Spamhaus cyber attacker operated from van: Police

Spanish police on Sunday said the man responsible for cyber attacks on the non-profit anti-spam group Spamhaus Project, conducted his operations from a van specially equipped for mobile computing.

Spanish authorities did not identify the 35-year-old suspect who was nabbed last Thursday, but said he was of Dutch nationality from Alkmaar, Netherlands and is believed to be the “organizer” of the distributed denial of services (DDoS) campaign against Spamhaus which caused a massive Internet service slowdown last month.

“National police agents have arrested in Granollers (Barcelona) the man responsible for what could be the largest denial of service cyber attack in history,” a statement from the La Policia Nacional of Spain. “The suspect was travelling across Spain in a van used as a mobile computing office.”
(Spamhaus cyber attack suspect arrested by Spanish police)

The police said the vehicle was equipped with “various antennas to scan frequencies.” A search of the suspect’s house also resulted in the seizure of two laptop computers and documents.

The arrest of the suspect was the result of a coordinated operation between countries affected by the cyber attacks which included Holland, the United Kingdom and the United States.
(Seized paraphernalia)


Slidehow: Behind the Spamhaus DDoS attack
Cyberbunker, Spamhaus feud causing Web slowdown?

Acting on information from Dutch authorities that the organizer of the attack was living in Spain, the Spanish police initiated its own investigations. The Technological Investigation Brigade of the Judicial Police Commission-General and the Police Headquarters of Catalonia were able to zero in on the suspect’s location and arrest him last week.

“Upon his arrest, the suspect claimed to be a diplomat and specifically the Minister of Telecommunications and Foreign Affairs of the Republic of Cyberbunker,” the police statement said.

Cyberbunker is a Dutch-based hosting site that takes its name from a decommissioned NATO bunker which it uses as a headquarters. Cyberbunker is thought to be the source of the DDoS attack on Spamhaus which began on March 19.

DDoS mitigation service provider CloudFlare, later confirmed the attack was a DNS reflection attack. Such an attack involves sending a request for information to an organization’s Domain Name Server, which then gets reflected to the victim. CloudFlare said more than 30,000 unique DNS resolvers each one sending about 2.5Mbps of data was used in the attack.

The result is an overload of computer system resources.

It was earlier reported that Cyberbunker launched the attack in retaliation for Spamhaus’ blacklisting of Cyberbunker. Spamhaus regularly lists databases of servers that are linked to spam and other online criminal activities.

In a statement to the BBC News last month, a person claiming to be a spokesman for Cyberbunker said Spamhaus had “overstepped” its bounds.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Article

ADaPT connects employers with highly skilled young workers

Help wanted. That’s what many tech companies across Canada are saying, and research shows that as the demand for skilled workers...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now