/ 24 May 2013

Man who almost ‘broke the net’

Man Who Almost 'broke The Net'

The day Sven Olaf Kamphuis parked his huge van with its German numberplates outside Bar Javis, in the Catalan town of Granollers, the owner's son took a photo of it with his cellphone.

"Not a lot happens in this street," Maria Cruz, the bar's owner, explained. "And it was so huge, with all those funny antennas and solar panels poking out of the roof, that it blocked the light to the bar."

Even stranger was the 35-year-old Dutchman who parked it in the narrow street after renting a small attic flat in the poorer end of this nondescript town about 25km from Barcelona. Even on hot spring days, Kamphuis wore a woollen hat. And he spoke no Spanish, answering "yes, yes" in English to everything people said to him.

Kamphuis is one of the most controversial characters in the murky world of spam and hacking – deemed the internet's public enemy number one by some, though others believe his reputation has been blown out of proportion by the grandstanding of his foes.

Capable of rigging up sophisticated computer systems anywhere, including the back of a van, he allegedly masterminded a flurry of internet attacks in March that the security company CloudFlare claimed "almost broke the internet", plunging the world into digital darkness. When Spanish and Dutch police arrested him, Kamphuis displayed a Napoleonic sense of grandeur.

"He claimed he had diplomatic status," said the Spanish police officer who led the operation, but asked not to be named.

Modus operandi
"He said he was the telecommunications minister and foreign minister of a place called the CyberBunker Republic. He didn't seem to be joking. The request to arrest him came from the Netherlands," said the officer, who heads the cybercrime unit in Barcelona. "But Britain, the United States and Germany were all affected by the massive denial-of-service attacks that he launched.

"The van was fitted out as a mobile office from which he could launch his attacks. We found the IP addresses of his targets and that is part of the evidence."

Kamphuis is yet to be tried, but Spanish police believe they know his modus operandi.

"He brought together hackers from around the world to launch the attacks. It is obviously not all over yet, because the Dutch have been under attack again in recent days – presumably as revenge by his friends.

"Some of them have networks of zombie computers, having spread viruses that let them control other people's computers. They all agree to launch the attack and they do millions of requests to the server at the same time."

The result was what the New York Times called an attack of previously "unknown magnitudes", producing a 300-billion-bits-per-second data stream that targeted the British and Swiss-based anti-spam operator Spamhaus and its allies. They had reportedly blacklisted his CyberBunker company, whose servers are allegedly housed in an old Nato nuclear bunker near Rotterdam, for hosting hundreds of spam and malware websites.

Squalid flat
"Nobody ever deputised Spamhaus to determine what goes and does not go on the internet," Kamphuis told the New York Times in an angry message. He later denied involvement.

"We want to be clear that the DDoS [distributed denial of service] attacks are not and have not ever been orchestrated within CyberBunker, nor are they conducted under the supervision of Sven," he wrote on his Facebook page.

Several other mysteries remain. If this was one of the most successful spammers in history, why was he living in a squalid flat?

"If you get paid a few cents for each spammed email and you send out millions of emails every day, then you can make a lot of money," said the Spanish police chief.

Kamphuis certainly did not behave like a criminal on the run.

"He seemed too relaxed to be a crook," said Cruz. "And he didn't hide away. He had even written his name on the letter box."

"He wasn't really trying to hide," agrees the Spanish police chief. "I think he thought that we wouldn't track the attacks to him or that we would leave him alone because he was not attacking Spanish targets."

His attacks were reported to have slowed down the entire internet, but speed trackers such as Internet Traffic Report barely registered a blip. Some point to publicity-seeking grandstanding by CloudFlare, which was called in to protect Spamhaus. It claimed this was "the DDoS [attack] that almost broke the internet".

Kamphuis is being held in jail in the Netherlands while investigators decide what charges to bring. A spokesperson for the Dutch public prosecutor's office said it was expected that Kamphuis's bail conditions would be reviewed after the "unprecedented heavy attacks" on Spamhaus and its partners in the US, the Netherlands and Britain. – © Guardian News & Media 2013