Stophaus Threatens New, Massive DDoS Attack
By Ken Magill
Stophaus, an anonymous group of unknown numbers dedicated to shutting down Spamhaus, is threatening new and massively larger DDoS attacks against the anti-spam outfit and its supporters than what it launched in March.
“There are currently 3 Operations active and 4 in preparations,” someone claiming to be a Stophaus representative wrote in the comments section of a webpage set up specifically for Stophaus in the Magill Report.
“We have patiently waited for Spamhaus to change a little and they refuse. Instead they are combatting [sic] by using coercive force to harm our supporter's networks,” the claimed Stophaus representative wrote. “Because of these actions, we will begin harming the networks of their supporters. We mirror Spamhaus activities. We hope CF has enough room for all of the Spamhaus Minions and can handle a 2TB load.”
By CF, it is assumed Stophaus is referring to CloudFlare, the website-performance-and-security vendor Spamhaus employed to fend off a DDoS, or distributed denial of service attack, launched against it last month.
A DDoS attack is designed to cripple a network by flooding it with so much useless traffic it can’t process all the requests.
Spamhaus maintains a list of what it claims are sources of spam. Many email inbox providers such as Yahoo! and Comcast use Spamhaus’s listings as at least part of their formula for determining whether or not incoming email is spam. It has been estimated that a listing on Spamhaus can result in as much as 60 percent of a mailer’s messages getting blocked from reaching recipients.
According to various sources, Spamhaus servers were at one point in March being inundated with 300 billion bits per second (300Gbps) of data, three times larger than the previous record attack of 100 Gbps.
Stophaus has taken credit for the attack. Stophaus is an anti-Spamhaus group that claims some 400 members.
“Compare those numbers against Spamhaus' 30-ish volunteers, that have far less scrutiny at this time, and you can easily see that there is support that will lead to the ultimate demise of Spamhaus,” wrote the claimed Stophaus representative on the Magill Report.
The group has aired a litany of complaints against Spamhaus such as that it allegedly uses unwarranted intimidation tactics and allegedly engages in censorship to perform its stated goal of fighting spam.
By 2TB load, it is assumed that Stophaus is referring to a two-terabyte attack. A terabyte is 1,000 gigabytes.
As a result, the attack Stophaus is threatening is more than six times larger than the record-setting attack last month.
When asked in an email what effect such an attack might have, one expert responded: “The effect depends on a lot of things: what kind of attack is it, where it's targeted, what it targets. If, for instance, Stophaus targets Yahoo with the entire 2TB, then you'll probably see problems at Yahoo. And folks who share an upstream provider with Yahoo may see some problems, too. If it targets Comcast (another Spamhaus user) then Comcast users are probably going to have a bad day. Spread over the ‘entire internet’ no one will probably notice.”
When asked via email for a comment, Steven Linford, chief executive of Spamhaus responded: “I'm not surprised. If anyone previously had any doubt whether Spamhaus could have made a misjudgment when we deemed Cyberbunker to be a cybercrime host engaged in cybercrime itself, there's certainly nobody left now who doubts we were correct to protect our users from Cyberbunker IP space.”
Dutch webhosting firm CyberBunker has been blamed for the March attack on Spamhaus.
Sven Olaf Kamphuis, owner of CyberBunker, claims that while he supports Stophaus, he was not directly involved with the March DDoS against Spamhaus.
[Editor’s note: As some readers will remember, the March DDoS attack against Spamhaus began right about the time Linford was in the midst of answering some 60 or so questions submitted to him by Magill Report readers. After answering the first 14 questions, Linford got a little, er, busy. He said in an email yesterday he plans to deliver a new batch of answers in a few days.]