— A record-breaking cyberattack targeting an anti-spam watchdog group has sent ripples of disruption coursing across the Web, experts said Wednesday.
Spamhaus, a site responsible for keeping ads for counterfeit Viagra and bogus weight-loss pills out of the world's inboxes, said it had been buffeted by the monster denial-of-service attack since mid-March, apparently from groups angry at being blacklisted by the Swiss-British group.
"It is a small miracle that we're still online," Spamhaus researcher Vincent Hanna said.
Denial-of-service attacks overwhelm a server with traffic — like hundreds of letters being jammed through a mail slot at the same time. Security experts measure those attacks in bits of data per second. Recent cyberattacks — like the ones that caused persistent outages at U.S. banking sites late last year — have tended to peak at 100 billion bits per second.
But the furious assault on Spamhaus has shattered the charts, clocking in at 300 billion bits per second, according to San Francisco-based CloudFlare Inc., which Spamhaus has enlisted to help it weather the attack.
"It was likely quite a bit more, but at some point measurement systems can't keep up," CloudFlare chief executive Matthew Prince wrote in an email.
Patrick Gilmore of Akamai Technologies said that was no understatement.
"This attack is the largest that has been publicly disclosed — ever — in the history of the Internet," he said.
It's unclear who exactly was behind the attack, although a man who identified himself as Sven Olaf Kamphuis said he was in touch with the attackers and described them as mainly consisting of disgruntled Russian Internet service providers who had found themselves on Spamhaus' blacklists. There was no immediate way to verify his claim.
He accused the watchdog of arbitrarily blocking content that it did not like. Spamhaus has widely used and constantly updated blacklists of sites that send spam.