Application security, Threat Management, Network Security, Network Security

Dutch man alleged with carrying out widescale DDoS on Spamhaus arrested

A Dutch man accused of launching a distributed denial-of-service (DDoS) attack widely believed to be the largest ever soon will be transferred from Spanish custody to authorities in his home country, the Netherlands. 

On Friday, the Dutch Public Prosecution Service announced in a news release that the 35-year-old suspect, who police have identified only by the initials S.K., was “suspected of unprecedented heavy attacks on the nonprofit organization Spamhaus.”

That same day, The New York Times reported that the alleged perpetrator was Sven Olaf Kamphuis, an internet activist who has claimed to be a spokesman for CyberBunker, a Netherlands-based web host blacklisted by Spamhaus.

Geneva and London-based Spamhaus is an international group that maintains databases of companies deemed spammers. Last month, the organization was the target of a massive DDoS attack that reportedly grew to impact millions across the web.

Dutch law enforcement said the suspect would be transferred “soon” to the Public Prosecution Service in the Netherlands. On Monday, a Spanish court official said he is expected to be handed over to Dutch police within 10 days, The Huffington Post reported.

“So-called DDoS attacks last month were also performed on Spamhaus partners in the United States, the Netherlands and Great Britain,” the release from Dutch law enforcement said. “The attackers were taking advantage of forged IP addresses.”

According to Dutch authorities, police in Spain seized the suspect's computers, cell phones and devices used to record or transfer data.

The DDoS attacks, which were believed to be carried out by blacklisted CyberBunker as an act of reprisal against Spamhaus, escalated when attackers failed to take Spamhaus' site offline. Eventually, the perpetrators targeted the Spamhaus' hired security and web performance provider, CloudFlare, followed by that company's own bandwidth providers.

The saboteurs continued to aim unwanted packets at network providers further upstream until the attacks culminated in 300 gigabytes per second of traffic being sent. The incident reportedly affected web access for millions of internet users, including access to sites like Netflix. But an article in popular tech blog Gizmodo sought to debunk many of those reports.

On Friday, Spamhaus CEO Steve Linford posted a message on the company's site thanking authorities.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.