LONDON (AP) — A record-breaking cyberattack targeting an anti-spam watchdog group has sent ripples of disruption coursing across the Web, experts said Wednesday.
Spamhaus, a site responsible for keeping ads for counterfeit Viagra and bogus weight-loss pills out of the world's inboxes, said it had been buffeted by the monster denial-of-service attack since mid-March, apparently from groups angry at being blacklisted by the Swiss-British group.
"It is a small miracle that we're still online," Spamhaus researcher Vincent Hanna said.
Denial-of-service attacks overwhelm a server with traffic — like hundreds of letters being jammed through a mail slot at the same time. Security experts measure those attacks in bits of data per second. Recent cyberattacks — like the ones that caused persistent outages at U.S. banking sites late last year — have tended to peak at 100 billion bits per second.
But the furious assault on Spamhaus has shattered the charts, clocking in at 300 billion bits per second, according to San Francisco-based CloudFlare Inc., which Spamhaus has enlisted to help it weather the attack.
"It was likely quite a bit more, but at some point measurement systems can't keep up," CloudFlare chief executive Matthew Prince wrote in an email.
Patrick Gilmore of Akamai Technologies said that was no understatement.
"This attack is the largest that has been publicly disclosed — ever — in the history of the Internet," he said.
It's unclear who exactly was behind the attack, although a man who identified himself as Sven Olaf Kamphuis said he was in touch with the attackers and described them as mainly consisting of disgruntled Russian Internet service providers who had found themselves on Spamhaus' blacklists. There was no immediate way to verify his claim.
He accused the watchdog of arbitrarily blocking content that it did not like. Spamhaus has widely used and constantly updated blacklists of sites that send spam.
"They abuse their position not to stop spam but to exercise censorship without a court order," Kamphuis said.
Gilmore and Prince said the attack's perpetrators had taken advantage of weaknesses in the Internet's infrastructure to trick thousands of servers into routing a torrent of junk traffic to Spamhaus every second.
The trick, called "DNS reflection," works a little bit like mailing requests for information to thousands of different organizations with a target's return address written across the back of the envelopes. When all the organizations reply at once, they send a landslide of useless data to the unwitting addressee.
Both experts said the attack's sheer size has sent ripples of disruptions across the Internet as servers moved mountains of junk traffic back and forth across the Web.
"At a minimum there would have been slowness," Prince said, adding in a blog post that "if the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why."
At the London Internet Exchange, where service providers exchange traffic across the globe, spokesman Malcolm Hutty said his organization had seen "a minor degree of congestion in a small portion of the network."
But he said it was unlikely that any ordinary users had been affected by the attack.
Hanna said his site had so far managed to stay online, but warned that being knocked off the Internet could give spammers an opening to step up their mailings — which may mean more fake lottery announcements and pitches for penny stocks heading to people's inboxes.
Hanna denied claims that his organization had behaved arbitrarily, noting that his group would lose its credibility if it started flagging benign content as spam.
"We have 1.7 billion people who watch over our shoulder," he said. "If we start blocking emails that they want, they will obviously stop using us."
Gilmore of Akamai was also dismissive of the claim that Spamhaus was biased.
"Spamhaus' reputation is sterling," he said.
Earlier on HuffPost:
The Japanese government counter-terrorism practice of <a href="http://www.reuters.com/article/2007/11/20/us-japan-fingerprinting-idUST23858020071120" target="_hplink">fingerprinting foreigners who enter the country</a> may have inspired Doctor Tsutomu Matsumoto to invent "fingerprinting gels", a way of <a href="http://cryptome.org/gummy.htm" target="_hplink">faking fingerprints for scanners</a>. <a href="http://www.dansdata.com/uareu.htm" target="_hplink">Learn how</a> to make your own here.
White Noise Generator
Worried someone around you is <a href="http://articles.businessinsider.com/2011-07-28/strategy/29998051_1_bank-employee-consent-conversation" target="_hplink">secretly recording everything you do?</a> No fear! There's a relatively low-tech way to defeat such snoops, via white-noise-producing <a href="http://www.amazon.com/Productive-Home-Security-Prducts-Jammer/dp/B002PJ7PYS" target="_hplink">audio jammers</a>. These tiny devices use good ol' white noise to blur the sound picked up by hidden microphones and other surreptitious recording devices.
<a href="http://www.technologyreview.com/view/421768/silence-smart-phones-at-thanksgiving-dinner-with/" target="_hplink">MIT's Technology Review</a> calls it the newest, hottest Thanksgiving accessory -- but you can use phone-size "<a href="http://en.wikipedia.org/wiki/Faraday_cage" target="_hplink">Faraday cages</a>" like this (sold by <a href="http://www.uncommongoods.com/product/phonekerchief?9gtype=search&9gkw=phone kerchief&9gad=6315569457&gclid=CKWq9s2krLICFcRM4AodwDoAAw" target="_hplink">uncommongoods</a>) to block your cellphone's call signal, WiFi and GPS. Handy now that<a href=" http://arstechnica.com/tech-policy/2012/08/federal-court-rules-cops-can-warantlessly-track-suspects-via-cellphone/" target="_hplink"> federal courts are ruling that cops can track suspects via cellphone sans warrant</a>, and <a href="http://www.zdnet.com/apple-patent-could-remotely-disable-protesters-phone-cameras-7000003640/" target="_hplink">Apple can remotely disable your phone camera with a click</a>. As security researcher <a href="http://nplusonemag.com/leave-your-cellphone-at-home" target="_hplink">Jacob Appelbaum said in an interview with N+1 back in April</a>, "Cell phones are tracking devices that make phone calls." So shouldn't you be prepared for when you <em>don't</em> want to be tracked?
Hidden cameras got you down? Blind them all with a simple baseball cap lined with infrared LEDs. <a href="http://creator.wonderhowto.com/amiehold/" target="_hplink">Amie, a hacker on WonderHowTo</a>, shows the world <a href="http://mods-n-hacks.wonderhowto.com/how-to/make-infrared-mask-hide-your-face-from-cameras-201280/#" target="_hplink">how to make one</a>, while <a href="http://translate.google.com/translate?u=http%3A%2F%2Fwww.oberwelt.de%2Fprojects%2F2008%2FFilo%2520art.htm&langpair=de%7Cen&hl=en&ie=UTF8" target="_hplink">this German art exhibition</a> lays out how these ingenious devices work.
These receivers reveal the telltale electronic crackle of hidden mics and cameras. Strangely enough, they were around long before "surveillance culture" became a <a href="http://digitalcommons.law.yale.edu/ylsspps_papers/64/" target="_hplink">common phrase</a>. Today they're sold in all sorts of <a href="http://www.gadget-playground.com/bug-detection.html" target="_hplink">shops for surveillance paranoids</a>.
Sometimes hiding your face isn't enough; sometimes you don't want to be seen at all. For those days, there's camera maps. The <a href="http://www.mediaeater.com/cameras/locations.html " target="_hplink">NYC Surveillance Camera Project</a> is currently working to document the location of and working status of every security camera in New York City. This project has been replicated by others in <a href="http://www.notbored.org/boston.html" target="_hplink">Boston</a>, <a href="http://www.notbored.org/chicago-SCP.html" target="_hplink">Chicago</a> and <a href="http://www.bloomingtonsecuritycameras.com/map.html" target="_hplink">Bloomington</a>, Indiana. <a href="http://www.notbored.org" target="_hplink">Notbored.org</a> has even published a guide to making your own surveillance camera maps (<a href="http://www.notbored.org/map-making.html " target="_hplink">here</a>).
Credit to artist <a href="http://ahprojects.com/" target="_hplink">Adam Harvey</a> for this one. Inspired by the <a href="http://www.bobolinkbooks.com/Camoupedia/DazzleCamouflage.html" target="_hplink">"dazzle camouflage" </a>used on submarines and warships during World War I, he designed a series of face paint principles meant to fool the facial recognition schemas of security cameras. Check out <a href="http://dismagazine.com/dystopia/evolved-lifestyles/8115/anti-surveillance-how-to-hide-from-machines/ " target="_hplink">The Perilous Glamour of Life Under Surveillance</a> for some tips on designing your own camera-fooling face paint.
Walmart may be the premier symbol of corporate America, but its disposable cellphone selection can help you start a thoroughly maverick lifestyle. <a href="http://www.walmart.com/ip/TracFone-Samsung-S125G-Prepaid-Cell-Phone-Bundle/20933059" target="_hplink">$10 TracFones</a> work on most major networks, including <a href="http://www.prepaidphonenews.com/2011/12/how-to-get-tracfone-net10-or-straight.html" target="_hplink">AT&T, T-Mobile, Sprint and Verizon</a>, and come with minutes prepaid so you can dispose of the devices when you're done.
Radio-Frequency Identification (RFID) chips are now <a href="http://electronics.howstuffworks.com/gadgets/high-tech-gadgets/rfid.htm" target="_hplink">regularly implanted</a> in passports, ID cards, credit cards and travel papers. These tiny chips make machine-reading your documents easier -- but could also let anyone with the right type of scanner <a href="http://articles.cnn.com/2006-07-10/tech/rfid_1_rfid-industry-rfid-journal-rfid-chips?_s=PM:TECH " target="_hplink">scrape your information <em>and</em> track your whereabouts</a>. Luckily, gadget geeks have come to the rescue again, this time with<a href="http://www.thinkgeek.com/product/8cdd/" target="_hplink"> RFID-blocking wallets</a>. Working on the same principle as the "phonekerchief", these wallets create a Faraday cage around your items, keeping their data secure until you take them out to be scanned where they're supposed to be scanned. Destroying the chip is simpler: <a href="http://www.instructables.com/id/How-to-blockkill-RFID-chips/" target="_hplink">just nuke it in the microwave for five seconds</a>. Of course, whatever you're microwaving might <a href="http://www.youtube.com/watch?v=4_5UYcyO3Pg" target="_hplink">burst into flames</a> first...