Meet the Man Behind the Biggest Cyberattack in History [EXCLUSIVE INTERVIEW]

spamhaus, stophaus, sven olaf kamphuis, cyberbunker

The biggest cyberattack in Internet history has gotten tons of coverage from major reputable sources, but the details remain murky. According to initial reports, a spat between Cyberbunker, an internet service provider, and Spamhaus, an organization that searches for sources of email spamming, led to a cyberattack of a massive scale — almost 300 gigabits per second, which is six times the highest recorded DDoS cyberattack. Who exactly is behind the attacks against Spamhaus and why do cyber-activists feel so slighted by the seemingly-reputable company? We spoke to Sven Olaf Kamphuis, the spokesperson for Cyberbunker and offshoot group Stophaus, about everything from his personal beliefs to the reasons for the attack and who was behind it.

Ian Kar: Let’s start with something basic. Where were you born and where are you living now?
Sven Olaf Kamphuis: (Laughs) Who do you work for?
I: Oh, I’m sorry I didn’t realize. If you don’t want to answer that, it’s fine.
S: No, no, it’s fine. I was born in the Netherlands.

I: How did you get involved in Internet activism and Cyberbunker?
S: Well, back in 1996, both Cyberbunker and my company started, and we started doing security checks for Cyberbunker in 1998. In ’99, we merged our internet activities, meaning our company started to sell on the same network as ours. Basically, we do the networking stuff and Cyberbunker does the building, and we kinda merged in that sort of way.

I: Can you set the record straight about which organization is targeting Spamhaus?
S: Yeah I’ve read your article, you’re from, right?
I: Yes.
S: Yeah, “The Biggest Internet Attack Ever…” The people targeting Spamhaus is a group called Stophaus.

I: How are you affiliated with Stophaus?
S: Stophaus is a group of people that found themselves because they were all targeted by Spamhaus and blackmailed by Spamhaus in the past. Basically, one guy called on other people through chat and I notified a few customers that were targeted in the past. And basically then a forum was started, where we started to gather intel on Spamhaus and their entire off-shore Christmas tree of companies and how they operate and we made a database. Actually, the Russians already mirrored a database we used so we integrated that.

I: So are you the spokesperson for Stophaus?
S: Yes.

spamhaus, cyberattack, cyberbunker, stophaus, sven olaf kamphuis


I: There’s been a lot of speculation about the largest cyberattack in history, but not many facts. Could you give us a background on Stophaus and Spamhaus and how it developed into a massive cyberattack?
S: Well, basically, a few people from the Stophaus group had a common agenda and think for themselves and have they all have their own interests, and they decided it was a very good idea to take down Spamhaus. And they did. Fine. (Laughs). We fully agree with that, although we couldn’t do that ourselves. Well, technically we can, but we couldn’t, but it’d be a little difficult. Diplomatically, it would cause a lot of trouble.

I: So the people who are attacking Spamhaus aren’t affiliated with Cyberbunker.
S: They are not affiliated with Cyberbunker, no.
I: They are their own separate group.
S: They’re not a separate group, they’re members of our group, but they do this effort on their own and on their own account. We’re all trying to destroy Spamhaus, not in the same way, but yes we’re all trying to destroy Spamhaus.

I: I saw a rumor online that you were the owner of Cyberbunker. Is that true?
S: Our entire foundation…no one in Cyberbunker and no one in any Cyberbunker affiliates has any personal, direct, property in such things to avoid certain issues.

I: So it’s a form of blackmail and exploitation, correct?
S: Yeah, I mean Cloudflare may not admit that because they tried to make a stand by taking them on as a client. Basically, Cloudflare positioned itself in the middle of an ongoing attack, tried to make a PR stand, and it like backfired when their network was not as good as they thought it was…when the attack was a bit larger than they thought it would be. And then it started to impact their other clients, at which point they should have just decided to no root Spamhaus or just take it off the network.

I: Why do you think they didn’t?
S: I don’t know why they didn’t. It’d be the normal step to do. You can try to host attack targets, and there would be no problem with that, unless the attack is larger than your capacity to handle it, at which point you’re supposed to make sure it doesn’t impact your other clients.

I: Do you think it was arrogance, or stubbornness, or what?
S: I think it’s stubbornness. Or, some other motivation. Maybe their being motivated in another way. I don’t know…personal interests. No idea. Maybe they didn’t want to be called a spam-supporting ISP anymore by Spamhaus. Could be one reason (laughs).

I: How do you feel about Spamhaus? Reports say that they’re a reputable company, but others say that their crusade is sometimes personal.
S: Yeah well, they basically operate clearly in the criminal field. They spread slander about everyone, they call everyone criminals without court documents whatsoever, they call anyone “spammers” that has never sent out email and doesn’t even use that old junk, you know? I don’t even have email and they call me a spammer (laughs). The entire protocol should just die and be replaced by something like Skype, but a bit more open-source [Author’s note: We used Skype to conduct our interview].

Having a friend list basically solves the spam issue, Steve Linford. I never get spam in Skype! There’s not a Nigerian guy asking me for money on Skype! (laughs).

They solved this [email spamming] 12 years ago, when they invented Skype and Facebook and Java and ICQ.

I: There are some spam issues with Facebook and stuff like that though.
S: Yeah and then they’re instantly resolved by just changing Facebook itself, something that they have not done with SMTP since 1964.

I: You’re not a fan of SMTP at all.
S: No. And actually, I don’t think any…Spamhaus keeps claiming that there are millions and millions and millions and millions of euros in the spamming market, in e-marketing, which is absolutely not the case. No one in the world still reads their f*cking email, you know? That was hot in the 1990’s and Steve Linford is a man thats stuck in the 1990’s. He is communicating in a little Usenet group with his little cronies, the net abuse, the net email Usenet group. That is something that dates back to the 70’s or something. And he still thinks that is current use of the Internet and if he posts something there, other people will actually read it. No Steve, no one goes there. Just you and your friends. And no one gives a crap about SMTP, not even the spammers. I mean, ISP’s have better things to do. Email is not the Internet. The Internet has moved on. And yet he [Steve Linford] keeps calling everyone a spammer, and if they do not take him seriously, he calls them a criminal, and if you don’t take him seriously on that one, then he calls you a Russian, which is even worst than a criminal apparently (laughs).

spamhaus, cyberattack, cyberbunker, stophaus, sven olaf kamphuis

I: What do you think about the allegations that Spamhaus is blackmailing and exploiting these companies?
S: Yeah well they are blackmailing these companies, you know? As far as Spamhaus, as far as their argument goes, they say “We are a spam fighting club of volunteers that protect the Internet against spam and people can choose to use our services.” Right? This argument doesn’t go in a number of scenarios. A) When ISP decide to use their [Spamhaus’] list for all of their end users. At which point the end users definitely did not choose to have their emails filtered according to Spamhaus’ standards. B) When Spamhaus lists any other IP that is not directly sending out spam to their list. I mean if their entire network of ISP or if they add IP addresses which have websites on them which have been mentioned in emails sent from other networks about which you cannot do anything, but if they mentioned Google in the spam mail. At this point, it become blackmail because it starts to impact other customers of the ISP besides the one that was actually sending out spam. At the moment, I list an IP address that actually was sending out spam. At that point, people that choose to use their service can no longer receive email from that IP. Case closed with any other DNS blacklist. Not with Spamhaus. Spamhaus insists that you illegally breach the contract with that client, and if you do not do so, based on hardly any evidence at all in most cases, usually its just Spamhaus shouting something really vague, then Spamhause starts to work to disconnect your entire ISP from the Internet.

I: So they shut down an entire company from the Internet, essentially.
S: Yeah, which is what they did with ours, but we fixed that, but we won’t be happy until Spamhaus is gone. Spamhaus is the biggest DDoS attack in the world.

I: Spamhaus itself?
S: Yes. They aren’t the target, they are the DDoS attack, this is what they do. They try to dictate through the Internet. Their definition of what should and should not go on the Internet is not just for the users of their [spam] lists, but for everyone. And that is just not going to fly, of course. It’s been going on for 10 years and people have had enough of them and basically, the Stophaus group is just the tip of the iceberg. Especially considering the Stophaus group stopped attacks against Spamhaus two days ago, but a lot of people are still attacking them through DDoS.

I: There have been conflicting reports that Stophaus’ feud with Spamhaus has spilled over to other parts of the Internet. Have you guys seen any changes in terms of Internet speed globally, or other repercussions of the DDoS attack?
S: I think that is just Cloudflare trying to make their contribution look more important than it actually is. The only thing that actually happened during the attacks was that the airport at the Hong Kong Internet Exchange went down because their router could not handle it, and the same goes for the London Internet Exchange. Their router couldn’t handle it, so their router went down. No one else sent out any form of message that they were experiencing issues. Just Cloudflare. As for the statistics of the London Internet Exchange that they [Cloudflare] keep throwing around, the statistics show about 1.5 terabite per second, and 300 gigabite per second is pretty much nothing. The fact that there were some dips in that graph [seen below], where the green stuff goes all the way to the bottom and is basically zero, that is not the normal Internet exchange not functioning, but the overflow where the counter in the switch was not read out fast enough to make sure the numbers still fit the counter. So this does not affect the functionality of the Internet exchange or the switch in any way, just a little problem with the traffic. This happens on our networks too.

cyberbunker, cloudflare, stophaus, spamhaus, sven olaf kamphuis

I: What was the attack against Spamhaus trying to accomplish? Was one of the goals shutting down the Internet?
S: No…Spamhaus’ goal is shutting down the Internet as far as I’m concerned. At least the parts of it that they don’t like for whatever vague reason they may have.

I: So the goal was to shut down Spamhaus, not the Internet.
S: The goal was to shutdown Spamhaus. We want to have an investigation into Spamhaus and we want to have a discussion about Spamhaus and we want Spamhaus shut down because they’re a bunch of f*cking criminals. Their censorship just pretends to fight spam over the past 10 years. They’ve never fought spam in their lives. They claim left, right, and center, that they work together with law enforcement. Which country would that be? I’ve never seen a police report from the about anything! (laughs). I did however see a lot of reports against them.

I: Yeah I’ve seen the same reports saying they take things a little too personally…
S: Yeah, that the national service, the Emergency Response Team of Latvia complained about them when they blackmailed when they complained about NIC.LV, an old domain register for Austria. Basically what happened there was Spamhaus classified them as spam, but you cannot go to another country’s agency and demand they remove domain names because you don’t like them. It doesn’t work that way, Spamhaus.

Was the goal accomplished of shutting down Spamhaus accomplished or are they still working towards that goal?
They are still working. But I’m quite sure that it’s turned into a big diplomatic incident by now (laughs).

spamhaus, cyberattack, cyberbunker, stophaus, sven olaf kamphuis


I: What can you tell me about Stophaus? Why it was created and who else was involved?
S: Basically it’s a lot of people who have been victims of Spamhaus and their extortion tactics and their DOS attacks. It’s basically what Spamhaus does: They make your network unusable and they think that they’ve accomplished their goal. Well, basically, their excuse is that you do not work together with them, but there is no legal obligation whatsoever to work with them. They can go to hell as far as I’m concerned. I have no legal responsibility to even answer their emails. And they don’t really like that. They think everyone should take them as personally as the Internet believes, or else they are the worst spam-supporting ISP in the world. With is a bit contradictory because I think that would make us the best spam-supporting ISP in the world.

spamhaus, cyberattack, cyberbunker, stophaus, sven olaf kamphuis

I: Is Stophaus affiliated with Cyberbunker?
S: Cyberbunker supports Stophaus as well and a lot of our clients. We fully support Stophaus and every effort to take down Spamhaus. That is every effort to take down Spamhaus. Which also includes the DDoS attack, but we do not participate.

I: Is it true that a Dutch Swat team attempted, but failed, to enter Cyberbunker’s facility?
S: Oh yeah they did that a couple of years ago, that was quite funny. The local mayor of the surrounding town seems to have a bit of a misunderstanding. He seems to believe that Cyberbunker would be part of his little city, which it most definitely is not.

I: I heard Cyberbunker occupies an ex-NATO building.
S: Well, technically, it is a NATO base. In 1955, there were a lot of radio relay bases built and also to spy on Communists in those regions. Basically, the building was sold in 1996 and it was never made into Dutch territory. We tried to make it Dutch territory at first, but we realized we do not actually need you people (laughs). They weren’t quite responsive back then. But if he should have anything to nag now…
I: Who has anything to nag about?
S: If he has anything to complain about now, he shouldn’t have been as apprehensive in 1996. The former mayor of the town. He was, incidentally, caught shifting 12 million Euros of tax money to Iceland. So, he’s no longer the mayor of the city.

I: That’s interesting.
S: There are a lot of interesting things going on around these parts.

I: How do you feel about the report that five different government are investigating the cyberattack?
S: No we’re really worried because we are not — at least I’m not doing anything illegal — I am a citizen of a soverign nation, I can do whatever the f*ck I want anyway, but I’m not doing the attack.

I: Do you think the people involved with Stophaus should be worried?
S: Some of them, but I hear some of our members have already gotten political asylum. Not the Republic of Cyberbunker, but larger countries already are offering it [asylum] to the few who are potentially facing trouble at this point.

I: So you would say Cyberbunker is a republic.
S: Cyberbunker is a republic, yes. We’re not like Sweden, we do not try to solve anything or make a huge show out of it, but yeah.

I: So it’s a self-governing state?
S: Yeah it’s self-governing as a state. But, we are very good friends with the Netherlands in most respects. I don’t think it’d be a good idea for the Netherlands to breach that relationship.

spamhaus, cyberattack, cyberbunker, stophaus, sven olaf kamphuis

I: Was this an example of “hacktivism” or was it personal? If it was hacktivism, how so?
S: No this is the Internet. What we see here is the Internet puking out Spamhaus. Spamhaus is a cancer that has settled itself and basically gained the position to point it’s finger to stuff that it doesn’t like and have it removed or they can interfere with your business in other ways. We have laws against spamming and Spamhaus has been obsolete since those laws went into effect. People have been arrested, but I haven’t seen Spamhaus help get a spammer arrested, yet they claim that half the world are spammers. Now if there were so many spammers in the world as Spamhaus claims, the Internet would DDoS itself with spam.

I: So it was more personal than hactivism, correct?
S: No this is, from my side, this is both hactivism, business, and…of course, we do not really like censorship clubs.
a lot more than we’re already doing.

I: Do you think Stophaus will launch a larger attack?
S: I don’t think DDoS attacks are the way to go long term. There are clearly other people still doing the attacks, but Spamhaus has infringed Russian and Chinese trade interests for the past few years, and they’ve keep calling criminals according to what they say a criminal is. They keep calling them Russian’s as well.

I: What about the reports that said Stophaus was working with Russian and Eastern European crime syndicates?
S: Crime syndicates? More like government agencies. (Laughs) If Spamhaus chooses to call them “crime syndicates,” then they’re perfectly free to do that because they do that all the time, don’t they.

I: That’s what a report said. You think government agencies are helping Stophaus, right?
S: Yes, I think you can put it that way. The Russian’s are quite clear the fact that they consider Spamhaus an illegal organization. The Russian telecom regulator issued a report in which they announced that they would revoke any Russian Internet provider as soon as they used Spamhaus, because using Spamhaus resolves anything but filtering spam. Everything that is on the blacklist is not actually spam it’s just IP ranges that they list as a method of blackmail and putting pressure on people. So, if a Russian Internet Provider uses Spamhaus, then basically they can get their license revoked because Spamhaus is a very vague organization with a very vague agenda. It needs a lot investigation, including their cash flow. Having a dormant non-profit organization in the UK, then claiming to be a non-profit but in the meantime having a number of off-shore in the Bahamas. It smells a bit like tax fraud doesn’t it?

I: How would you describe your political beliefs?
S: I support the idea of a minimal state, direct democracy, although everyone is free to do, in their own country, whatever they want to do in their own country.

I: There were allegations that you were an anti-Semite and a homophobe. Do you have any comment on that?
S: I’m a homophobe? I’m gay. I do have a problem with Zionists, not necessarily Jews in general, but Zionists, yes. Because they are Jews that seem to think that Jews are better than every other people in the world and are free to f*ck everyone else in the ass. Now I do have a problem with that, because they clearly are more racist than everyone else. As for homophobe, I don’t know where they got that one from. (Laughs) I would say that there are a whole bunch of guys that don’t agree with that view.

Comment Here
Notify of
Inline Feedbacks
View all comments
Would love your thoughts, please comment.x