Cyber War Over Spam Slows Access for Internet Users
RAY SUAREZ: Finally tonight: an online spat that's causing havoc around the World Wide Web.
Hari Sreenivasan has the story.
HARI SREENIVASAN: One company fights spam; the other is said to be behind sending those pesky e-mails. A dispute between the two has led to one of the largest reported cyber-attacks in Internet history, the result, widespread congestion that's slowing access for millions of users to sites like Netflix.
Nicole Perlroth has been covering the story for The New York Times, joins me now.
Thanks for being with us.
NICOLE PERLROTH, The New York Times: Thanks for having me.
HARI SREENIVASAN: All right, so let's kind of set the table here. What is happening in this particular cyber-attack?
NICOLE PERLROTH: It's very technical, but, essentially, what happened was this group that sends out a black list of spammers to e-mail providers so that they can block the spammers blocked a group called Cyberbunker, which hosts website anonymously. They say that they will host anything with the exception of child pornography and terrorists.
So, shortly after this happened, you saw Spamhaus, this volunteer anti-spam group, get hit with what are called denial of service attacks, where an attacker will just flood a site with data requests until it collapses under the load.
So, Spamhaus enlisted another company here in Silicon Valley called CloudFlare that specifically mitigates against these types of attacks. And what the attackers did then has since almost slowed -- not almost -- it has slowed Internet connections and brought up error messages for hundreds of millions of Internet users around the world.
The way they were able to do this was very technical, but essentially they were able to exploit some of the best and worst elements of the Internet. So, the Internet by default is set up in a way that it's open and it's loosely regulated, but it runs on servers that accept data requests from anywhere.
And what the attackers did was they essentially pretended to be this group Spamhaus, and sent millions of data requests to servers all over the world that then amplified them and sent that traffic back to the victim, in this case Spamhaus, CloudFlare, the company that was trying to help it, and even some of the Internet services that help CloudFlare.
In the process, they consumed huge amounts of bandwidth and resources from servers all over the globe. And, as a result, you saw these Internet connections slow for hundreds of -- hundreds of millions of people around the world.
HARI SREENIVASAN: OK. So give us some sense of scale or perspective. We have heard a lot about these denial of service attacks, especially from one government to another. Is this bigger?
NICOLE PERLROTH: It is bigger.
So, starting last September, we have been covering attacks that government officials say are coming from Iran, although we don't know this for sure yet, aimed at American banks. And they have intermittently taken American banks offline, starting last September.
The amount of traffic that we have seen in the last couple of weeks that has escalated from this war between these two companies is what Internet security specialists say is five times bigger in strength than some of the attack traffic that was hitting those banks.
Now, just for some added context here, the attack traffic that was hitting those banks is almost 12 times more powerful than the amount of traffic that Russia directed at a similar attack on Estonia in 2007 which almost crippled Estonia. So when you look at it in that context, this is a very large attack. Internet security folks are saying that this is the largest such attack of its kind that we have ever seen on the Internet.
HARI SREENIVASAN: So if this is some sort of gang war between these two companies, why are we all getting caught in the crossfire?
NICOLE PERLROTH: That's right.
They have been able to exploit these servers around the world that are designed to accept data requests from anywhere. And partly because they have been set up in such a way to accept data requests from anywhere, you can't just easily shut them down. I mean, they're directing this traffic through million servers around the globe, and if you were going to just shut down these servers, you would effectively halt the Internet.
So, one of the problems here is that those servers have been configured to accept traffic from anywhere, instead of filtering them to see if the traffic is legitimate. And that problem is called open resolvers. So, this has been a problem that has been well known in the Internet security community since at least the year 2000, when a bunch of Internet security specialists got together and put together a document of best practices on how to solve this problem.
The problem is that companies, and even people at home, aren't checking their systems properly to make sure that traffic leaving their systems is actually coming from them, instead of someone else spoofing their system, which is what the attackers were doing in this case.
HARI SREENIVASAN: All right. Now, very briefly, I want to ask you, is there anything we can do about this?
NICOLE PERLROTH: There is.
It's just going to take a while. Like I said, it's a problem that we have known about since 2000.
HARI SREENIVASAN: Yes.
NICOLE PERLROTH: And, unfortunately, you know, it's going to take a lot of awareness for people to realize that just having their systems open like this and not configuring them properly can cause an attack of this magnitude.
HARI SREENIVASAN: All right.
NICOLE PERLROTH: So, hopefully, we're drawing awareness to it, but it is one of the first times we have seen how this could be exploited.
HARI SREENIVASAN: OK. Nicole Perlroth of The New York Times, thank you.
NICOLE PERLROTH: Thank you.