There has been quite a buzz around the Cyberbunker and Sven Kamphuis a.k.a. CB3ROB. Which of these are true, and which of them are false?
Largest cyber attack ever?
Well, this part of the story was true, the attack was the largest attack ever, peaking at 300Gbps. To accomplish this they used a technique called 'amplified DNS attack'. The attack was performed from standard 1 to 10Gbps connections, but by exploiting a weakness in the DNS system they managed to massively increase the traffic used for the attack. This is done by spoofing the senders address on a DNS query, which results in the DNS server sending the reply to the wrong place, so instead of sending it back to the real requester it's sent to the victim.
The second part in this is amplification, the request that is send to a DNS server is around 64 bytes, the answer however can be up to 4000 bytes, that's roughly 60 times as much!
Imagine this is done trough multiple connections at 1 to 10Gbps, and amplify this by 60, that's a massive amount of data coming to you, even if you are a big hosting provider this can get you on you knees.
This is exactly what happened to Spamhause, they couldn't handle all this traffic and therefore the website went dark. In an effort to resolve this issue they requested Cloudflare to help them in the hosting. Which is quite an odd decision since they had some issues in the past (Spamhause blocking IP ranges from Cloudflare). Cloudflare at one point had a big struggle to stay online to, many other customers like Netflix where affected by this massive DDoS
Cyberbunker still located in Kloetinge ?
This is a common misconception, the Cyberbunker has left the bunker in Kloetinge in 2011, they sold it to another company called Bunkerinfra Datacenters. Bunkerinfra released this in a pressrelease.
"We are the current users of this bunker, but this bunker has a turbulent history and the former users were from time to time in the news. 12 years ago, an organization named the Cyberbunker, was housed here, mister Sven Kamphuis was a member of this organization. After a fire in 2002, the storage of data was stopped based on a decision by the municipality. Bunkerinfra has taken over the use and management of the bunker in 2010 and after a preparation period of two years, a huge rebuilding started in January2012. “Cyberbunker was more servicing ‘the dark side’ of the internet, the hackers and organizations which are refused anywhere else, Bunkerinfra is just te opposite. Our clients are the larger companies, financial institutions, governmental organizations and for example organizations for which electronic patient files should be properly stored and protected.
“During the past year we made an investment of some millions of euros in the rebuilding of this bunker. Also we are,at the moment, very busy with attracting and contracting new investors and partners to cope with the expected growth of this organization. Cyber-security is a real high growth market and as BIDC we have an answer for specific problems; how to protect your data from an earthquake or other environmental disasters, like solar storms or from a disaster like Fukushima? With the unique approach in offered services and the high security standard, with 10-layered security, we have an answer to those problems. So what we are doing is completely different from what the Cyberbunker was doing, from that point of view.”
A full press release can be found here
Eng:http://www.bunkerinfra.com/press/PRESSRELEASE_Cyberbunker_not_in_bunker-Kloetinge_March29th2013.pdf
NLD:http://www.bunkerinfra.com/press/PERSBERICHT_Cyberbunker_niet_in_Kloetingse_bunker_29maart2013.pdf
How about all the other stories?
Some stories are partially based on the truth, and others are complete nonsense, Bunkerinfra hopes to get these myths busted forever. This is what they had to say about it.
"Rumours about a swimming pool, a network of tunnels and a large weapon cache, all stories that have appeared on the internet during the last 10 years. All those stories are partly true or need somekind of historical explanation.“Yesterday, I had to dissapoint the UK’s Daily Telegraph that there wasn’t a five floor bunker, or tunnels or a swimming pool and that there weren’t done any cyber-attacks from this location”. But the bunker itself is quite large with three floors and 60 rooms. The tunnels were escape tunnels, which were closed by our Defence organization before it was handed over to the private market. The swimming pool was an idea of the former owner, but was never executed because of the fire in 2002. This bunker was also never ‘NATO territory’ were the Dutch Law didn’t apply. “There is no such thing as NATO territory in the Netherlands, and this bunker was always used by our Defense organization. Between 1960 en 1992, it was permanently used by the so called Provinciaal Militair Commando (PMC). Also this bunker was used by a ‘Stay-behind’ organization, called ‘Gladio’. This is why the stories of the large weapon caches exist. “During the past three years we have spoken to several military veterans, people who live in the neighborhood and people who worked on the initial building of this bunker.Out of these stories we drew our own conclusions based on facts.There were indeed three weapon caches in the area surrounding the bunker. They were dismantled in the beginning of the 90’s. This bunker is also standing on Dutch soil, was always in the hands of the Dutch government and there were never any soldiers from other NATO countries present”.
Cyberbunker
The Cyberbunker themselves seem to have made up quite a story here, fooling everyone with it. Looking at their website it seems they are still located in Kloetinge, all one big lie so it seems. But where do they place their servers if they are not in Kloetinge? At the moment it is unknown where Cyberbunker hostst their servers. It is know that CB3ROB´s company places his colo servers at a data-center from a hosting provider called Datahouse (it is unknown if any of these are used in an attack).
Trough this forest of lies and stories they have been able to stay undetected and continue their operations. After all this has come out, what will happen? The future will tell us.
Trough this forest of lies and stories they have been able to stay undetected and continue their operations. After all this has come out, what will happen? The future will tell us.