Dutch authorities say they have arrested a man in connection with an online attack on a spam-fighting site that ensnarled the Internet last month, causing widespread congestion and jamming crucial infrastructure around the world.
While the authorities did not give the full name of the man in a statement published on a government Web site, they identified him as “S.K.” A source close to the investigation, who was not authorized to speak publicly, confirmed that the arrested man was Sven Olaf Kamphuis, a 35-year-old Dutch man who has been the spokesman of a group that was protesting a European antispam group’s tactics.
Spanish police arrested the man on Thursday at his home in Barcelona, at the request of the Dutch police, and seized his computers and mobile phones. He is expected to be sent to the Netherlands. Wim de Bruin, a spokesman for Dutch national prosecutor’s office, said "S.K.” was suspected of playing a role in a wave of attacks that took place last month.
His arrest followed an investigation by authorities in the Netherlands and other European countries into Mr. Kamphuis’s involvement in one of the largest attacks on the Internet. Mr. Kamphuis has been suspected of starting a distributed denial of service, or DDoS, attack against Spamhaus, the antispam group. Such attacks are a criminal offense under Dutch law.
Mr. Kamphuis calls himself the “minister of telecommunications and foreign affairs for the Republic of CyberBunker.” But many consider him to be the Prince of Spam. He runs CB3ROB, an Internet service provider, and CyberBunker, a Web hosting company that in the past has hosted sites like WikiLeaks and the Pirate Bay, a site accused of abetting digital content piracy.
Antispam groups say they believe CyberBunker acts as a conduit for vast amounts of spam. Last month, Spamhaus, an antispam group based in Geneva, added CyberBunker to its blacklist, which is used by major e-mail providers to block spam.
In the days and weeks that followed the blacklisting, Spamhaus was targeted with an DDOS attack, its site flooded with traffic until it fell offline. After Spamhaus hired a Silicon Valley Internet security firm, CloudFlare, to defend against the attack, the attackers turned their ire on CloudFlare. When attempts to bring down CloudFlare were unsuccessful, the attackers hit back with a far more powerful strike that exploited the Internet’s core infrastructure, called the Domain Name System, or D.N.S.
Their attack quickly reached previously unknown magnitudes, growing to a data stream of 300 billion bits per second, which resulted in slowing Internet traffic for millions of Internet users around the world.
Mr. Kamphuis has denied his role in the attack and said he was only a spokesman for Stophaus, a loose organization set up to take down Spamhaus. Asked about his involvement in the attacks last month, Mr. Kamphuis told The New York Times, “We are aware that this is one of the largest DDOS attacks the world has (publicly) seen so far, yes.”
But through his Facebook page, Mr. Kamphuis has actively called on hackers to take Spamhaus offline.
“Yo anons, we could use a little help in shutting down illegal slander and blackmail censorship project ‘spamhaus.org,’ which thinks it can dictate its views on what should and should not be on the Internet,” he said on Facebook on March 23.
Dutch prosecutors singled out Mr. Kamphuis because of his vocal role. Greenhost, a Dutch Internet hosting service, said in a blog post that it had found CB3ROB’s digital fingerprints while studying the attack traffic directed at Spamhaus.
Mr. Kamphuis’s arrest in Barcelona was made through the European Union’s judicial collaboration unit, Eurojust.
Eric Pfanner contributed reporting.