The 300 Gb/sec Distributed Denial of Service attack launched on March 19 against Spamhaus and which lasted for a good 9 days, was certainly the biggest attack ever faced by this most efficient and influent antispam organisation in its 12 years of operations.
It may also qualify as the attack which generated the most sensational headlines : “Behind The Largest Internet Attack Ever” (Forbes), “The Nine-Day Cyber Attack That Broke the Internet” (CNBC, a blog post by Pat Calhoun, Sr. Vice President, Network Security McAfee), “Record-breaking cyberattack hits anti-spam group” (AP), “How the world's largest cyberattack slows down your Internet use” (PCWorld), and so on.
Very quickly the real magnitude of this attack started to be questioned and its impact was reassessed to more reasonable proportions. According to the Internet Storm Center on March 28 : “The attack did reach upwards of 300 Gb/sec and is the largest recorded DDoS to date” but “(…) the Internet did not come close to coming down, not much real impact was felt outside the victims and those in close Internet-proximity to them (…). The attack was significant, but not globally so despite the media reports to the contrary.”
Even more interestingly, this time the attacker had a name - the hosting provider Cyberbunker, located in an ex-NATO shelter in the Netherlands - and it has a spokesperson : Sven Olaf Kamphuis who has a Facebook page and appeared on Russia Today on March 27. On this interview Mr Kamphuis denies being behind the attack, blames Spamhaus for being a threat to internet freedom and he makes this particularly interesting quote: “Spamming is against the law but Spamhaus is not the authoritative instance to handle that”.
It is so unusual to put a face and a name on adversaries of well-established entities that the media and the blog posts could not miss the opportunity to talk about Cyberbunker and let Mr Kamphuis share their views. As a human being, I understand - and to a certain point I share - the frustration expressed by the North-American antispam organisation CAUCE on March 28 that “some press outlets and bloggers have given equal time to the criminals”. But as a lawyer, I like that. I find very important that adversaries are given the opportunity to say what they have to say, even if this is unpleasant or simply not true.
I would go even further: it’s not enough to give adversaries equal time, the law community has a duty to give them the opportunity to address their dispute in an organised fashion.
For the first time in history, we have been the witness of a huge cyberattack between adversaries who are publicly fighting each other, and who have arguments which can potentially be assessed and discussed in a reasonable fashion.
It is uncertain whether our Spamhaus and its adversaries would feel safe enough to sit down and explore how the rule of law could help address their case, but the opportunity is there. Given the core values it represents, what is the role of the Council of Europe in resolving the challenges around the biggest internet attack ever?