Yeah, We Broke the Internet: The Inside Story of the Biggest Attack Ever

It’s still unclear who is behind one of the biggest attacks in Internet history, one that’s disrupting service for millions of users and has created an information superhighway traffic jam across the globe.

What is becoming clear is that the attack is an outgrowth of a little-known, but highly explosive war between two factions: on one side are the Internet service providers (ISPs) and Web hosts that don’t ask their clients too many questions about whether they are hosting spam and other kinds of malicious code; on the other are groups that try to name and shame the spammers, and stop them from infiltrating your inbox—or worse, your bank’s servers. This side is engaged in a massive game of virtual whack-a-mole, only one with no end in sight.

In this latest retaliatory attack, the spammers got the better of their opponents, shutting down servers and slowing down the entire Internet. One man so far has come forward, claiming to be the spokesman for the attackers—a man named Sven Olaf Kamphuis. A so-called Internet activist, Kamphuis disdains government regulation of the Internet and, at least according to his Facebook page, gays and Jews. In an interview with The Daily Beast, Kamphuis said he owns an ISP that was put on a blacklist by the Geneva-based anti-spam company Spamhaus. Companies on the blacklist are blocked by email providers and other Internet service companies, which means they’re essentially kicked off the Internet.

So Kamphuis and others on the blacklist formed an opposition group, Stophaus, and earlier this month, they launched the most powerful “distributed denial of service” (DDoS) attack in the history of the Internet. DDoS attacks flood a server with data—in this case, 300 billion bits of data per second—at a rate it can’t possibly handle, thereby shutting it down. Stophaus’s onslaught overwhelmed not just Spamhaus’s servers, but the rest of the Internet, too. Thus, Netflix users around the world were suddenly wondering why they couldn’t stream You’ve Got Mail.

“There are a lot of people who are really pissed off about this,” Kamphuis said of Spamhaus. “And we are the first to show some balls and do something about it.”

Kamphuis said he himself had nothing to do with DDoS attacks. “I am a spokesman for Stophaus,” he said. “But being in the Internet industry I cannot have anything to do with these attacks.” Kamphuis said his group decided to stop the attacks on Tuesday, but said there are other hackers, and possibly even governments, who would like to continue the assault.

On his Facebook page, Kamphuis is adamant about his hatred of Spamhaus, posting on Wednesday that the company “took down members of the stophaus.com group—first—and without any court verdict, just by blackmail of suppliers and jew lies.” He went on to call for an end to SMTP, the Internet protocol for sending and receiving emails, saying it gives “fags an excuse to nag.”

In an interview, Kamphuis, who says he is from Amsterdam and lives in Barcelona, said the comment about “jew lies” was referring to Steve Linford, the founder of Spamhaus. “This is a reflection on Steve Linford,” Kamphuis said. “He is always nagging people. There are a certain group of Jews known as the Zionists that think they are better than other people and this is not a problem with all Jews, this is just a problem with certain Jews who think the others are like the goyim. I think Steve Linford is like that.”

Kamphuis said his politics are largely libertarian. “If I was in the United States, I would be Republican without all the Christian blah blah around it,” he said. “I want a minimal state with not much taxes, that all belongs to companies. I don’t like Israel though.”

Erik Bais, the owner of A2B-Internet, an ISP based in the Netherlands, described Kamphuis as a brilliant programmer who doesn’t care what others think of him. “Jewish people are not high on his favorite list,” he said.

Kamphuis himself made his reputation when in 2010 he attempted to host Pirate Bay, a website that was targeted by the Swedish authorities for copyright infringement. A German court placed an injunction against Kamphuis and his ISP company, CB3ROB, to stop him from putting Pirate Bay back online.

Kamphuis said at the time that the Mossad, the Israeli intelligence service, attempted to blow up his car as a warning. “My car did not decide to explode on its own,” he said.

Bais got to know Kamphuis in the tight community of Dutch Internet technical specialists, but began communicating with him more closely after they discovered they both had a mutual enemy in Spamhaus in 2011. At the time, Bais’s company provided network services to a data center that provided services for CB3ROB, which in turn provided services for Cyberbunker, a Web host company Bais acknowledged may have hosted some shady websites. Nonetheless, he said, Cyberbunker did not traffic in spam.

When Spamhaus put Cyberbunker’s Internet protocol (IP) address on it blacklist, it also listed 4,000 other IP addresses that Bais said had nothing to do with Cyberbunker or CB3ROB. “This was extortion,” Bais said. “As soon as we dropped the IP addresses for CB3ROB, Spamhaus immediately dropped the other addresses which had nothing to do with spam.” In the meantime, Bais found many of his customers could not use email because of the blacklist.

Adam Wosotowsky, a threat researcher at the Internet security firm McAfee, said Spamhaus had a good reputation in the cyber-security world. “Spamhaus historically is not known for making knee-jerk emotional decisions,” he said. “Generally, Spamhaus tends to be very straightforward as to why they are blocking things. They are not in the business of causing false positives.”

Phone calls and emails to Spamhaus were not answered. Cyberbunker couldn’t be reached for comment.