Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted

Stophaus.com campaign and anarchic, allegedly pro-spam Dutch hosting provider have apparently been disrupted via ongoing DDoS attacks.

Spamhaus' anti-spam crusade often sounds personal. Its listing for Stephens, for example, accuses him of being a "spamware, spam service and spam list seller," who "sells spamware designed to break federal law in the U.S.," and who "fraudulently sells harvested lists as 'opt-in,' sells 'bulletproof hosting' and 'showshoe mailing' setups to other naive spammers." Finally, it accused him of "setting up a fake 'church' to scam donations and try to avoid paying taxes."

Spamhaus provoked the ire of CyberBunker in October 2011, after it designated the hosting provider to be "providing a spam support service," and asked the company's upstream service provider, A2B, to cancel its service. After A2B declined, Spamhaus responded by blacklisting A2B in its entirety, which did drive the service provider to drop CyberBunker as a customer. But A2B also filed a complaint with Dutch police, accusing Spamhaus of extortion.

CyberBunker is now leading a battle to scuttle Spamhaus. "We were the only ones to have the balls ... to not cave in to Spamhaus' demands," said CyberBunker spokesman Kamphuis. "I mean these people are blackmailing national domain registrars. The national Russian telecom regulatory people called them an illegal organization."

The DDoS resources brought to bear in attacks against Spamhaus suggest just how lucrative the practice of mass emailing -- or spamming -- can be, which also explains why many criminal gangs are involved. Numerous malware gangs, for example, use botnet-driven zombies to infect PCs and turn them into spam relays, sending emails selling pharmaceuticals and luxury goods, or distributing yet more malware, including malicious Trojan applications designed to steal people's personal financial information.

"As Spamhaus' success has eroded the business model of spammers, botnet operators are increasingly renting their networks to launch DDoS attacks," said CloudFlare's Prince.

The ongoing battle between Spamhaus and the business interests that it's apparently disrupting highlights the extent to which laws can do little to arrest spam. Legislative window dressing such as the Can-Spam Act passed by Congress in 2003 unfortunately lives up to its double meaning, since so much spam today either gets issued from countries that don't police mass-email purveyors, or generated by malware that's infected otherwise legitimate PCs.

But as shown by the months-long Operation Ababil campaign being waged against U.S. banks, blocking DDoS attacks outright remains tough, and tracing the attacks back to the organizations that are launching or funding them appears to remain quite difficult.

Indeed, asked to respond to a BBC report that at least five governments have tasked law enforcement teams to investigate the DDoS attacks, CyberBunker spokesman Kamphuis appeared to be unconcerned. "I doubt that the people who did the attacks are in any country where doing a DDoS attack is illegal or where they can even be found -- so, not much issue there," he said.

2 of 2
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Apprentice
4/6/2013 | 10:34:13 PM
re: DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted

It is painfully obvious that most of the above people who post in support of spamhaus are either directed to post here under spamhaus order OR who are simply disillusioned into believing that "all spamhaus does is maintain a list". Spamhaus does not simply block ips that are spamming, they also block *intentionally* innocent bystanders by way of what they call "punitive listings". Basically the way it works is that spamhaus lists an ip for spam and then if the ISP does not listen to their demands to remove the customer they will begin expanding the listing to cover unrelated IP space by the same provider until they list the entire network. This has the effect of entirely blocking email from ALL of the ISP or web hosting companies customers. If then, the ISP still does not weaken their stance on the customer in question, then Spamhaus begins to call the ISP a "spam supporting service" and then lists them as a spam gang, begins tracking the hosting provider and starts a slander campaign. They also start to pressure their upstream providers to shut down the entire ISP/hosting company by beginning to list the upstream isp's ip addresses. This is extortion/blackmail. "If you do not shut down the ISP we are calling a spam supporter, we will list YOUR network now and continue to until you cave in to our demands. They do this constantly and anyone who watches daily updates of their SBL lists can easily see this happening. For them to list disney, victorias secret, radio shack, Michael's art supplies and more is just ludicrous. They use terms that inflict harm on the companies they list. Calling things criminal and or "aiding and abetting" to any ISP who does not cave in to their pressures. They play judge jury and verdict and the general public is unaware of how much legitimate email is being blocked by this outfit without their knowledge. Yes, ISP's are not "forced" to use their lists to block email, but if they KNEW the tactics that spamhaus uses they would re-consider. Perhaps we should make a list of sites that aid and abet spamhaus by filtering email based on their "blacklist"? These ISP's should be made to know what spamhaus actually does and how they do it. Although I agree a DDoS is an immature solution, I *do* support the need for blogs and a listing of ISP's who support the extortionists at spamhaus. They are unknowing aiding a, in my opinion, out of control, "bigger than the law" type mafia organization which damages American business and threatens jobs and business income. We need to expose them for who they really are: They use bully tactics, they bank in know tax havens, they have no legitimate business registrations trackable back to any real owners or responsible parties, they operate "above the law" and maintain a god complex in all regard. Basic research can show they have taken bribe money to remove listings. They call themselves a non-profit, volunteer organization. This is NOT true. They have many companies they use to "collect and launder their income" try spamtec, http://mxtools.com, WordToTheWise and more.

Spamhaus is using "spin" to throw off the media. They have a force of people on twitter and other social media tweeting in support of what they do, yet those people who they recruited do not address the problems addressed above. They LOVE to keep saying "It's just a list". "I't just a list". This is NOT true and they need to stop saying that and NOW. They are masters of deception and media spin.

They fail to address also that what they do may be illegal in some countries! YES! Illegal! Allow me to demonstrate:

"A list of individuals or organizations designated for special discrimination or boycott; also to put a person or organization on such a list. Blacklists have been used for centuries as a means to identify and discriminate against undesirable individuals or organizations. A blacklist might consist, for example, of a list of names developed by a company that refuses to hire individuals who have been identified as union organizers; a country that seeks to boycott trade with other countries for political reasons; a Labor Union that identifies firms with which it will not work; or a government that wishes to specify who will not be allowed entry into the country. Many types of blacklists are legal. For example, a store may maintain a list of individuals who have not paid their bills and deny them credit privileges. Similarly, credit reports can effectively function as blacklists by identifying individuals who are poor credit risks. Because the purpose of blacklists is to exclude and discriminate, they can also result in unfair and illegal discrimination. In some cases, blacklists have done great damage to people's lives, locking them out of employment in their chosen careers or denying them access to influential organizations. For example, if a labor union makes a blacklist of workers who refuse to become members or conform to its rules, it has committed an Unfair Labor Practice in violation of federal laws. Blacklists may also necessitate disclosure laws. State and federal fair credit reporting acts, for example, require that access to information in a credit report must be given, upon request, to the person to whom the information applies.

The most famous instance of blacklisting in U.S. history occurred in the entertainment industry during the 1940s and 1950s. Motion picture companies, radio and television broadcasters, and other firms in that industry developed blacklists of individuals accused of being Communist sympathizers. Those firms then denied employment to those who were named on the blacklists. "

I do not want to plagiarize so I will reference the following if you want more info...
Further readings
Vaughn, Robert. 1972. Only Lies: A Study of Show Business Blacklisting. New York: Putnam.

I could type all day on this subject as I find anything that blocks open communication on the internet very bad for everyone. YOU SHOULD BE AWARE OF WHO IT IS YOU PLACE YOUR TRUST IN TO BLOCK EMAIL ON YOUR BEHALF.

I INVITE YOU TO PARTICIPATE IN THIS AND RESEARCH SPAMHAUS. Do not just "take for granted" that what they do is good. They make themselves out to be the angle of the internet but that is sadly not true. MANY MANY Businesses have been adversely affected by Spamhaus. Medical Practices, Dental Offices, Retail Sales stores who send out payment receipts by email!! REALLY! Imagine walking into an apple store, buying that new ipad you wanted and they ask you if you want your receipt emailed.... you get home find the ipad does not work, go to your email and Voila, no email is there because your ISP uses spamhaus and has set their mailserver to REJECT any email that is on the spamhaus list. YES, this happens, ALOT.

The reason this is not well known is that many ISP's FEAR spamhaus retaliation against their public acknowledgments that spamhaus is in the wrong. I call on ALL bandwidth providers, hosting companies and ISPs to BOYCOTT spamhaus and stop using their lists. I call on people to create lists shaming the ISP's who DO continue to block email with their lists.

Note: Did you know that spamhaus is a clickable option in many home appliances now? Yes! Sonicwall firewalls, your media players, many internet connected devices and more! There is NO WAY this orginization is a volunteer organization. Research this, take my challenge and you will FIND the truth. It is out there. Search for other terms not just spamhaus.

"Man behind illegal blacklist snooped on workers for 30 years"
"Shipyard worker was on 'illegal' blacklist"
Thats RIGHT.... Spamhaus CLAIMS To be in the UK right? It seems blacklists are illegal there!!
"Concerns over illegal blacklist"
"ICO closes down illegal blacklist database"

There is MORE AND MORE showing how blacklisting can be very illegal even in Spamhaus "home town".

Another question, WHY does Spamhaus bank in seychelles? Offshore banking? REALLY? What do they have to "hide" as a volunteer organization? Why the smoke and mirrors? Why the FAKE names? (yes people who run their blacklists are even more elusive than the people they claim are spammers.


Just do it. We need a fair and balanced reporting of what is going on with spamhaus, not just the board whores above who are related to the spamhaus cause.
User Rank: Apprentice
4/1/2013 | 10:22:00 PM
re: DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted
In my opinion, I have seen the demands coming out of Spamhaus, but in all fairness, they are very effective to block those that hijack a cause in the name of their own nefarious activities. In addition, as a networking engineer, I have clients that want to use their email server to do email marketing. I tell them not to do it at all or they will get black listed and I'll dump them as a client. Because at the end of the day, it's still SPAM, SPAM, SPAM!

Good for Spamhaus for tightening their grip on the "gonads" of A2B to starve the beast.

If a spammer's house or anyone who helps them get's firebombed, I'll not lose one second of sleep. But to be clear, violence is not the answer. (wink)
User Rank: Apprentice
3/29/2013 | 2:34:58 PM
re: DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted
I've seen the effects of the shotgun approach that A2B laments about. The exclusion procedure that Spamhaus provides for contesting erroneous blocking through this method can easily drag into and translate to days of downtime for the legitimate business.
Former CISA Director Chris Krebs Discusses Risk Management & Threat Intel
Kelly Sheridan, Staff Editor, Dark Reading,  2/23/2021
Security + Fraud Protection: Your One-Two Punch Against Cyberattacks
Joshua Goldfarb, Director of Product Management at F5,  2/23/2021
Cybercrime Groups More Prolific, Focus on Healthcare in 2020
Robert Lemos, Contributing Writer,  2/22/2021
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win an Amazon Gift Card! Click Here
Latest Comment: This comment is waiting for review by our moderators.
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
Building the SOC of the Future
Building the SOC of the Future
Digital transformation, cloud-focused attacks, and a worldwide pandemic. The past year has changed the way business works and the way security teams operate. There is no going back.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-02-26
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 there is a CSV Injection vulnerability possible by using shop search keywords via the admin panel. The problem is fixed in
PUBLISHED: 2021-02-26
PrestaShop is a fully scalable open source e-commerce solution. In PrestaShop before version 1.7.2 the soft logout system is not complete and an attacker is able to foreign request and executes customer commands. The problem is fixed in
PUBLISHED: 2021-02-26
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, requests to user provided domains were not restricted to external IP addresses when calculating the key va...
PUBLISHED: 2021-02-26
Synapse is a Matrix reference homeserver written in python (pypi package matrix-synapse). Matrix is an ecosystem for open federated Instant Messaging and VoIP. In Synapse before version 1.25.0, a malicious homeserver could redirect requests to their .well-known file to a large file. This can lead to...
PUBLISHED: 2021-02-26
All versions of package github.com/thecodingmachine/gotenberg are vulnerable to Server-side Request Forgery (SSRF) via the /convert/html endpoint when the src attribute of an HTML element refers to an internal system file, such as <iframe src='file:///etc/passwd'>.