09:00 AM

DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted campaign and anarchic, allegedly pro-spam Dutch hosting provider have apparently been disrupted via ongoing DDoS attacks.

Spamhaus' anti-spam crusade often sounds personal. Its listing for Stephens, for example, accuses him of being a "spamware, spam service and spam list seller," who "sells spamware designed to break federal law in the U.S.," and who "fraudulently sells harvested lists as 'opt-in,' sells 'bulletproof hosting' and 'showshoe mailing' setups to other naive spammers." Finally, it accused him of "setting up a fake 'church' to scam donations and try to avoid paying taxes."

Spamhaus provoked the ire of CyberBunker in October 2011, after it designated the hosting provider to be "providing a spam support service," and asked the company's upstream service provider, A2B, to cancel its service. After A2B declined, Spamhaus responded by blacklisting A2B in its entirety, which did drive the service provider to drop CyberBunker as a customer. But A2B also filed a complaint with Dutch police, accusing Spamhaus of extortion.

CyberBunker is now leading a battle to scuttle Spamhaus. "We were the only ones to have the balls ... to not cave in to Spamhaus' demands," said CyberBunker spokesman Kamphuis. "I mean these people are blackmailing national domain registrars. The national Russian telecom regulatory people called them an illegal organization."

The DDoS resources brought to bear in attacks against Spamhaus suggest just how lucrative the practice of mass emailing -- or spamming -- can be, which also explains why many criminal gangs are involved. Numerous malware gangs, for example, use botnet-driven zombies to infect PCs and turn them into spam relays, sending emails selling pharmaceuticals and luxury goods, or distributing yet more malware, including malicious Trojan applications designed to steal people's personal financial information.

"As Spamhaus' success has eroded the business model of spammers, botnet operators are increasingly renting their networks to launch DDoS attacks," said CloudFlare's Prince.

The ongoing battle between Spamhaus and the business interests that it's apparently disrupting highlights the extent to which laws can do little to arrest spam. Legislative window dressing such as the Can-Spam Act passed by Congress in 2003 unfortunately lives up to its double meaning, since so much spam today either gets issued from countries that don't police mass-email purveyors, or generated by malware that's infected otherwise legitimate PCs.

But as shown by the months-long Operation Ababil campaign being waged against U.S. banks, blocking DDoS attacks outright remains tough, and tracing the attacks back to the organizations that are launching or funding them appears to remain quite difficult.

Indeed, asked to respond to a BBC report that at least five governments have tasked law enforcement teams to investigate the DDoS attacks, CyberBunker spokesman Kamphuis appeared to be unconcerned. "I doubt that the people who did the attacks are in any country where doing a DDoS attack is illegal or where they can even be found -- so, not much issue there," he said.

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/6/2013 | 10:34:13 PM
re: DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted

It is painfully obvious that most of the above people who post in support of spamhaus are either directed to post here under spamhaus order OR who are simply disillusioned into believing that "all spamhaus does is maintain a list". Spamhaus does not simply block ips that are spamming, they also block *intentionally* innocent bystanders by way of what they call "punitive listings". Basically the way it works is that spamhaus lists an ip for spam and then if the ISP does not listen to their demands to remove the customer they will begin expanding the listing to cover unrelated IP space by the same provider until they list the entire network. This has the effect of entirely blocking email from ALL of the ISP or web hosting companies customers. If then, the ISP still does not weaken their stance on the customer in question, then Spamhaus begins to call the ISP a "spam supporting service" and then lists them as a spam gang, begins tracking the hosting provider and starts a slander campaign. They also start to pressure their upstream providers to shut down the entire ISP/hosting company by beginning to list the upstream isp's ip addresses. This is extortion/blackmail. "If you do not shut down the ISP we are calling a spam supporter, we will list YOUR network now and continue to until you cave in to our demands. They do this constantly and anyone who watches daily updates of their SBL lists can easily see this happening. For them to list disney, victorias secret, radio shack, Michael's art supplies and more is just ludicrous. They use terms that inflict harm on the companies they list. Calling things criminal and or "aiding and abetting" to any ISP who does not cave in to their pressures. They play judge jury and verdict and the general public is unaware of how much legitimate email is being blocked by this outfit without their knowledge. Yes, ISP's are not "forced" to use their lists to block email, but if they KNEW the tactics that spamhaus uses they would re-consider. Perhaps we should make a list of sites that aid and abet spamhaus by filtering email based on their "blacklist"? These ISP's should be made to know what spamhaus actually does and how they do it. Although I agree a DDoS is an immature solution, I *do* support the need for blogs and a listing of ISP's who support the extortionists at spamhaus. They are unknowing aiding a, in my opinion, out of control, "bigger than the law" type mafia organization which damages American business and threatens jobs and business income. We need to expose them for who they really are: They use bully tactics, they bank in know tax havens, they have no legitimate business registrations trackable back to any real owners or responsible parties, they operate "above the law" and maintain a god complex in all regard. Basic research can show they have taken bribe money to remove listings. They call themselves a non-profit, volunteer organization. This is NOT true. They have many companies they use to "collect and launder their income" try spamtec,, WordToTheWise and more.

Spamhaus is using "spin" to throw off the media. They have a force of people on twitter and other social media tweeting in support of what they do, yet those people who they recruited do not address the problems addressed above. They LOVE to keep saying "It's just a list". "I't just a list". This is NOT true and they need to stop saying that and NOW. They are masters of deception and media spin.

They fail to address also that what they do may be illegal in some countries! YES! Illegal! Allow me to demonstrate:

"A list of individuals or organizations designated for special discrimination or boycott; also to put a person or organization on such a list. Blacklists have been used for centuries as a means to identify and discriminate against undesirable individuals or organizations. A blacklist might consist, for example, of a list of names developed by a company that refuses to hire individuals who have been identified as union organizers; a country that seeks to boycott trade with other countries for political reasons; a Labor Union that identifies firms with which it will not work; or a government that wishes to specify who will not be allowed entry into the country. Many types of blacklists are legal. For example, a store may maintain a list of individuals who have not paid their bills and deny them credit privileges. Similarly, credit reports can effectively function as blacklists by identifying individuals who are poor credit risks. Because the purpose of blacklists is to exclude and discriminate, they can also result in unfair and illegal discrimination. In some cases, blacklists have done great damage to people's lives, locking them out of employment in their chosen careers or denying them access to influential organizations. For example, if a labor union makes a blacklist of workers who refuse to become members or conform to its rules, it has committed an Unfair Labor Practice in violation of federal laws. Blacklists may also necessitate disclosure laws. State and federal fair credit reporting acts, for example, require that access to information in a credit report must be given, upon request, to the person to whom the information applies.

The most famous instance of blacklisting in U.S. history occurred in the entertainment industry during the 1940s and 1950s. Motion picture companies, radio and television broadcasters, and other firms in that industry developed blacklists of individuals accused of being Communist sympathizers. Those firms then denied employment to those who were named on the blacklists. "

I do not want to plagiarize so I will reference the following if you want more info...
Further readings
Vaughn, Robert. 1972. Only Lies: A Study of Show Business Blacklisting. New York: Putnam.

I could type all day on this subject as I find anything that blocks open communication on the internet very bad for everyone. YOU SHOULD BE AWARE OF WHO IT IS YOU PLACE YOUR TRUST IN TO BLOCK EMAIL ON YOUR BEHALF.

I INVITE YOU TO PARTICIPATE IN THIS AND RESEARCH SPAMHAUS. Do not just "take for granted" that what they do is good. They make themselves out to be the angle of the internet but that is sadly not true. MANY MANY Businesses have been adversely affected by Spamhaus. Medical Practices, Dental Offices, Retail Sales stores who send out payment receipts by email!! REALLY! Imagine walking into an apple store, buying that new ipad you wanted and they ask you if you want your receipt emailed.... you get home find the ipad does not work, go to your email and Voila, no email is there because your ISP uses spamhaus and has set their mailserver to REJECT any email that is on the spamhaus list. YES, this happens, ALOT.

The reason this is not well known is that many ISP's FEAR spamhaus retaliation against their public acknowledgments that spamhaus is in the wrong. I call on ALL bandwidth providers, hosting companies and ISPs to BOYCOTT spamhaus and stop using their lists. I call on people to create lists shaming the ISP's who DO continue to block email with their lists.

Note: Did you know that spamhaus is a clickable option in many home appliances now? Yes! Sonicwall firewalls, your media players, many internet connected devices and more! There is NO WAY this orginization is a volunteer organization. Research this, take my challenge and you will FIND the truth. It is out there. Search for other terms not just spamhaus.

"Man behind illegal blacklist snooped on workers for 30 years"
"Shipyard worker was on 'illegal' blacklist"
Thats RIGHT.... Spamhaus CLAIMS To be in the UK right? It seems blacklists are illegal there!!
"Concerns over illegal blacklist"
"ICO closes down illegal blacklist database"

There is MORE AND MORE showing how blacklisting can be very illegal even in Spamhaus "home town".

Another question, WHY does Spamhaus bank in seychelles? Offshore banking? REALLY? What do they have to "hide" as a volunteer organization? Why the smoke and mirrors? Why the FAKE names? (yes people who run their blacklists are even more elusive than the people they claim are spammers.


Just do it. We need a fair and balanced reporting of what is going on with spamhaus, not just the board whores above who are related to the spamhaus cause.
User Rank: Apprentice
4/1/2013 | 10:22:00 PM
re: DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted
In my opinion, I have seen the demands coming out of Spamhaus, but in all fairness, they are very effective to block those that hijack a cause in the name of their own nefarious activities. In addition, as a networking engineer, I have clients that want to use their email server to do email marketing. I tell them not to do it at all or they will get black listed and I'll dump them as a client. Because at the end of the day, it's still SPAM, SPAM, SPAM!

Good for Spamhaus for tightening their grip on the "gonads" of A2B to starve the beast.

If a spammer's house or anyone who helps them get's firebombed, I'll not lose one second of sleep. But to be clear, violence is not the answer. (wink)
User Rank: Apprentice
3/29/2013 | 2:34:58 PM
re: DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted
I've seen the effects of the shotgun approach that A2B laments about. The exclusion procedure that Spamhaus provides for contesting erroneous blocking through this method can easily drag into and translate to days of downtime for the legitimate business.
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Current Issue
Security Operations and IT Operations: Finding the Path to Collaboration
A wide gulf has emerged between SOC and NOC teams that's keeping both of them from assuring the confidentiality, integrity, and availability of IT systems. Here's how experts think it should be bridged.
Flash Poll
New Best Practices for Secure App Development
New Best Practices for Secure App Development
The transition from DevOps to SecDevOps is combining with the move toward cloud computing to create new challenges - and new opportunities - for the information security team. Download this report, to learn about the new best practices for secure application development.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
Published: 2017-05-09
NScript in mpengine in Microsoft Malware Protection Engine with Engine Version before 1.1.13704.0, as used in Windows Defender and other products, allows remote attackers to execute arbitrary code or cause a denial of service (type confusion and application crash) via crafted JavaScript code within ...

Published: 2017-05-08
unixsocket.c in lxterminal through 0.3.0 insecurely uses /tmp for a socket file, allowing a local user to cause a denial of service (preventing terminal launch), or possibly have other impact (bypassing terminal access control).

Published: 2017-05-08
A privilege escalation vulnerability in Brocade Fibre Channel SAN products running Brocade Fabric OS (FOS) releases earlier than v7.4.1d and v8.0.1b could allow an authenticated attacker to elevate the privileges of user accounts accessing the system via command line interface. With affected version...

Published: 2017-05-08
Improper checks for unusual or exceptional conditions in Brocade NetIron 05.8.00 and later releases up to and including 06.1.00, when the Management Module is continuously scanned on port 22, may allow attackers to cause a denial of service (crash and reload) of the management module.

Published: 2017-05-08
Nextcloud Server before 11.0.3 is vulnerable to an inadequate escaping leading to a XSS vulnerability in the search module. To be exploitable a user has to write or paste malicious content into the search dialogue.

Dark Reading Radio
Archived Dark Reading Radio
In past years, security researchers have discovered ways to hack cars, medical devices, automated teller machines, and many other targets. Dark Reading Executive Editor Kelly Jackson Higgins hosts researcher Samy Kamkar and Levi Gundert, vice president of threat intelligence at Recorded Future, to discuss some of 2016's most unusual and creative hacks by white hats, and what these new vulnerabilities might mean for the coming year.