DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted

Stophaus.com campaign and anarchic, allegedly pro-spam Dutch hosting provider have apparently been disrupted via ongoing DDoS attacks.



Anonymous: 10 Things We Have Learned In 2013 (click image for larger view and for slideshow)

Distributed denial-of-service (DDoS) attack proponents beware: Your own websites may also be targeted for disruption.

The anything-goes Dutch hosting provider CyberBunker, which has been accused of backing a DDoS disruption campaign against anti-spam site Spamhaus, as of Thursday morning found its own supposedly bulletproof website knocked offline, making it the apparent victim of a sustained DDoS attack.

That's an ironic twist for CyberBunker, which has been one of the most outspoken proponents -- and, some have alleged, sponsors -- of a week-long series of massive DDoS attacks against Spamhaus.

Attempts to reach CyberBunker for comment failed, in part because the company's Web-based contact form remained offline. Likewise, Sven Olaf Kamphuis, a spokesman for CyberBunker, didn't immediately respond to a message sent to his personal Facebook account, seeking comment about the apparent DDoS campaign targeting the hosting provider.

[ Meet the new cybercrime policy proposal, same as the old cybercrime policy proposal. See Tougher Computer Crime Penalties Sought By U.S. Legislators. ]

CyberBunker, which says it's headquartered in an ex-NATO "former military nuclear warfare bunker that is currently utilized as bulletproof data center," made a name for itself by advertising services to any website "except child porn and anything related to terrorism." The company previously gained notoriety for providing hosting to the Russian Business Network cybercrime gang, which the FBI ultimately helped dismantle.

Lately, CyberBunker has backed the so-called Stophaus.com campaign, which is designed to knock anti-spam organization Spamhaus offline. As of Thursday morning, however, the Stophaus.com website was also unreachable, with the homepage resolving to a page that read only "database error."

CyberBunker spokesman Kamphuis claimed that his company isn't responsible for the DDoS attacks that were first launched last week against Spamhaus. "Well, it's not us, it's a group of Internet providers which goes under the name Stophaus.com. It's basically a collective of a lot of people and Internet providers, and they've had previous issues or current issues with Spamhaus," Kamphuis told broadcaster Russia Today Wednesday. "Spamhaus pretends to be spam fighters, but effectively they're just a censorship organization which worked itself into a position where they can just look at a website and shut it down," he said.

But CyberBunker appears to have few backers outside of pro-spam circles. "These guys are just mad," Patrick Gilmore, chief architect at digital content provider Akamai Technologies told The New York Times. "To be frank, they got caught. They think they should be allowed to spam."

The target of the Stophaus.com campaign is the Spamhaus Project, which is based in Geneva and London, and which was founded in 1998 by Steve Linford. Currently it's run by about three dozen investigators and forensic specialists. Numerous service providers, as well as government and military network operators, rely on Spamhaus' real-time spam-blocking databases to help them block spam. "Spamhaus is directly or indirectly responsible for filtering as much as 80% of daily spam messages," according to Matthew Prince, CEO of DDoS prevention service CloudFlare, which last week announced that Spamhaus had become a customer.

The anti-spam operation evinces a blunt, take-no-prisoners attitude, which has included publishing names and photographs -- including images that appear to be family photos -- of people in its Register Of Known Spam Operations (ROKSO) database, which lists what it says are the world's top 100 spammers, collectively accounting for 80% of all spam. Spamhaus has also accused Andrew Jacob Stephens (aka Mail Mascot), who's listed in its ROKSO, as being the prime mover behind the Stophaus attacks. It also traced a fake Anonymous Operation -- Operation Stophaus -- supposedly launched last week, to Stephens.

1 of 2