Would you like to share an article on cybercrime? Please contribute!

These articles do not necessarily reflect official positions of the Council of Europe


Time to bring the rule of law into the biggest Internet attack ever?

The 300 Gb/sec Distributed Denial of Service attack launched on March 19 against Spamhaus and which lasted for a good 9 days, was certainly the biggest attack ever faced by this most efficient and influent antispam organisation in its 12 years of operations.

It may also qualify as the attack which generated the most sensational headlines : “Behind The Largest Internet Attack Ever” (Forbes), “The Nine-Day Cyber Attack That Broke the Internet” (CNBC, a blog post by Pat Calhoun, Sr. Vice President, Network Security McAfee), “Record-breaking cyberattack hits anti-spam group” (AP), “How the world's largest cyberattack slows down your Internet use” (PCWorld), and so on.

Very quickly the real magnitude of this attack started to be questioned and its impact was reassessed to more reasonable proportions. According to the Internet Storm Center on March 28 : “The attack did reach upwards of 300 Gb/sec and is the largest recorded DDoS to date” but “(…) the Internet did not come close to coming down, not much real impact was felt outside the victims and those in close Internet-proximity to them (…). The attack was significant, but not globally so despite the media reports to the contrary.”

Even more interestingly, this time the attacker had a name - the hosting provider Cyberbunker, located in an ex-NATO shelter in the Netherlands - and it has a spokesperson : Sven Olaf Kamphuis who has a Facebook page and appeared on Russia Today on March 27. On this interview Mr Kamphuis denies being behind the attack, blames Spamhaus for being a threat to internet freedom and he makes this particularly interesting quote: “Spamming is against the law but Spamhaus is not the authoritative instance to handle that”.

It is so unusual to put a face and a name on adversaries of well-established entities that the media and the blog posts could not miss the opportunity to talk about Cyberbunker and let Mr Kamphuis share their views. As a human being, I understand - and to a certain point I share - the frustration expressed by the North-American antispam organisation CAUCE on March 28 that “some press outlets and bloggers have given equal time to the criminals”. But as a lawyer, I like that. I find very important that adversaries are given the opportunity to say what they have to say, even if this is unpleasant or simply not true.

I would go even further: it’s not enough to give adversaries equal time, the law community has a duty to give them the opportunity to address their dispute in an organised fashion.

For the first time in history, we have been the witness of a huge cyberattack between adversaries who are publicly fighting each other, and who have arguments which can potentially be assessed and discussed in a reasonable fashion.

It is uncertain whether our Spamhaus and its adversaries would feel safe enough to sit down and explore how the rule of law could help address their case, but the opportunity is there. Given the core values it represents, what is the role of the Council of Europe in resolving the challenges around the biggest internet attack ever?

Please sign in to comment.
Comment by Vladimir Radunovic on April 9, 2013 at 6:54pm

Jean-Christophe, very good text. I like the point on using this case to channel such disputes through a legal system (in future).

The consequences of this particular attack were really not as dramatic as the media initially showcased - but the potentials of such attacks are quite scary (if one would really like them to be, and would engage a bigger botnet for instance) as I discussed in my blog:

On one hand it is the question of how to technically upgrade the system to prevent this. On the other, how to predict the possible consequences of such attacks beyond the envisaged scope ("proportionality" in a way). Then also how to act legally in such cases of "private cyber-wars". And finally - how to make such parties not "cyber-fist-fight" but rather run through institutional environment (even discussing if someone like Spamhaus "is eligible" to act as spam-filter).

And yes - CoE should/can have a role in all this, especially in the last one.
Posted on 04/03/15 10:28.
Jean-Christophe LE TOQUIN
Comment by Jean-Christophe Le Toquin on April 9, 2013 at 8:46pm

Thank you Vladimir,

At the moment, parties engaged in "private cyber-wars" have nowhere to discuss and settle their argument. They need a process which is more public than arbitration, and more flexible and policy-oriented than a court decision.

I agree with you CoE should/can have a role, maybe with the support of your diplomatic skills? emoticon
Posted on 04/03/15 10:29 in reply to Vladimir RADUNOVIC.
Pedro Verdelho
Comment by Pedro Verdelho on April 11, 2013 at 3:15pm

This is a very interesting remark, Jean-Christophe. There is, indeed, a new opportunity, as you mention in your last lines.

But not only that: the questions you raise must really be taken into consideration in a “reasonable fashion” discussion, beyond the eventual reasons of the involved “parties”, at least, to make clear that this was an attack, fulfilling a couple of types of criminal infringements. Anyways, I don’t remember any discussion like that, with people committing crimes to impose their will, since the old Wild West movies.
Posted on 04/03/15 10:32 in reply to Jean-christophe LE TOQUIN.
Tools on Cybercrime & Electronic Evidence Empowering You!
Useful links Useful links

This tool is co-funded  by the GLACY  and Cybercrime@Octopus projects