There has been a lot of coverage on the recent DDoS attacks on Spamhaus. But it occurs to me that there might be many people who aren't clear on two of the key constituents of this story - that is, spam and DDoS. So it seems like a good opportunity to explain what they are and the impact they have on all of us.
What is spam?
Spam is the name commonly given to unsolicited e-mail. It is effectively unwanted advertising, the e-mail equivalent of junk mail delivered through the post or unsolicited telemarketing calls. Spam has become an established problem over the last 15 years - a large percentage of e-mail sent is spam - around 72 per cent during 2012. It's significant in terms of its nuisance-value and the fact that it clogs up network bandwidth. But on top of this, spam e-mails may also contain links to phishing web sites or malicious attachments or links.
Who are the spammers?
The people sending spam vary - from those selling legitimate goods and services, to those selling fake products. It also includes cyber criminals who are looking to distribute malware or redirect people to websites aimed at stealing personal data.
How has spam evolved?
The problems caused by spam - nuisance, clogging up of bandwidth and its use for phishing and malware distribution - led security vendors to develop filters. But there has always been a 'cat-and-mouse' aspect to the evolution of spam and the development of spam filters. The return on investment has made it worth the while of spammers to investigate new ways to evade spam filters. As a result, security researchers have had to employ new techniques to widen their net and catch spam using new methods.
How difficult is it to stop and why?
Spam has always been a moving target, with spammers finding new techniques to evade detection and security researchers responding with updated detection methods. This is one reason why it's not possible to guarantee 100 per cent blocking of spam. Perhaps more important is the fact that, unlike with malware, spam isn't always clear-cut - what may be spam to one person may be an interesting marketing communication to another.
Spam - the wider contex
The Internet is an online reflection of the real world. But it allows more people to access more things more of the time than they ever could offline. It has become an essential part of everyday life - from children researching material for homework to commercial, non-profit and government organisations reaching their customers. But unfortunately there's the other side to the coin. The Internet makes it incredibly easy and quick for cybercriminals to distribute malware, or for illegitimate advertisers to peddle their goods and services. That's why it's so important that, in addition to legislation and technology to block unwanted content, it's essential that we all strive to develop a security mindset - an 'online common sense' that mirrors the caution we try to exercise in the real world. In particular, if something seems too good to be true, it probably is. So try to resist the temptation to open that unsolicited e-mals, or at least not to click on attachments or links they contain.
The central role the Internet plays today is also the reason why we've seen a greater use of DDoS attacks in recent years.
The DDoS, or Distributed Denial of Service attack, is one method that an attacker can use to interrupt, or stop completely, the normal operation of a web site, server or other network resource. The Internet is now the life-blood of many organisations, so the effects of an attack can be very damaging to the business. There are variations on the theme, but a DDoS involves directing so much Internet traffic to the victim's network that it is unable to process anything. It's as though all the inhabitants of a small town visited the same burger bar at the same time on the same day - it simply couldn't cope!
There are two key motives behind DDoS attacks. The first is financial gain: cybercriminals disrupt their victim's systems and try to extort money from them (pay-up or the attack will continue!). The second is as a form of protest: using a DDoS attack as a weapon in pursuit of political, social, ideological or personal interests of the attackers.
DDoS attacks are not new. But they are growing in terms of quantity as well as scale. Among the reasons for this growth is the development of the Internet itself (network capacity and computing power) and past failures in investigating and prosecuting individuals behind past attacks.