Security Advisor

Spamhaus DDoS Attacker Arrested

Here's a tip, don't try to make up a fake diplomat title to get out of being arrested.

Police in Spain on Friday have apprehended a suspect in the largest distributed denial of service (DDoS)  attack in history.

The suspect, a 35-year-old Dutch man that has only been identified as "S.K" is believed to be responsible for flooding Spamhaus, an online spam advocacy group, with a 3000 Gbps attack in March that would have brought down even the mightiest Web site to its knees.

The arrest came after a 25-day coordinated investigation between different European Union law enforcement agencies in which the suspect was pinpointed  22 miles north of Barcelona in the town of  Grannolers.

And what's interesting is that he is believed to have perpetrated this and many previous online attacks from a mobile office located in his van. Investigators said the vehicle was "equipped with various antennas to scan frequencies" that was used to access Wi-Fi networks.

When arrested, the Dutch man told authorities that he was a "diplomat" and even gave himself the bogus title of Minister of Telecommunications and Foreign Affairs for the Republic of CyberBunker.  

Doing a quick search, I learned that CyberBunker is an actual business (or, more appropriately, a front company for cyber crime) that is located in a decommissioned NATO  nuclear warfare bunker in the Netherlands.

By day, the company's Web site said it provides Web hosting and datacenter services. However, it doesn't hide the fact that it routinely participates in online attacks, and has even chronicled the Spamhaus saga on its home page.

In a written message on its Web site, CyberBunker  said that Spamhaus blacklisted the company due to its somewhat open hosting policy  that many believed included turning a blind eye to those using its services to host spam. Apparently, as long as it did not include child pornography or terrorism, CyberBunker had no problem hosting for whatever its clients wanted.

"According to Spamhaus, CyberBunker is designated as a 'rogue' host and has long been a haven for cybercrime and spam," said the company.  "Of course Spamhaus has not been able to prove any of these allegations."

And, of course, the company has kept quiet on its involvement in the DDoS attack.

Getting back to the attacker, while officials have kept his identity unknown , security blogger Brian Krebs said the man is most likely one Sven Olaf Kamphuis.

"The attack on Spamhaus was the subject of a New York Times article on Mar. 26, 2013, which quoted Mr. Kamphuis as a representative of Cyberbunker and saying, 'We are aware that this is one of the largest DDoS attacks the world had publicly seen,'" wrote Krebs in a blog post. "Kamphuis also reportedly told The Times that Cyberbunker was retaliating against Spamhaus for 'abusing their influence.'"

S.K. will now be extradited to the Netherlands in the next few days for formal charges.

 

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • What Money in Excel Means for the Future of Microsoft 365 Apps

    Microsoft's new personal finance tool hints at what's in store for next-generation Office applications, from more third-party integrations to subscription requirements.

  • Microsoft Buys Orions Systems To Enhance Vision AI Capabilities in Dynamics 365

    Microsoft announced on Tuesday that it has acquired Orions Systems with the aim of enhancing Dynamics 365 capabilities, as well as the Microsoft Power Platform.

  • Microsoft Hires Movial To Build Android OS for Microsoft Devices

    Microsoft has hired the Romanian operations of software engineering and design services company Movial to develop an Android-based operating system solution for the Microsoft Devices business segment.

  • Microsoft Ending Workflows for SharePoint 2010 Online Next Month

    Microsoft on Monday gave notice that it will be ending support this year for the "workflows" component of SharePoint 2010 Online, as well as deprecating that component for SharePoint 2013 Online.

comments powered by Disqus

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.