Marketing’s Weekly Dose of the Truth

Ken Magill

About Us

Stophaus Threatens New, Massive DDoS Attack


By Ken Magill

Stophaus, an anonymous group of unknown numbers dedicated to shutting down Spamhaus, is threatening new and massively larger DDoS attacks against the anti-spam outfit and its supporters than what it launched in March.

“There are currently 3 Operations active and 4 in preparations,” someone claiming to be a Stophaus representative wrote in the comments section of a webpage set up specifically for Stophaus  in the Magill Report.

“We have patiently waited for Spamhaus to change a little and they refuse. Instead they are combatting [sic] by using coercive force to harm our supporter's networks,” the claimed Stophaus representative wrote. “Because of these actions, we will begin harming the networks of their supporters. We mirror Spamhaus activities. We hope CF has enough room for all of the Spamhaus Minions and can handle a 2TB load.”

By CF, it is assumed Stophaus is referring to CloudFlare, the website-performance-and-security vendor Spamhaus employed to fend off a DDoS, or distributed denial of service attack, launched against it last month.

A DDoS attack is designed to cripple a network by flooding it with so much useless traffic it can’t process all the requests.

Spamhaus maintains a list of what it claims are sources of spam. Many email inbox providers such as Yahoo! and Comcast use Spamhaus’s listings as at least part of their formula for determining whether or not incoming email is spam. It has been estimated that a listing on Spamhaus can result in as much as 60 percent of a mailer’s messages getting blocked from reaching recipients.

According to various sources, Spamhaus servers were at one point in March being inundated with 300 billion bits per second (300Gbps) of data, three times larger than the previous record attack of 100 Gbps.

Stophaus has taken credit for the attack. Stophaus is an anti-Spamhaus group that claims some 400 members.

“Compare those numbers against Spamhaus' 30-ish volunteers, that have far less scrutiny at this time, and you can easily see that there is support that will lead to the ultimate demise of Spamhaus,” wrote the claimed Stophaus representative on the Magill Report.

The group has aired a litany of complaints against Spamhaus such as that it allegedly uses unwarranted intimidation tactics and allegedly engages in censorship to perform its stated goal of fighting spam.

By 2TB load, it is assumed that Stophaus is referring to a two-terabyte attack. A terabyte is 1,000 gigabytes.

As a result, the attack Stophaus is threatening is more than six times larger than the record-setting attack last month.

When asked in an email what effect such an attack might have, one expert responded: “The effect depends on a lot of things: what kind of attack is it, where it's targeted, what it targets. If, for instance, Stophaus targets Yahoo with the entire 2TB, then you'll probably see problems at Yahoo. And folks who share an upstream provider with Yahoo may see some problems, too. If it targets Comcast (another Spamhaus user) then Comcast users are probably going to have a bad day. Spread over the ‘entire internet’ no one will probably notice.”

When asked via email for a comment, Steven Linford, chief executive of Spamhaus responded: “I'm not surprised. If anyone previously had any doubt whether Spamhaus could have made a misjudgment when we deemed Cyberbunker to be a cybercrime host engaged in cybercrime itself, there's certainly nobody left now who doubts we were correct to protect our users from Cyberbunker IP space.”

Dutch webhosting firm CyberBunker has been blamed for the March attack on Spamhaus.

Sven Olaf Kamphuis, owner of CyberBunker, claims that while he supports Stophaus, he was not directly involved with the March DDoS against Spamhaus.

[Editor’s note: As some readers will remember, the March DDoS attack against Spamhaus began right about the time Linford was in the midst of answering some 60 or so questions submitted to him by Magill Report readers. After answering the first 14 questions, Linford got a little, er, busy. He said in an email yesterday he plans to deliver a new batch of answers in a few days.]


Show: Newest | Oldest

Post a Comment
Your Name:
Please type the letters in the image above

Terms: Feel free to be as big a jerk as you want, but don't attack anyone other than me personally. And don't criticize people or companies other than me anonymously. Got something crappy to say? Say it under your real name. Anonymous potshots and personal attacks aimed at me, however, are fine.

Posted by: The STOPhaus Movement
Date: 2013-05-29 03:29:30
Subject: Julian

From our records Julian is an active operative for Spamhaus using a fake identity, but at one time did not. Obviously Julian Haight is someone completely different that founded Spamcop and ran that until Ironport and then Cisco, but the claim that Julian, Steve's brother, is involved with Spamhaus is completely accurate. Spamhaus is known to use "Discover Games" to postpone and drain legal funds from paying customers of attorneys. They use donated attorneys working pro-bono, so Spamhaus is able to increase the bill on their opponent through legal games instead of addressing the issue before the Courts. It is also good to note that there is an outstanding judgment from a Civil Court case in federal courts that was affirmed by Appellate Courts as well. The Courts have ruled that Spamhaus' actions are wrong, but the Complaintant was ill-prepared to fight against a pro-bono attorney that pushed the case out for over 7 years. You almost seem to be attempting to misdirect and smokescreen Fred?
Posted by: Fred
Date: 2013-04-25 14:29:17
Subject: What about the STOPhaus lies?

Regarding Morely, EMarketers of America tried to sue anyone and everyone they could think of that they thought were involved with Spamhaus. They even sued Steve's brother, Julian Linford, thinking he must be the same person as SpamCop's Julian Haight! However, when the tables were turned, and EMarketers was hit with discovery requests, the suit was quickly dropped, sending the group of Florida spammers and their coke-head lawyer, Mark Felstein, scurrying back into their holes. Nobody testified in court to anything, because their was no trial, the suit was dismissed with prejudice. So, just more lies from STOPhaus. Mark Felstein even tried to leave Florida for New York, but was rejected by the state bar because "The character and fitness concerns included petitioner's misconduct in college, history of substance abuse, criminal record and lack of candor since college concerning such matters. We are not satisfied that petitioner presently possesses the character and general fitness requisite for an attorney and counselor-at-law."
Posted by: The STOPhaus Movement
Date: 2013-04-14 13:13:14
Subject: What about the Pedobears?

It boggles the mind how Spamhaus is able to completely disregard the fact that one of their main volunteers, Richard C. Tietjens aka Morely Dotes, who was identified clearly as a Spamhaus Investigator, was arrested and found with 15TB of child pornography while running a Pedo sharing USENET group from his home. While spam is bad and almost everyone hates spam, we will concur that pedophilia is worse and Pedobears are far worse than spammers. So, while Spamhaus is busy making false accusations about others sending unsolicited junk, we will post factual evidence that they have pedophiles working for them. * Richard C. Tietjens aka Morely Dotes is a very well-known Spamhaus Investigator that was sued by EMarketers of America and testified in court to his involvement with Spamhaus. I ask the readers here, "Do you want to give the pedobears a job by allowing them to fight spam or do you want to fight spam without pedobears? You should be more diligent when looking at who is running DNSBLs.
Posted by: Ken Magill
Date: 2013-04-11 09:51:09
Subject: ChironG

Thank you very much. I will correct that bit of stupidity now.
Posted by: ChironGM
Date: 2013-04-10 19:00:57
Subject: Correction

Just to say, a kilobyte is 1000 bytes. A kibibit, technically, is the term given to 1024 bytes.
Posted by: Ken Magill
Date: 2013-04-09 13:11:24
Subject: Unmoderated? Yes, for now

I'm a sucker for whackadoodlery ... to a point. Let's see how this plays out. Also, I have concluded that Stophaus is not one guy. Two maybe, but not one. Stophaus's comments have come in at least two distinct voices.
Posted by: Huey
Date: 2013-04-09 12:50:18
Subject: Comment policy?

Are you planning on leaving this comment thread open and unmoderated, so we can see the entertaining parade of gratuitous whackadoodlery?
Posted by: Andrew
Date: 2013-04-09 12:28:59
Subject: Stophaus is one guy.

Andrew Stephens is a ROKSO listed spammer, and is the, uh, brains behind the comedy gold that is Stophaus.