informa
/
Attacks/Breaches
News

DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted

Stophaus.com campaign and anarchic, allegedly pro-spam Dutch hosting provider have apparently been disrupted via ongoing DDoS attacks.
Spamhaus' anti-spam crusade often sounds personal. Its listing for Stephens, for example, accuses him of being a "spamware, spam service and spam list seller," who "sells spamware designed to break federal law in the U.S.," and who "fraudulently sells harvested lists as 'opt-in,' sells 'bulletproof hosting' and 'showshoe mailing' setups to other naive spammers." Finally, it accused him of "setting up a fake 'church' to scam donations and try to avoid paying taxes."

Spamhaus provoked the ire of CyberBunker in October 2011, after it designated the hosting provider to be "providing a spam support service," and asked the company's upstream service provider, A2B, to cancel its service. After A2B declined, Spamhaus responded by blacklisting A2B in its entirety, which did drive the service provider to drop CyberBunker as a customer. But A2B also filed a complaint with Dutch police, accusing Spamhaus of extortion.

CyberBunker is now leading a battle to scuttle Spamhaus. "We were the only ones to have the balls ... to not cave in to Spamhaus' demands," said CyberBunker spokesman Kamphuis. "I mean these people are blackmailing national domain registrars. The national Russian telecom regulatory people called them an illegal organization."

The DDoS resources brought to bear in attacks against Spamhaus suggest just how lucrative the practice of mass emailing -- or spamming -- can be, which also explains why many criminal gangs are involved. Numerous malware gangs, for example, use botnet-driven zombies to infect PCs and turn them into spam relays, sending emails selling pharmaceuticals and luxury goods, or distributing yet more malware, including malicious Trojan applications designed to steal people's personal financial information.

"As Spamhaus' success has eroded the business model of spammers, botnet operators are increasingly renting their networks to launch DDoS attacks," said CloudFlare's Prince.

The ongoing battle between Spamhaus and the business interests that it's apparently disrupting highlights the extent to which laws can do little to arrest spam. Legislative window dressing such as the Can-Spam Act passed by Congress in 2003 unfortunately lives up to its double meaning, since so much spam today either gets issued from countries that don't police mass-email purveyors, or generated by malware that's infected otherwise legitimate PCs.

But as shown by the months-long Operation Ababil campaign being waged against U.S. banks, blocking DDoS attacks outright remains tough, and tracing the attacks back to the organizations that are launching or funding them appears to remain quite difficult.

Indeed, asked to respond to a BBC report that at least five governments have tasked law enforcement teams to investigate the DDoS attacks, CyberBunker spokesman Kamphuis appeared to be unconcerned. "I doubt that the people who did the attacks are in any country where doing a DDoS attack is illegal or where they can even be found -- so, not much issue there," he said.

Recommended Reading:
Editors' Choice
Kirsten Powell, Senior Manager for Security & Risk Management at Adobe
Joshua Goldfarb, Director of Product Management at F5