Article Lead Image

How a massive online war waged by Dutch ‘spammers’ could take down the Internet

A cyberwar between two Dutch entities produced the a DDoS attack large enough to threaten the infrastructure of the Internet. 


[email protected]

Internet Culture

Posted on Mar 27, 2013   Updated on Jun 1, 2021, 8:18 pm CDT

From our friends at

If your Netflix has been slow lately, it’s because of a bunch of pissed-off Dutch guys in a five-story bunker. A massive online war between a Web hosting company based out of a NATO bunker in Holland and an international anti-spam organization has spilled over to the rest of the internet, causing widespread delays—and potentially escalating to the point where email and online banking could become inaccessible.

The attack, which exploits the very infrastructure of the Internet to create the largest DDoS attack ever seen, was launched earlier this month by Cyberbunker, a hosting company known for taking on controversial clients (it brags it’ll host any kind of site “except child porn and anything related to terrorism”), against The Spamhaus Project, which compiles blacklists of spammers for email providers. Spamhaus added Cyberbunker to its list a few weeks ago; Cyberbunker objected and, as is often the case, responded with a DDoS attack. Only this time they went nuclear:

The so-called distributed denial of service, or DDoS, attacks have reached previously unknown magnitudes, growing to a data stream of 300 billion bits per second. “It is a real number,” Mr. Gilmore said. “It is the largest publicly announced DDoS attack in the history of the Internet.” […]

In the past, blacklisted sites have retaliated against Spamhaus with denial-of-service attacks, in which they flood Spamhaus with traffic requests from personal computers until its servers become unreachable. But in recent weeks, the attackers hit back with a far more powerful strike that exploited the Internet’s core infrastructure, called the Domain Name System, or DNS. […]

In the latest incident, attackers sent messages, masquerading as ones coming from Spamhaus, to those machines, which were then amplified drastically by the servers, causing torrents of data to be aimed back at the Spamhaus computers.

Because DNS servers are required for the internet to function, those machines can’t be taken down as a way of stopping the attack. “The only way to deal with this problem is to find the people doing it and arrest them,” security researcher Dean Kamintsky tells the Times; when those people are locked in a bunker, arresting them is a slightly more difficult proposition. (“Dutch authorities and the police have made several attempts to enter the bunker by force,”Cyberbunker claims, dubiously. “None of these attempts were successful.”)

Cyberbunker and its allies, for their part, believe themselves to be standing up against a dangerous vigilante group. “Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,” says attacker spokesman Sven Olaf Kamphuis. Welcome to Cyberwar, 2013: Dutch dudes slowing down your Netflix.

[NYTimages via Wikipedia]

By Max Read

Share this article
*First Published: Mar 27, 2013, 5:15 pm CDT