Suspect Behind 'Biggest Cyberattack' Nabbed in Spain
A purported self-portrait of Sven Olaf Kamphuis, apparently outside the CyberBunker headquarters in the southern Netherlands, posted on Kamphuis' Facebook page.
CREDIT: Sven Olaf Kamphuis/Facebook
A Dutchman thought to be associated with the "biggest cyberattack in history" last month reportedly has been arrested in Spain.
The Dutch justice ministry announced on its website today (April 26) that a 35-year-old Dutchman, identified only by the initials SK, had been detained on a European warrant yesterday (April 25) in the Barcelona area.
The ministry's press release said SK was suspected in "severe" distributed denial-of-service (DDoS) attacks against the anti-spam organization Spamhaus and Spamhaus partners in the Netherlands, the United States and Britain.
During the week-long series of attacks on Spamhaus, Sven Olaf Kamphuis, a Dutchman in his mid-30s, emerged as the spokesman for Stophaus, the group leading the attacks, which at one point reached an unprecedented 300 gigabits per second.
After the New York Times published an article saying the attacks were causing "widespread congestion and jamming crucial infrastructure around the world," Kamphuis disappeared from view. (The congestion was felt primarily in the London area, northern Germany and the Netherlands.)
Security researcher Brian Krebs noted that Kamphuis' Facebook account said he was a native of Amsterdam living in Barcelona. The last posting on the account was on Wednesday (April 24).
In March, Kamphuis portrayed himself to various media outlets as one of the founders of CyberBunker, a Dutch Web-hosting service that proudly proclaims it will take any customers except terrorists or child pornographers.
CyberBunker, named for the nuclear-blast-proof NATO bunker it purports to house its servers in, has a lot of unsavory clients, including accused cybercriminals, spammers and peddlers of fake pharmaceuticals.
Subsequent reports have said CyberBunker moved out of the bunker years ago. Krebs said CyberBunker's official "WHOIS" listing puts the company in Antarctica.
Because of its nasty clients, Spamhaus put CyberBunker's range of Internet addresses on its email and Web blacklists, which are used by many Internet service providers worldwide to weed out spam and unsavory material.
Kamphuis and Stophaus complained that Spamhaus' efforts were illegal and declared that if Spamhaus would block its clients, its clients would blockade Spamhaus with DDoS attacks, bombarding Spamhaus and its own ISPs with huge amounts of useless Internet traffic.