March 29, 2013 — -- "The Internet almost broke." "The Internet slowed down." "Internet cable cut."
Those are just a few of the statements bandied about by organizations and in the media after two separate, unrelated events this week: First, there was one of the worst cyberattacks ever on the Internet; second, an underseas cable off the coast of Egypt was cut. The two attacks have affected Internet speeds and stability.
So what happened exactly? And is the Internet really slower?
Spamhaus and Cyberbunker Denial of Service Attacks
It's been called the biggest denial-of-service (DDoS) attack in history and one of the fiercest cyberfights. So who was fighting and how did it happen?
At the center of it all are two companies – Spamhaus and Cyberbunker.
The Geneva-based Cyberbunker, which is based out of a former NATO bunker, is a hosting service, or a company that hosts websites and services on its servers. But it's not just a normal hosting company – this one will host any type of website. The only things it refuses to host or save is child pornography and terrorist sites. Sites with malware or other dangerous viruses, which can attack your computers, are free game. Cyberbunker also allows the sites that use the service to stay completely anonymous.
But when Spamhaus, a company that works to block spam, added the company to its list of suspected spam-hosting websites, Cyberbunker was far from happy. So it launched a massive denial of service attack (DDoS) at Spamhaus. A DDoS attack is a cyberattack that aims to make a service unusable.
"Imagine someone knocking on the door and you have to say, Hello, who is it?" Tom Galvin, executive director of Digital Citizens Alliance, explained to ABC News. "Now imagine that is happening every single second," he added, referring to the traffic Spamhaus had to respond to. "What else are you getting done? It requires the network to verify who else is on the other side of the door and it locks the system up." Continuing the traffic analogy, it was as if lots of cars were trying to get through on a road that is blocked off.
Internet Slow Down?
In the case of Spamhaus, the attack was so large and so much data was being fired at the company that the congestion caused Internet speed disruptions. CloudFare, the company that helped Spamhaus fight the attack, said that at one point 300Gbps of attack traffic was being sent, which would make this one of the largest attacks ever reported.
"You can only force so much data and packets of information through a connection," Adam Wosotowsky, messaging data architect at McAfee Labs, explained to ABC News. "When that packet is going across, it has to get to the other side cleanly, if you have contention issues and a lot of extraneous data, those packets start to collide and the network isn't as clean. It gets clogged."
As a result of the unprecedented attack, there were service slowdowns for ordinary Internet users, and McAfee and other security companies have confirmed that some sites were affected with slow load times. CloudFare said it caused disruptions to London and Hong Kong's backend Internet systems. Netflix was said to be one of the services that was impacted by the slow load times, though Netflix has declined to comment and it hasn't been confirmed. Typically DDoS attacks, which occur all the time, don't have such far-reaching impact.
Wosotowsky explained that other services that share similar services to Spamhaus can also be impacted by an attack of this size.
However, the slowdowns were not as widespread or as severe as many thought, says Doug Madory of Renesys, a New Hampshire firm that keeps track of global Internet stability. "As far as the global Internet, this was a fairly localized event. It wasn't a catastrophic event across the global Internet," Madory said.
Undersea Cord Cutting
Madory didn't minimize the repurcussions of the Cyberbunker-Spamhaus spat, but he did say that another event this week could have had even bigger or more widespread implications.
"One of the biggest cables that connects Europe to the biggest cables was cut, that's a way to create a widespread impact," Madory said. According to the BBC, three scuba divers were caught trying to cut an undersea Internet cable off Egypt. The damaged cable caused service disruptions in Egypt, Africa and other parts of the Middle East. The motive of the men is unknown. Problems in Internet service in Egypt is not new: Two years ago, during the Arab Spring uprising, Internet access in Egypt was cut off.
Other outages in the region were thought to be attributed to additional underseas cable disruption, likely caused by a boat or an anchor. Madory and Wosotowsky both said that there are other cable links to provide connectivity to the countries, but that it can have a significant effect on speeds and stability of the service.
"It's one thing with a DDoS attack, we are able to push that away with code, but when you cut a wire you have to get out there and splice that thing back together and get it up and running," Wosotowsky said. "Hardware attacks are much more expensive and take a lot more time to recover from."
The Digital Mafia
The two attacks, while not related, do demonstrate that it's not just the individuals on the Internet, but the Internet itself, which stands in harm's way with the rise of cyberattacks.
"Bad guys are always going to be on the look for the weakness in the chain, that's why these things take place. It will either be a DDoS or cables being cut," Galvin said. "It's the same way 50 or 40 years ago we made an effort to crackdown on the Mafia. We need to have the same focus on the criminals on the Internet today."