Spamhaus cyber attacker operated from van: Police

11 years ago

Spanish police on Sunday said the man responsible for cyber attacks on the non-profit anti-spam group Spamhaus Project, conducted his operations from a van specially equipped for mobile computing.

Spanish authorities did not identify the 35-year-old suspect who was nabbed last Thursday, but said he was of Dutch nationality from Alkmaar, Netherlands and is believed to be the “organizer” of the distributed denial of services (DDoS) campaign against Spamhaus which caused a massive Internet service slowdown last month.

“National police agents have arrested in Granollers (Barcelona) the man responsible for what could be the largest denial of service cyber attack in history,” a statement from the La Policia Nacional of Spain. “The suspect was travelling across Spain in a van used as a mobile computing office.”

(Spamhaus cyber attack suspect arrested by Spanish police)

The police said the vehicle was equipped with “various antennas to scan frequencies.” A search of the suspect’s house also resulted in the seizure of two laptop computers and documents.

The arrest of the suspect was the result of a coordinated operation between countries affected by the cyber attacks which included Holland, the United Kingdom and the United States.

(Seized paraphernalia)

Acting on information from Dutch authorities that the organizer of the attack was living in Spain, the Spanish police initiated its own investigations. The Technological Investigation Brigade of the Judicial Police Commission-General and the Police Headquarters of Catalonia were able to zero in on the suspect’s location and arrest him last week.

“Upon his arrest, the suspect claimed to be a diplomat and specifically the Minister of Telecommunications and Foreign Affairs of the Republic of Cyberbunker,” the police statement said.

Cyberbunker is a Dutch-based hosting site that takes its name from a decommissioned NATO bunker which it uses as a headquarters. Cyberbunker is thought to be the source of the DDoS attack on Spamhaus which began on March 19.

DDoS mitigation service provider CloudFlare, later confirmed the attack was a DNS reflection attack. Such an attack involves sending a request for information to an organization’s Domain Name Server, which then gets reflected to the victim. CloudFlare said more than 30,000 unique DNS resolvers each one sending about 2.5Mbps of data was used in the attack.

The result is an overload of computer system resources.

It was earlier reported that Cyberbunker launched the attack in retaliation for Spamhaus’ blacklisting of Cyberbunker. Spamhaus regularly lists databases of servers that are linked to spam and other online criminal activities.

In a statement to the BBC News last month, a person claiming to be a spokesman for Cyberbunker said Spamhaus had “overstepped” its bounds.