SpamHaus v. CyberBunker: More Than Meets the Eye

Media accounts claim that the latest non-government cyber-Armageddon — a Distributed Denial of Service attack on anti-spam service SpamHaus by unidentified attackers alleged by some to be acting on behalf of “pretty much anything goes” web host CyberBunker — reached such proportions that it may have actually slowed down the Internet in general. As I write this article, the attack on SpamHaus appears to have ended in failure, but CyberBunker itself has been taken down in (direct or indirect, who knows) retribution.

As US Vice President Joe Biden might put it, this was a big —-in’ deal. The attackers deployed DDOS resources nearly an order of magnitude more powerful than those typically seen in large-scale cyber attacks, and so far as we know they didn’t have the resources of a state at their disposal. Lots of juicy implications there with regard to governments’ ability to attack Internet freedom versus users’ ability to aggressively respond. But that’s not what really caught my attention.

Maybe I live under a rock or something, but I had never heard of SpamHaus before this incident. I knew there were non-user-level “anti-spam services” available, but I hadn’t ever considered how they might work or what impact they might have on the essential openness of the Internet.

According to its web site, Spamhaus “is an international nonprofit organization whose mission is to track the Internet’s spam operations and sources, to provide dependable realtime anti-spam protection for Internet networks, to work with Law Enforcement Agencies to identify and pursue spam gangs worldwide, and to lobby governments for effective anti-spam legislation.” It “maintains a number of realtime spam-blocking databases” which “are today used by the majority of the Internet’s Email Service Providers, Corporations, Universities, Governments and Military networks.”

Now, I don’t like spam any more than most people like spam. But what I like even less than spam is the idea of some centralized organization deciding what is and is not spam FOR me, without me ever seeing it, and deleting the things its operators don’t think I SHOULD see. Especially if that organization associates itself with “Governments and Military networks.”

more here: http://c4ss.org/content/17929