Stophaus: We Got What We Wanted; End Game is Near
By Ken Magill
So it didn’t slow the Internet as the worldwide press reports would have us believe.
And it didn’t kill anti-spam outfit Spamhaus.
However, the person or group claiming responsibility for the widely reported DDoS attack on Spamhaus claims he/they got what they wanted.
“The goal was to expose Spamhaus to the end-user for public scrutiny,” wrote an anonymous poster to the Magill Report’s comments section claiming to represent Stophaus.
Stophaus is a murky entity set up to battle what it claims are injustices committed by Spamhaus.
“The DDoS accomplished the media attention needed to prepare our next action,” the commenter wrote.
At least two people claiming to represent Stophaus posted comments on a Q&A web page set up on The Magill Report specifically for Stophaus and publicized to the group via Twitter.
One was HRH Prince Sven Olaf of CyberBunker-Kamphuis, who would seem to be Sven Olaf Kamphuis, owner of controversial web hosting firm CyberBunker.
Most of the major media identified Kamphuis as behind the attacks on Spamhaus. HRH Prince Sven Olaf of CyberBunker-Kamphuis denies being directly involved with the attacks.
The other claimed Stophaus representative commenting in The Magill Report gave no name, but was a respondent to a direct Tweet to @Stophaus with a link to the page published nowhere else.
The interview was conducted via Twitter and the Magill Report comments section because Stophaus tweeted that it was unable to send email.
When asked what Stophaus’s “end game” is, the anonymous commenter responded:
“The ‘End Game,’ so to speak, is when Spamhaus ceases to dictate the web content on the internet without proper authority to do so, without proper evidence of offence, and without impunity to libel and character assassination mechanisms within their campaigning.”
Spamhaus maintains a list of what it claims are sources of spam. Many email inbox providers such as Yahoo! use Spamhaus’s listings as at least part of their formula for determining whether or not incoming email is spam. It has been estimated that a listing on Spamhaus can result in as much as 60 percent of a mailer’s messages getting blocked from reaching recipients.
In mid-March, Spamhaus came under what has been described as the largest DDoS attack in Internet history. A DDoS attack is designed to cripple a network by flooding it with so much useless traffic it can’t process all the requests.
According to various sources, Spamhaus servers were at one point being inundated with 300 billion bits per second (300Gbps) of data, three times larger than the previous record attack of 100 Gbps.
The attack drew worldwide media attention, though much of it was flat out wrong, such as the claim by the BBC and New York Times that millions were experiencing delays in Internet services as a result.
It is believed Stophaus was behind the attack.
Stophaus claims it has no beef with Spamhaus’s stated goal of combating spam.
“There is nothing wrong with protecting an email recipient from unwanted messages flooding their inbox,” the anonymous claimed Stophaus representatives wrote in The Magill Report. “That is what Spamhaus represents to the public and is an admirable goal.
“What is wrong with Spamhaus are the means to their ends and the way they have designed their company house,” the claimed Stophaus representative continued. “They are crooked and most RBLs [realtime blackhole lists] are not. The most significant difference between Spamhaus and other RBL operators is their proactively involvement in creating the turmoil itself and then profiting from it in the end.”
One of Stophaus’s many complaints against Spamhaus is that it preemptively blocklists any IP determined to be under the control of someone or some entity listed on its Register of Known Spam Operations, or ROKSO, list.
Of the practice, Spamhaus says on its ROKSO FAQ page: “Once listed on ROKSO, all IP addresses determined to be used by or under the control of the listed entity are preemptively listed in the Spamhaus Block List (SBL), regardless of whether spam is emanating from them or not. All domains determined to be under the control of the listed entity are preemptively listed in the Domain Block List (DBL).”
Furthermore, Spamhaus notes: “To be removed from the ROKSO database you need to cease any spam activities you are engaged in. Spam activities include spamming, providing spam support services, servers or spamware to other spammers.
“You then need to remain unconnected with spamming for at least 6 months. Spamhaus is constantly updating ROKSO with information from many sources, therefore any new information linking you with spamming extends the life of your ROKSO record for a further 6 months.”
According to Stophaus, by preemptively blocking all IPs associated with someone they have deemed a spammer, Spamhaus is effectively stopping the person from making a living.
“Often, this user is an online professional and has only background in the IT sector …. So, essentially Spamhaus is asking this professional to take a 6-month haetus [sic] from work and still be able to pay their bills and feed their family. All without a trial, an appeals process, a vote, or even a chance to defend one's self or require them to support the claims.”
One example of the preemptive blacklisting with which Stophaus disagrees is that of an organization called Church of Common Good.
According to Stophaus, Spamhaus blocked the Church of Common Good’s IPs because a woman on its board was the girlfriend of a ROKSO listee.
According to Spamhaus, however, the Church of Common Good is/was a fake church set up by Andrew Stephens, a man Spamhaus contends is a spammer, to scam donations and avoid taxes.
Neither a message left on the Church of Common Good’s voicemail, nor an email sent to its published contact email address asking for comment was returned.
Attempts to access the ChurchofCommonGood.org home page resulted in a suspended-account message.
According to Spamhaus, Stophaus is Andrew Stephens’s creation.
According to the people who claimed to represent Stophaus to The Magill Report, Stophaus is not Andrew Stephens’s creation, but “approximately 50 active members at this time and the vast majority are ISPs and Tier 2 providers.”
When asked for specifics, Stophaus declined to name any members.
Steve Linford, chief executive of Spamhaus, said last week in an email exchange with the Magill Report that the attacks have stopped.
When asked if he thought that at least one of the people commenting on the Magill Report web site claiming to represent Stophaus was behind the attacks, he replied: “Yes. However he was not alone. I cannot comment more I'm afraid.”
[Editor’s note: In order to interview Stophaus, I had to set up a Magill Report web page for them and conduct the Q&A there. Here is a link to that page for anyone interested.]