Dutch man alleged with carrying out widescale DDoS on Spamhaus arrested

Share this article:

A Dutch man accused of launching a distributed denial-of-service (DDoS) attack widely believed to be the largest ever soon will be transferred from Spanish custody to authorities in his home country, the Netherlands. 

On Friday, the Dutch Public Prosecution Service announced in a news release that the 35-year-old suspect, who police have identified only by the initials S.K., was “suspected of unprecedented heavy attacks on the nonprofit organization Spamhaus.”

That same day, The New York Times reported that the alleged perpetrator was Sven Olaf Kamphuis, an internet activist who has claimed to be a spokesman for CyberBunker, a Netherlands-based web host blacklisted by Spamhaus.

Geneva and London-based Spamhaus is an international group that maintains databases of companies deemed spammers. Last month, the organization was the target of a massive DDoS attack that reportedly grew to impact millions across the web.

Dutch law enforcement said the suspect would be transferred “soon” to the Public Prosecution Service in the Netherlands. On Monday, a Spanish court official said he is expected to be handed over to Dutch police within 10 days, The Huffington Post reported.

“So-called DDoS attacks last month were also performed on Spamhaus partners in the United States, the Netherlands and Great Britain,” the release from Dutch law enforcement said. “The attackers were taking advantage of forged IP addresses.”

According to Dutch authorities, police in Spain seized the suspect's computers, cell phones and devices used to record or transfer data.

The DDoS attacks, which were believed to be carried out by blacklisted CyberBunker as an act of reprisal against Spamhaus, escalated when attackers failed to take Spamhaus' site offline. Eventually, the perpetrators targeted the Spamhaus' hired security and web performance provider, CloudFlare, followed by that company's own bandwidth providers.

The saboteurs continued to aim unwanted packets at network providers further upstream until the attacks culminated in 300 gigabytes per second of traffic being sent. The incident reportedly affected web access for millions of internet users, including access to sites like Netflix. But an article in popular tech blog Gizmodo sought to debunk many of those reports.

On Friday, Spamhaus CEO Steve Linford posted a message on the company's site thanking authorities.

Share this article:

Sign up to our newsletters

More in News

Errors in ZeroLocker means paying ransom may not decrypt files

A piece of ransomware known as ZeroLocker contains various errors that may prevent files from being decrypted even if the ransom is paid.

Rogue AV scammers find success with new tatics

Although the number of rogue anti-virus malware campaigns have decreased overall, the threat isn't totally gone, according to researchers at Microsoft.

Medical transcription provider settles data security charges

GMR Transcription Services in California agreed to settle FTC charges related to its security practices.