Sven Olaf Kamphuis is accused of global cybercrime, but Spanish police found him in a squalid flat with his name on the letterbox

Kamphuis, 35, is one of the most controversial characters in the murky world of spam and hacking – deemed the internet’s public enemy number one by some, though others believe his reputation has been blown out of proportion by the grandstanding of his foes.

he allegedly masterminded a flurry of March internet attacks that the security company CloudFlare claimed “almost broke the internet”,

Kamphuis displayed a Napoleonic sense of grandeur. “He claimed he had diplomatic status,” said the Spanish police officer who led the operation, but asked not to be named. “He said he was the telecommunications minister and foreign minister of a place called the Cyberbunker Republic. He didn’t seem to be joking.”

Britain, the United States and Germany were all affected by the massive denial of service attacks that he launched.

“The van was fitted out as a mobile office from which he could launch his attacks.”

The result was what the New York Times called an attack of previously “unknown magnitudes”, producing a 300bn-bits-per-second data stream that targeted the British and Swiss-based anti-spam operator Spamhaus and its allies. This had reportedly blacklisted his CB3ROB/Cyberbunker company

the huge number of spammers he hosts has led even hacktivists sympathetic to his pro-Pirate party, Anonymous and Julian Assange’s stance to question his real activities.

If this was one of the most successful spammers in history, why was he living in a squalid flat and a camper van?

The Dutch police have confirmed the arrest of man suspected of taking part in a massive DDoS attack against the anti-spam group Spamhaus back in March.

The 35 year-old man is a Dutch national but was arrested at his home in Barcelona under a European arrest warrant, the Netherlands National Prosecution Office told the BBC.

Although the identity of the man hasn’t been released it has been suggested that he’s Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker, which has been feuding with Spamhaus for years and is claimed by some to be responsible for the DDoS attack.

my site mistakes in web design

A little more than a year ago, details emerged about an effort by some members of the hacktivist group Anonymous to build a new weapon to replace their aging denial-of-service arsenal. The new weapon would use the Internet’s Domain Name Service as a force-multiplier to bring the servers of those who offended the group to their metaphorical knees.

an attack using the technique proposed for use in that attack tool and operation—both of which failed to materialize—was at the heart of an ongoing denial-of-service assault on Spamhaus, the anti-spam clearing house organization. And while it hasn’t brought the Internet itself down, it has caused major slowdowns in the Internet’s core networks.

DNS Amplification (or DNS Reflection) remains possible after years of security expert warnings. Its power is a testament to how hard it is to get organizations to make simple changes that would prevent even recognized threats.

But thanks to public cloud services, “bulletproof” hosting services, and other services that allow attackers to spawn and then reap hundreds of attacking systems, DNS amplification attacks can still be launched at the whim of a deep-pocketed attacker—like, for example, the cyber-criminals running the spam networks that Spamhaus tries to shut down.

on some networks, the DNS resolver closest to the requesting application doesn’t handle all that work. Instead, it sends a “recursive” request to the next DNS server up and lets that server handle all of the walking through the DNS hierarchy for it

To save time, DNS requests don’t use the “three-way handshake” of the Transmission Control Protocol (TCP) to make all these queries. Instead, DNS typically uses the User Datagram Protocol (UDP)—a “connectionless” protocol that lets the server fire and forget requests.

That makes the sending of requests and responses quicker—but it also opens up a door to abuse of DNS that DNS amplification uses to wreak havoc on a target. All the attacker has to do is find a DNS server open to requests from any client and send it requests forged as being from the target of the attack. And there are millions of them.

The “amplification” in DNS amplification attacks comes from the size of those responses. While a DNS lookup request itself is fairly small, the resulting response of a recursive DNS lookup can be much larger. A relatively small number of attacking systems sending a trickle of forged UDP packets to open DNS servers can result in a firehose of data being blasted at the attackers’ victim.

A “root hint” request—sending a request for name servers for the “.” domain—results in a response 20 times larger than the packet the request came in. That’s in part thanks to DNS-SEC, the standard adopted to make it harder to spoof DNS responses, since now the response includes certificate data from the responding server.

There’s been a proposal on the books to fix the problem for nearly 13 years—the Internet Engineering Task Force’s BCP 38, an approach to “ingress filtering” of packets.

ISPs generally do “egress filtering”—they check outbound traffic to make sure it’s coming from IP addresses within their network. This prevents them from filling up their peering connections with bad traffic

Another possible solution that would eliminate the problem entirely is to make DNS use TCP for everything—reducing the risk of forged packets. DNS already uses TCP for tasks like zone transfers. But that would require a change to DNS itself, so it’s unlikely that would ever happen, considering that you can’t even convince people to properly configure their DNS servers to begin with.

The 7 Deadly Syns of a DDoS Attack
1. Distraction – IT personnel tied up addressing the attack
2. Interference – Larger number of help desk calls
3. Toil – Extra manual work to re-enter transactions
4. Disruption – Lost employee output
5. Expense – Increased SLA Credit payments
6. Deprivation – Current and prospective business loss
7. Disgrace – Reputation impact

Source: http://exclusive-networks.mailpv.net/a/s/10044338-6f028429c318bc9712facf566cadde2e/322561

Depending on who you believe, the week long Spamhaus-Cyberbunker cyberattack we covered Wednesday was either a threat to the Internet itself or hyped up by an overzealous security vendor. Either way, it was still serious business.

distributed denial-of-service assaults that aim to knock target computers off the Internet — are real, and have been on the rise since 2010.

This week’s attack was more than 300Gbps — way above the norm, in other words.

That’s because the attackers actually co-opted part of the Internet’s basic infrastructure — the Domain Name System, or DNS — in such a way as to greatly amplify the firehose stream of data they were directing at target computers.

Holden says DNS is becoming an increasingly popular target for DDoS. As many as 27 million DNS servers across the Internet are “open” in a way that allows them to be hijacked this way.

The attack method is to send queries to open name servers from fake network address. The attacker found the victim’s address, the name of the server to send back messages bombarding the victim’s address until the attack on the victim’s overloaded servers.

The attacks was organized by Stophaus Movement group, which includes operators that think they are wrongly placed on blacklist.

Dutch telecom operator Cb3robin representative Sven Kamphuis says the news service Idgns for that he is not Spammer and there is no one else Stop Haus member. Kamphuis says Spam Haus are acting as if it were the internet police.

Source: http://www.tietoviikko.fi/kaikki_uutiset/operaattorit+tunnustivat+tilanneensa+jattimaisen+nettihyokkayksen+verkkorikollisilta/a890644?s=r&wtm=tietoviikko/-28032013&

A squabble between a group fighting spam and a Dutch company that hosts Web sites said to be sending spam has escalated into one of the largest computer attacks on the Internet, causing widespread congestion and jamming crucial infrastructure around the world.

Millions of ordinary Internet users have experienced delays in services like Netflix or could not reach a particular Web site for a short time.

Spamhaus’s role was to generate a list of Internet spammers.
Of Cyberbunker, he added: “These guys are just mad. To be frank, they got caught. They think they should be allowed to spam.”

“We are aware that this is one of the largest DDoS attacks the world had publicly seen.”

“Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet,”

“You can’t stop a DNS flood by shutting down those servers because those machines have to be open and public by default. The only way to deal with this problem is to find the people doing it and arrest them.”