Spamhaus accuses Cyberbunker of massive cyberattack

I see reports of cyber-attacks every day. But those at the front lines are telling me that yesterday’s Denial of Service attack against the Spamhaus email anti-abuse blacklist is genuinely something out of the ordinary.

Spamhaus are some of the good guys that work to keep email usable, despite the efforts of the people who send spam.

Spam is not just a nuisance, it is the tool of choice for Internet criminals who send out malware and viruses, recruiting money movers and parcel reshippers for their criminal ventures. They sell a lot of drugs as well.

According to Spamhaus, the source of the attack is Cyberbunker, an organization based in the Netherlands. Originally built as a nuclear warfare bunker, and sold off as surplus, the Cyberbunker has been at the center of a lot of unsavory activities, and some that are just plain weird.

Computer code via Shutterstock

Computer code via Shutterstock

About ten years ago, there was a big debate over the management of the core naming system of the Internet, the DNS. The DNS is the infrastructure that connects a name such as to an Internet address. For historical reasons, the DNS is currently under the defacto control of the US government, which has devolved some (but not all) management responsibility to an organization called ICANN, which is in theory independent.

There are of course many good reasons why other governments would get concerned about this situation.  In 2004, the government of Turkey (or at least one part of it) got so concerned as to decide to transfer control of the DNS root for Turkey to an organization calling itself ‘Public Root,’ that operated out of the Cyberbunker. According to some reports, the plan was very close to being put into action, only to be thwarted at the last moment when a fire broke out in another part of the Cyberbunker, and the police discovered a lab making ecstasy in the bunker while the fire was being put out.

According to its manifesto, the Cyberbunker will accept any type of business, other than child pornography and anything related to terrorism. One of the groups hosted at the Cyberbunker was the Russian Business Network (RBN), a notorious organized crime ring that the Russian authorities were finally forced to break up in 2007 after a story in The Economist.

A group claiming to own the Cyberbunker has published what purports to be a declaration of independence. Rather more substantial than their legal arguments, however, are the five-foot thick concrete walls of the bunker. This could end very badly indeed.

Share This Post

5 Responses to “Spamhaus accuses Cyberbunker of massive cyberattack”

  1. HeartlandLiberal says:

    I was shocked at the vehement denunciations from some quarters painting Spamhaus as a vigilante organization. This included commentary by pundits on the Internet, whose opinions I normally seek out and respect. My response to such accusations?

    I am retired now, and I gave up on participating in the fight against spam email years ago,
    but for many years was very active in efforts to fight it. I can only
    say that Spamhaus and Steve Linford have a pretty much unassailable
    reputation for legitimacy. They do not block without
    hard, extensive evidence that the IP numbers being blocked are, indeed,
    the source of illegitimate spam email of a significant degree. There
    has never been any case or evidence in which they have been shown to
    have added IPs to their blocklist that did not
    flat deserve to be there.

    That is why legitimate organizations and corporations worldwide use the
    resources of Spamhaus as one of their defenses against spam.

    Even on my own private email server, which is low traffic, and hosts
    maybe 70 or so accounts, I would be inundated with spam email if I did
    not include a DNSBL line my sendmail config to staunch the onslaught.

    Spamhaus does NOT represent “vigilante justice”. Spamhaus is a carefully
    researched service that identifies and publishes information on
    spammers, who in case your readers have forgotten, are one sorry, vile
    lot of criminals.

    And also, FWIW, I might just point out that Spamhaus is not blocking
    those IPs. They publish the information. And corporations and
    individuals worldwide choose to reference those lists in their email
    filtering. If those corporations and individuals are dissatisfied
    with the service, or felt it was unjustly blocking and interfering with
    legitimate email sources, they would drop use of the blocklist in a

    So, as far as I am concerned, let me just one more time say thanks to
    Spamhaus and Steve Linford, and for the combined ZEN blocklist that
    helps keep my little personal server from melting, and let me stop
    trying to keep my own IPTABLE rules blocking half the
    world just so I could have viable email.

    Also, one historical note. While still active in the anti-spam community, I became a target of a spammer, who reverse forged a massive spam run as appearing to come from my work address. My inbox was flooded with between 30,000 and 40,000 BOUNCED undeliverable emails over the next week or so. So you can only imagine the magnitude of the actual spam run with deliverable addresses. The mail server guys were on the verge of just giving up and me getting a new address when the run faded away. But it was, to say the least, an interesting experience of the magnitude of the problem, and the willingness of the spammers to commit criminal acts.

  2. benb says:

    It would be a lot of help if hotmail/gmail/yahoo/…etc would simply put one of my email accounts on a mail server that didn’t accept mail from any source other than one in the US. Even better if they would scan the email headers for any ip address that’s not in the USA and trash it (look at the ‘Received-from …[ip-address]’ email header). If I get spam from a US source, I have some recourse…if it’s from Latin America, Russia, Asia, India, etc….forget it.

  3. MyrddinWilt says:

    That is quite possible. The attack is being mounted from hijacked computers round the globe. If your local net has several of them on it they can be cause collateral damage.

    There are parts of the net that can take that type of load. Spamhaus isn’t one of them.

  4. BeccaM says:

    Pretty sure the cyberattack has been affecting our connectivity here. Lots of drop-outs and DNS routing errors.

  5. Indigo says:

    Whoa! It’s war? Bring it on!

© 2020 AMERICAblog Media, LLC. All rights reserved. · Entries RSS