Spamhaus operates an independent spam blacklist that is widely used by ISPs to block the source of spam. Early this year it added the hosting firm Cyberbunker to its blacklist. Cyberbunker says that it will host any website other than child porn and terrorist sites – and is widely thought to host numerous spam sites.
The DDoS attack commenced after this, and Dutchman Sven Olaf Kamphuis – describing himself as a spokesman for Cyberbunker – said that Cyberbunker was retaliating against Spamhaus for 'abusing their influence'.
One month later the Dutch authorities announced that a "35-year-old Dutchman, SK, was arrested... in Spain... suspected of unprecedented heavy attacks on the non-profit organization Spamhaus."
What wasn't announced was that at around the same time a 16-year-old London schoolboy was also arrested in what the London Evening Standard now describes as "part of an international swoop against a suspected organised crime gang" in connection with the "world’s biggest cyber attack."
The newspaper reports, "The boy’s arrest, by detectives from the National Cyber Crime Unit, followed an international police operation against those suspected of carrying out a cyber attack so large that it slowed down the internet."
Few details on either the boy concerned or the investigation that led to his arrest have been made available. However, the Evening Standard has seen a briefing note on the British investigation, codenamed Operation Rashlike, and reports that "the attack was the 'largest DDoS attack ever seen' and that it had a 'worldwide impact' on internet exchanges. The document says services affected included the London Internet Exchange and that although the impact was eventually 'mitigated' it managed to cause 'worldwide disruption of the functionality' of the internet."
On the arrest of the schoolboy, the briefing note says, “The suspect was found with his computer systems open and logged on to various virtual systems and forums. The subject has a significant amount of money flowing through his bank account. Financial investigators are in the process of restraining monies.”
What isn't yet apparent is whether the schoolboy was arrested solely over the Spamhaus attack, or whether the 'significant amount of money' indicates involvement in a wide cybercrime gang also under investigation. Whether by coincidence or not, the announcement closely follows the London arrest of four men for allegedly seeking to take over Santander computers, and a further eight men who took control of a Barclays computer.