Spamhaus seeks arrests of non-EU DDoS attackers

News by Steve Gold

Anti-spam organisation Spamhaus welcomes two arrests in the UK and Spain, and now seeks others outside the EU, which commentators believe is unlikely to happen.

Spamhaus, the veteran anti-spam organisation, has welcomed the arrests of two alleged DDoS attackers against its servers, but wants global law enforcement officers to arrest five more people apparently also known to have been behind the campaign.

The arrest of a UK and Dutch citizen, says the non-profit organisation, is a step in the right direction, but it also wants to see arrests of the other five suspects, who are reported to be in the US, Russia and China.

The alleged DDoS attackers were reportedly involved in a distributed denial of service attack - known as Stophaus - against Spamhaus servers in March of last year.

Stophaus was considered by many to be one of the industry's largest DDoS attacks of type, and used spoofed requests sent via open DNS servers to swamp the company's servers. Some reports suggested that the efficiency of several European Internet nodes was also reduced as a result of the attacks.

In a blog post published yesterday by Quentin Jenkins, a security researcher with the organisation, Spamhaus thanked the law enforcement community in the matter of the massive DDoS attack staged against its systems in March of last year.

"This time we offer our congratulations and thanks to the UK's National Cyber Crime Unit (NCCU), the cybercrime arm of the National Crime Agency (NCA)," he added, noting that a 17-year-old Londoner was charged late last month with computer misuse, fraud and money laundering offences.

Jenkins says that this was the first formal announcement of the arrest, which took place last year, shortly after the arrest of a Dutch national living in Spain, who has been charged by the Dutch Public Prosecution Service for leading the gang who carried out the DDoS attack.

The case, he noted, is proceeding through the Dutch legal system.

"With two of the attackers now charged and awaiting trial, Spamhaus has hopes that the other conspirators - consisting of two US nationals, two Russians and a Chinese national - will also soon be charged. Several more spammers and cybercrime-involved server hosting company owners were peripherally involved and at this time most have been identified by both Spamhaus and law enforcement," he added.

According to Alonso Jose da Silva, the international technical manager with Tempest Security Intelligence, getting the five other people involved in the Stophaus project arrested is going to be a tough `ask' for Spamhaus, as whilst police and other western agencies may know who the guys are, getting them arrested in the countries where they are located is always going to be a tricky step.

"That having been said, Spamhaus does need to push as hard as it can for the arrests, as it is clearly going to be a tough fight, so having multiple organisations behind the request makes a lot of sense," he explained.

Bob Tarzey, an analyst and director with Quocirca, was less positive: "The best of luck to Spamhaus - which is a European-based organisation - when it comes to getting arrests in China, USA and Russia," he said, adding that the two arrests seen so far in the case are within European countries, he said.

"Cyber-crime does not respect terrestrial boarders, but there is little progress towards international agreement on how to manage a pan-global problem. I cannot see China, USA or Russia handing over the suspects as requested by Spamhaus," he added.

The other big question, he told, is who these foreign countries will be handing their suspects over to.

"Who is empowered to enforce the law in such a case? We have a long way to go in the global policing of cyberspace," he explained.


Find this article useful?

Get more great articles like this in your inbox every lunchtime

Video and interviews