more, into numerous windows of monospace text. Hence the delightful absurdity of hacker movies -- like the recent Skyfall, in which the villain's campaign of virtual, networked terror was based in a secret lair (which had excellent high-speed Internet service, despite being an abandoned island in the South China Sea) rather than off a laptop and a whiteboard somewhere.

The struggle between Spamhaus and CyberBunker, which intermittently interfered with a major point in the Internet's connectivity, several days ago, actually had lairs -- one actual bunker, in the north of Spain, one Photoshopped bunker, even a "hacker van" to act as a mobile command center. It was all very cinematic, and treated as such by the media in ways that turned out to be quite misleading. Now, as the whole affair collapses into an acrimonious tangle of accusations, denials, arrests, and press releases, a few crucial facts are becoming clear.

In brief, the attack was an attempt to make Spamhaus, a nonprofit based in Geneva and London which keeps records of spammers and other bad actors, unavailable to sites and services that use its lists to block known spammers (a "denial of service" attack). It was launched by CyberBunker, an Internet provider which had recently been added to the Spamhaus blocklist. CyberBunker has a record of protecting and supporting what could be broadly described as problematic Internet use, including a Wikileaks mirror and The Pirate Bay, the filesharing site (once of Sweden, then Iceland, now on its way to the Caribbean), and has been repeatedly accused of acting as the host for spammers and the central command systems they use for their networks of remotely controlled personal computers. They give their own remit as providing services for anything save child pornography and terrorism, and the exact location of their hardware is at present unclear; they are no longer housed in the bunker that gives it its name -- a robust Cold War relic in the Netherlands -- following a fire which disclosed the operation of an Ecstasy production lab. The Ecstasy seems thematically appropriate: for better and for worse they are a vivid survival of 1990s Internet culture, when the defense of freedom of speech was absolutely paramount, and national governments were the enemy around which the network would route. 

The method is what's called a "DNS amplification attack." The attacker makes a request that appears to come from the victim; the request is quite small, a few lines of text sent to a Domain Name Service (DNS) server, and the file the system automatically sends back -- a kind of technical directory -- is much, much larger. The attacker makes more and more requests on behalf of the victim, whose servers get overwhelmed dealing with all the incoming traffic and, if all goes according to plan, cannot respond to legitimate users and requests. This ended up going significantly better than anticipated, from the attacker's perspective; indeed, so well that part of the Internet's infrastructure was affected. All of those requests, all that information, have to pass through the system the rest of the Internet passes through, and the hardware that handles it -- the routers and switches and cables -- is built with excess capacity but can only afford to have so much at any time and remain cost-effective. As the attack grew in scope from Spamhaus to CloudFlare, a security service that joined the fray, part of the impact was directed towards a handful of major Internet Exchange Points (IXPs), facilities where some of the different networks that compose the Internet can connect to pass traffic to each other. Hit with a disproportionate amount of this traffic, these IXPs struggled to keep up, and it briefly interfered with the transfer of legitimate data.

Throughout its history, spam has been one of the places where the current boundaries of the dream of the open network get redrawn, and where the fragility of that dream is tested. If we set aside all the ludicrously overblown ways this dust-up was first framed -- the reporting that claimed that the Internet is under attack! It's all going down in flames! Soon we'll be driving armored convoys through the Mad Max wilderness, telling tales of the YouTube videos of yore! -- it represents a late flareup of the rhetoric of total technical autonomy. Sven Olaf Kamphuis, arrested in Granollers, outside Barcelona, in connection with the attack, had publicly questioned what gave Spamhaus the right to decide "what goes and what does not go on the internet." A spectacular manifesto, posted on Pastebin a few days ago, with the sententious tones of Lex Luthor and the spelling habits of IRC, demands the release of "Sven or we will indeed start the biggest attack u humans have ever experienced towards The Internet, and yourself. Anything and all connected will suffer and do you silly governments really think u can stop millions of human beings? U have no chance, AT ALL." The threat is nothing to be taken seriously, but the sentiment goes back to struggles over the appropriate use of early networks, in which the concept of spam originally took shape -- the network must be free for our values of freedom, or we will destroy it.

Responses to the blog post