You might've read some headlines today—in very reputable publications—saying that there's an online attack underway. The biggest in history. Enough to slow down the internet. This would be exciting and scary, except it's just not true.
The entire thing sounds so dramatic—the swarming DDoS onslaught is "jamming crucial infrastructure around the world," the NYT screams from the trenches—that it sounds just plausible enough. And indeed, the combatants in question have been battling it out online: a conflict between Spamhaus, a
Dutch European group that tracks spammers and Cyberbunker, a Dutch hosting company accused of housing them. That's really happening: as far as we can tell, botnets acting on behalf of (or run by) Cyberbunker have been trying to crash Spamhaus for days with a strong stream of overload junk data.
And if you believe what you've been told online, their head-butting is quaking the entire web. This is it. The big one. The hacks to end all hacks, a hack attack with collateral damage that reverberates 'round the globe. But once you read beyond a few scary sentences of CYBERWEBATTACKS, you might wonder:
- Why wasn't my internet slow?
- Why didn't anyone notice this over the course of the past week, when it began?
- Why isn't anyone without a financial stake in the attack saying the attack was this much of a disaster?
- Why haven't there been any reports of Netflix outages, as the New York Times and BBC reported?
- Why do firms that do nothing but monitor the health of the web, like Internet Traffic Report, show zero evidence of this Dutch conflict spilling over into our online backyards?
(There would be massive dips and spikes in those graphs if war were being waged across the net)
Why are the only people willing to make any claims about the validity or scope of the attack directly involved: Spamhaus reps, the group's leader, and most dubiously, CloudFlare, the anti-DDoS firm Spamhaus enlisted to ward off the attack. And it's that last party that's responsible for the sky-falling internet weather report, the party that stands to profit directly from you being worried that the internet as we know it is under siege.
Hours after the Times and BBC broke the "news" of our internet's artillery wounds, CloudFlare put up a breathless blog post entitled, subtly, "The DDoS That Almost Broke the Internet." Yikes! What follows is essentially a press release that would be like Pfizer telling you how horrible various diseases are, and how well their pills work against them. CloudFlare CEO Matthew Prince tells a harrowing story of warding off the internet attack after Spamhaus hired him—which is certainly true—but warns us of existential threats to the net still lurking out there, like lost Soviet nukes:
As someone in charge of DDoS mitigation at one of the Internet giants emailed me this weekend: "I've often said we don't have to prepare for the largest-possible attack, we just have to prepare for the largest attack the Internet can send without causing massive collateral damage to others. It looks like you've reached that point, so... congratulations!"
At CloudFlare one of our goals is to make DDoS something you only read about in the history books. We're proud of how our network held up under such a massive attack and are working with our peers and partners to ensure that the Internet overall can stand up to the threats it faces.
In a quote to the NYT, Prince even makes the nuclear analogy himself:
"These [DDos attacks] are essentially like nuclear bombs," said Matthew Prince, chief executive of CloudFlare. "It's so easy to cause so much damage."
This would be so terrifying if it weren't advertising. Prince, of course, is in the business of selling protection against online attacks. And his company is, as far as I can tell, pretty good at this business. But he's also clearly in the business of scaring people: in his blog post today, he warns that the Spamhaus attack "may prove to be relatively modest" compared to what comes next. Bigger nukes, I suppose.
I was publicly skeptical about this alleged online devastation, and attracted the attention of Prince himself:
He wanted to put me in touch with a Tier 1 operator—a company that maintains the physical underpinnings of the entire internet. This guy, Prince said, could back up CloudFlare's claims. This really was Web Dresden, or something. After an inquiry, I was ready to face vindication. Instead, I received this note from a spokesperson for NTT, one of the backbone operators of the Internet: