Marketing’s Weekly Dose of the Truth

Ken Magill

About Us

Stophaus: We Got What We Wanted; End Game is Near


By Ken Magill

So it didn’t slow the Internet as the worldwide press reports would have us believe.

And it didn’t kill anti-spam outfit Spamhaus.

However, the person or group claiming responsibility for the widely reported DDoS attack on Spamhaus claims he/they got what they wanted.

“The goal was to expose Spamhaus to the end-user for public scrutiny,” wrote an anonymous poster to the Magill Report’s comments section claiming to represent Stophaus.

Stophaus is a murky entity set up to battle what it claims are injustices committed by Spamhaus.

“The DDoS accomplished the media attention needed to prepare our next action,” the commenter wrote.

At least two people claiming to represent Stophaus posted comments on a Q&A web page set up on The Magill Report specifically for Stophaus and publicized to the group via Twitter.

One was HRH Prince Sven Olaf of CyberBunker-Kamphuis, who would seem to be Sven Olaf Kamphuis, owner of controversial web hosting firm CyberBunker.

Most of the major media identified Kamphuis as behind the attacks on Spamhaus. HRH Prince Sven Olaf of CyberBunker-Kamphuis denies being directly involved with the attacks.

The other claimed Stophaus representative commenting in The Magill Report gave no name, but was a respondent to a direct Tweet to @Stophaus with a link to the page published nowhere else.

The interview was conducted via Twitter and the Magill Report comments section because Stophaus tweeted that it was unable to send email.

When asked what Stophaus’s “end game” is, the anonymous commenter responded:

“The ‘End Game,’ so to speak, is when Spamhaus ceases to dictate the web content on the internet without proper authority to do so, without proper evidence of offence, and without impunity to libel and character assassination mechanisms within their campaigning.”

Spamhaus maintains a list of what it claims are sources of spam. Many email inbox providers such as Yahoo! use Spamhaus’s listings as at least part of their formula for determining whether or not incoming email is spam. It has been estimated that a listing on Spamhaus can result in as much as 60 percent of a mailer’s messages getting blocked from reaching recipients.

In mid-March, Spamhaus came under what has been described as the largest DDoS attack in Internet history. A DDoS attack is designed to cripple a network by flooding it with so much useless traffic it can’t process all the requests.

According to various sources, Spamhaus servers were at one point being inundated with 300 billion bits per second (300Gbps) of data, three times larger than the previous record attack of 100 Gbps.

The attack drew worldwide media attention, though much of it was flat out wrong, such as the claim by the BBC and New York Times that millions were experiencing delays in Internet services as a result.

It is believed Stophaus was behind the attack.

Stophaus claims it has no beef with Spamhaus’s stated goal of combating spam.

“There is nothing wrong with protecting an email recipient from unwanted messages flooding their inbox,” the anonymous claimed Stophaus representatives wrote in The Magill Report. “That is what Spamhaus represents to the public and is an admirable goal.

“What is wrong with Spamhaus are the means to their ends and the way they have designed their company house,” the claimed Stophaus representative continued. “They are crooked and most RBLs [realtime blackhole lists] are not. The most significant difference between Spamhaus and other RBL operators is their proactively involvement in creating the turmoil itself and then profiting from it in the end.”

One of Stophaus’s many complaints against Spamhaus is that it preemptively blocklists any IP determined to be under the control of someone or some entity listed on its Register of Known Spam Operations, or ROKSO, list.

Of the practice, Spamhaus says on its ROKSO FAQ page: “Once listed on ROKSO, all IP addresses determined to be used by or under the control of the listed entity are preemptively listed in the Spamhaus Block List (SBL), regardless of whether spam is emanating from them or not. All domains determined to be under the control of the listed entity are preemptively listed in the Domain Block List (DBL).”

Furthermore, Spamhaus notes: “To be removed from the ROKSO database you need to cease any spam activities you are engaged in. Spam activities include spamming, providing spam support services, servers or spamware to other spammers.

“You then need to remain unconnected with spamming for at least 6 months. Spamhaus is constantly updating ROKSO with information from many sources, therefore any new information linking you with spamming extends the life of your ROKSO record for a further 6 months.”

According to Stophaus, by preemptively blocking all IPs associated with someone they have deemed a spammer, Spamhaus is effectively stopping the person from making a living.

“Often, this user is an online professional and has only background in the IT sector …. So, essentially Spamhaus is asking this professional to take a 6-month haetus [sic] from work and still be able to pay their bills and feed their family. All without a trial, an appeals process, a vote, or even a chance to defend one's self or require them to support the claims.”

One example of the preemptive blacklisting with which Stophaus disagrees is that of an organization called Church of Common Good.

According to Stophaus, Spamhaus blocked the Church of Common Good’s IPs because a woman on its board was the girlfriend of a ROKSO listee.

According to Spamhaus, however, the Church of Common Good is/was a fake church set up by Andrew Stephens, a man Spamhaus contends is a spammer, to scam donations and avoid taxes.

Neither a message left on the Church of Common Good’s voicemail, nor an email sent to its published contact email address asking for comment was returned.

Attempts to access the home page resulted in a suspended-account message.

According to Spamhaus, Stophaus is Andrew Stephens’s creation.

According to the people who claimed to represent Stophaus to The Magill Report, Stophaus is not Andrew Stephens’s creation, but “approximately 50 active members at this time and the vast majority are ISPs and Tier 2 providers.”

When asked for specifics, Stophaus declined to name any members.

Steve Linford, chief executive of Spamhaus, said last week in an email exchange with the Magill Report that the attacks have stopped.

When asked if he thought that at least one of the people commenting on the Magill Report web site claiming to represent Stophaus was behind the attacks, he replied: “Yes. However he was not alone. I cannot comment more I'm afraid.”

[Editor’s note: In order to interview Stophaus, I had to set up a Magill Report web page for them and conduct the Q&A there. Here is a link to that page for anyone interested.]


Show: Newest | Oldest

Post a Comment
Your Name:
Please type the letters in the image above

Terms: Feel free to be as big a jerk as you want, but don't attack anyone other than me personally. And don't criticize people or companies other than me anonymously. Got something crappy to say? Say it under your real name. Anonymous potshots and personal attacks aimed at me, however, are fine.

Posted by: The STOPhaus Movement
Date: 2013-04-08 09:05:56
Subject: Mainstream Media Blitz is Absurd

HISTORY'S LARGEST CYBERATTACK ON SPAMHAUS ARE ONE BIG FAIL FROM EVERYONE INVOLVED! Come on, what did we really do bad? So we shut down a very popular anti-spam organization's public image for a few days and we supposedly made the lazy Brits at LINX actually fix the things that should have been done almost a decade ago. In the process we did not send any malware, viruses, trojans, keyloggers, or anything of the like. We did not btreak into any computers, steal any information, or scam anyone out of hard-earned money. We did not release classified documents, did not catch a senior official with their pants down, and did not break into a teenage celebrity's email account and jerk off to topless photos sent to some other dimwit teen idol. In all reality, we didn't even prevent Spamhaus' customers from accessing the RBL feeds. What did we do? Well, we did exactly what we wanted to. We wanted the world to know who Spamhaus was. We don't believe all publicity is good publicity in their case and that is what we got. We wanted to show Spamhaus how insulted people are that are falsely accused and then unable to be de-listed, as this has happened to far too many victims of this careless method of spam-fighting. We wanted to explore their vulnerabilities and to demonstrate that we, indeed could, drop their servers and anyone else's for that matter. Did we accomplish our goal. I would say we definitely exceeded it. The media has been ridiculous in all of this and I would have fired half my tech staff if I were Fox News or The New York Times. These fools grabbed the first press release and were spoon-fed a story by those that stood to make the most from it. How naive can you possibly be? The New York Times had an article out before we, the accused, even knew they were writing one. Talk about one-sided journalism. Then Bloomberg had the CEO of Cloudflare plugging his failed service so many times it sounded like a late-night infomercial from Kevin Trudeau. It was a sad show of circus freaks over-hyping an innocent protest that caused far less damages than it could have...and the could have part is what scares them. Yes, we could have taken out much of the web with the amount of open resources the admins left out there, after a 10 year head-start. Yes we could easily have dropped Cloudflare off the map and watched a million customers whine on Twitter. Yes, we could have shut LINX all the way down and heard all the pompous Brits cry that their Harry Potter wouldn't play. We could have done a lot of things...BUT WE DIDN'T! So, what then are the media and LEO crying about? It seems that they are whining about the fact that we are better and more equipped to fight a cyberwar than they will ever be and it scares the bejeezus out of them. Instead of being scared and pushing fear down the throats of the public as a tool to plug Spamhaus and Cloudflare, like they were successful at ANYTHING...we should be focused on plugging the holes that are still open and ready for exploitation. Spamhaus, who prides themselves on being white-hat, removed all of Cloudflare's SBL listings in exchange for a safe haven behind a reverse proxy. That's almost like The Fed going to the Mob for a loan. Cloudflare, who pride themselves on keeping websites up during DoS attacks had almost a million angry customers down from a DoS attack that wasn't even targeting them. In reality, this is one of the biggest fails in internet history. OpenDNS failed, Spamhaus failed and then ran for cover to one of their most scorned enemies, and Cloudflare wasn't able to keep some of their most valued assets together during the attack. All of that and all they want to talk about is the size of the attack and some hacker and his feud with Spamhaus. This is far bigger than the mainstream media will ever let it appear to be and the next attack will prove it. Close the gaps boys because we are about to bring in a bulldozer. STOPhate...STOPlibel...STOPhaus! - The STOPhaus Movement - We are Legion - We do not forget - We do not forgive - Spamhaus should have expected us!
Posted by: The STOPhaus Movement
Date: 2013-04-05 09:28:07
Subject: Spamhaus and Gmail

Gmail certainly DOES use Spamhaus and those who are "in the know" will be quick to tell you so. Laura Atkins from Word to the Wise, who is the wife of Steve Atkins (hosts the Spamhaus CBL at talks about the relationship several times on her blog including here;
Posted by: Ken Magill
Date: 2013-04-02 16:00:33
Subject: Small Detail

Thanks! Will fix immediately
Posted by: Small Detail
Date: 2013-04-02 15:58:45
Subject: Gmail

I don't believe Gmail uses spamhaus