Spamhaus cyber attack latest in evolving Internet threats

If the headlines are to be believed, the Internet very nearly saw its apocalypse this past week, thanks to a massive cyberwar raging in Europe. Too bad it’s not very likely.

Both The New York Times and the BBC have stories on the battle between Spamhaus, a European group that helps fight spammers, and Cyberbunker, a Dutch web hosting company that will reportedly do business with anyone that isn’t a child pornographer or terrorist.

Cyberbunker apparently launched its denial-of-service attack – an effort to overwhelm internet servers with fake traffic – on Mar. 19, after being added to a list of spammers by Spamhaus. The size of the attack was unprecedented, the news outlets said, measuring six times larger than what targets -- such as financial institutions -- usually see.

Spamhaus works in conjunction with several big internet companies, including Google, to limit the effects of spam. The attacks were first reported last week by Silicon Valley security firm CloudFlare, which was enlisted by the European group to help in the fight. CloudFlare chief executive Matthew Prince likened the attacks to “nuclear bombs.”

The Times, meanwhile, says the clash has jammed “critical infrastructure” and slowed down the entire internet for millions of internet users, going so far as to affect services such as Netflix.

The underlying message is that ordinary users and businesses should be afraid – very afraid – because the bad guys’ weapons are getting more powerful and the Internet is constantly on the brink of breaking in spectacular fashion.

Threat or PR stunt?

Gizmodo writer Sam Biddle suggests this is all a giant lie – that there’s little evidence of Internet speeds and services being affected at all. He points to data from tracker Internet Traffic Report and Amazon’s cloud hosting to show that despite the attacks, it has pretty much been business as usual online.

The stories lack evidence from anyone without a financial stake in the situation, he writes: “There are zero credible reports, whatsoever, that Netflix went down. Not a single one.”

Indeed, when I contacted Google and Netflix for comment, both refused to confirm the veracity of the reports.

It might be a stretch to say it’s all a giant lie, since such attacks are in fact occurring all the time. Spam alone costs businesses more than $20 billion a year to fight, while a denial-of-service attack can run a company between $10,000 and $50,000 per hour. The sentiment, however, isn’t far off – any report of a digital Armageddon needs to be taken with a big grain of digital salt.

Using scare tactics to drum up business is a time-honored tradition in the security sector. Anti-virus pioneer John McAfee – who fled authorities in Belize last year in connection with murder and drug charges – famously rose to prominence and riches in the 1980s by frightening companies into buying his products, thereby creating a template for others to emulate.

In 1988, he was “telling the country that viruses were causing so much damage, some companies were ‘near collapse from financial loss,’” according to a recent Wired story. Ever since, McAfee and other vendors have routinely raised the specter of hugely destructive online threats, and when they didn’t come to pass, pointed to the efficacy of their own products as the reasons why.

While there’s no doubt that the size and power of online attacks is exponentially increasing, so too are the defenses against them. As far as the day-to-day operation of the internet is concerned, it’s a case of so far, so good, despite what the screaming headlines may say.