Tuesday, 21 May 2013

The man who 'nearly broke the internet


The man who 'nearly broke the internet'

Sven Olaf Kamphuis is accused of global cybercrime, but Spanish police found him in a squalid flat with his name on the letterbox
The day Sven Olaf Kamphuis parked his huge orange Mercedes van with its German numberplates outside Bar Javis, in the Catalan town of Granollers, the owner's son snapped a picture with his mobile phone.
"Not a lot happens in this street," Maria Cruz, the bar's owner, explained. "And it was so huge, with all those funny antennas and solar panels poking out of the roof, that it blocked the light to the bar."
Even stranger was the 35-year-old Dutch man who parked it in this narrow street after renting a small attic flat with windows made of glass blocks in the poorer end of this nondescript town 15 miles from Barcelona.
Even on hot early summer days, Kamphuis wore a woollen hat. And he spoke no Spanish, answering "yes, yes" in English to everything people from this friendly neighbourhood said to him.
Kamphuis, 35, is one of the most controversial characters in the murky world of spam and hacking – deemed the internet's public enemy number one by some, though others believe his reputation has been blown out of proportion by the grandstanding of his foes.
Capable of rigging up sophisticated computer systems anywhere, including the back of a van, he allegedly masterminded a flurry of March internet attacks that the security company CloudFlare claimed "almost broke the internet", plunging the world into digital darkness. When Spanish and Dutch police arrested him they found the flat occupied by a tangle of cables and computer gear. A copy of the science fiction writer Neal Stephenson's Quicksilver lay on the unmade bed.
Kamphuis displayed a Napoleonic sense of grandeur. "He claimed he had diplomatic status," said the Spanish police officer who led the operation, but asked not to be named. "He said he was the telecommunications minister and foreign minister of a place called the Cyberbunker Republic. He didn't seem to be joking."
"The request to arrest him came from the Netherlands," said the police officer, who heads the cybercrime unit in Barcelona. "But Britain, the United States and Germany were all affected by the massive denial of service attacks that he launched.
"The van was fitted out as a mobile office from which he could launch his attacks. Amongst other things we found the IP addresses of his targets and that is part of the evidence we are sending to the Netherlands."
Kamphuis has yet to be tried, but Spanish police believe they know his modus operandi. "He brought together hackers from around the world to launch the attacks. It is obviously not all over yet, because the Dutch have been under attack again in recent days – presumably as revenge by his friends.
"Some of them have networks of zombie computers, having spread viruses that let them control others people's computers. They all agree to launch the attack and they do millions of requests to the server at the same time."
The result was what the New York Times called an attack of previously "unknown magnitudes", producing a 300bn-bits-per-second data stream that targeted the British and Swiss-based anti-spam operator Spamhaus and its allies. This had reportedly blacklisted his CB3ROB/Cyberbunker company, which claims its servers are housed in an old Nato nuclear bunker near Rotterdam, for hosting hundreds of spam and malware websites. Kamphuis happily claimed to be punishing Spamhaus for "abusing their influence".
"Nobody ever deputised Spamhaus to determine what goes and does not go on the internet," he told the New York Times in an angry message. He later denied involvement. "We want to be absolutely clear that the DDoS [distributed denial of service] attacks are not and have not ever been orchestrated within CB3ROB/CyberBunker, nor are they conducted under the supervision of Sven," he wrote on hisFacebook page.
But the huge number of spammers he hosts has led even hacktivists sympathetic to his pro-Pirate party, Anonymous and Julian Assange's stance to question his real activities.
Several other mysteries remain. If this was one of the most successful spammers in history, why was he living in a squalid flat and a camper van?
"If you get paid a few cents for each spammed email and you send out million emails every day, then you can make a lot of money," said the Spanish police chief.
Kamphuis certainly did not behave like a criminal on the run. "He seemed too relaxed to be a crook," said Cruz. "And he certainly didn't hide away. He had even written his name on the letterbox."
"He wasn't really trying to hide," agrees the Spanish police chief. "I think he thought that we wouldn't track the attacks to him or that we would leave him alone because he was not attacking Spanish targets."
His attacks were widely reported to have slowed the entire internet down, but internet speed trackers such as Internet Traffic Report barely registered a blip.
Some point to publicity-seeking grandstanding by CloudFlare, an internet security company called in to protect Spamhaus. It claimed this was "the DDoS [attack] that almost broke the internet".
"The record-breaking attacks were initially directed at Spamhaus infrastructure such as websites, mailservers and nameservers. Then, over the course of the following two weeks, the attacks escalated to targeting Spamhaus's supporting networks and services including various internet exchanges," Spamhaus's British founder Clive Linford said on his blog, describing the attacks that started in the middle of March. "While the DDoS caused disruptions to our organisation and its hosts and partners, the flow of the Spamhaus anti-spam data that protects over 1.7bn mailboxes worldwide was never interrupted."
Kamphuis was last week taken to the Netherlands – a country that recently announced plans to let police hack into computers located abroad, installing spyware, reading emails and deleting files. He is being held in jail while investigators decide what charges to bring.
A spokesman for the Dutch public prosecutor's office said he would appear before a court in Rotterdam again this week to have bail conditions reviewed after the "unprecedented heavy attacks" on Spamhaus and its partners in the US, Netherlands and Great Britain.

LinkWithin

Related Posts Plugin for WordPress, Blogger...

Popular Post