By the Blouin News Technology staff

Spamhaus’ DDoS attack: true harm or just hype?

by in Media Tech.

A man passes Communications House, a building listed as containing an office of the Spamhaus Project Ltd, in London March 27, 2013.

Communications House, listed as containing an office of the Spamhaus Project Ltd. REUTERS/Luke MacGregor

On March 27, a cyberattack reported by Geneva-based spam-detection group Spamhaus hit international media sources — the start of a large blackout that affected internet users around the world (although the attack had actually begun March 18, its effects were not widely reported until this week). For a number of hours into March 28, sites around the world and various internet services felt a lag attributed to the broad blackout, but ultimately the lasting effects of the attack seem to have been blown out of proportion through media coverage — as the tech world is wont to do.

Yes, reports quoted Spamhaus’ chief executive Steve Linford as noting that the group had been “under this cyberattack for well over a week” and that maintaining uptime had been a huge undertaking while international investigations took place. Sure, it caused wider-ranging blips to website uptime including the usually imperturbable streaming behemoth Netflix. True, its aftershocks are still being reported and  its origins still investigated; the full extent of the damage is not yet known.  But that hardly justifies report after report topped with headlines suggesting a global digital shutdown was in process. As internet security protection company Kaspersky Labs Global Research told various outlets, for an attack to have a tangible effect on large portions of global internet usage, it would have to be much more massive than the one pitted against Spamhaus. What hit Spamhaus hardly seems to justify the moniker “one of the largest computer attacks on the internet”, bestowed on it by The New York Times and others, when it simply shocked with its speed: The scale of the attack was confirmed at 300 Gigabits per second, while typical cyber attacks occur at 50 Gigabits per second.

While the attack was of a rare aggression and persistence — as described by CloudFlare, which provides network security for Spamhaus, explaining how it spread from bandwidth-consumer to bandwidth-provider with growing intensity — the majority of global internet users seem to have gone unaffected. Certainly internet congestion in such capacity is nothing to sniff at, and techies are on high alert these days for notices of cyber-terrorism after South Korea’s recent bank blackouts and dicey cyber-related exchanges between the U.S. and China, but the viciousness of the Spamhaus attack was containable, and could just be another product of amplified tech scuttlebutt. Let us not forget that firms like CloudFlare — which make their living off of protecting companies from harmful cyber attacks — stand to benefit from boasting of their abilities to fight “the largest DDoS attack in history.” And when techies fear for the safety of their networks — their internet, the very connection that makes possible their livelihoods — and it combines with the global reach of today’s online media, the resulting sensational news proliferation is akin to, oh, let’s say, a cyber attack.