As the saying goes: “If the van’s a DoS’in, don’t come a knock’in.” Or something like that. Alas, for a man believed to be the controversial owner of the Dutch bulletproof hosting firm Cyberbunker, the authorities did “come a knock’in,” arresting the individual who is believed to be responsible for the world’s largest distributed denial of service (DDoS) attack.
In a statement on Sunday, the Spanish Ministry of the Interior released a statement saying that National Police agents arrested the man responsible for the attacks in response to a European arrest warrant stemming from an investigation begun by Dutch authorities. The suspect was not named, but was described as a 35 year-old from Alkmaar (Netherlands) who was apprehended while traveling in a van equipped with computer equipment and a range of antennas and used as a mobile office.
The man is believed to be Sven Kamphuis, the owner and manager of Dutch hosting firm Cyberbunker. According to the Spanish Ministry of the Interior, he claimed to be a diplomat at the time of his arrest, claiming the title of Minister of Telecommunications and Foreign Affairs of the Republic of Cyberbunker.
Photos and video of the suspect taken at the time of arrest show a thin man, seated and wearing a “Pirate Party” t-shirt. The photos do not show the suspect’s face. Other images show a disheveled office with computer equipment and cables strewn about, a computer screen displaying a map of Spain, stamps bearing the words NATO Confidential and a simple cot where the suspect slept. The surroundings look similar to the location from which Kamphuis conducted an interview on March 27.
Authorities seized two laptops and various documents relating to criminal activity, according to the Spanish Ministry of the Interior.
The investigation stems from giant DDoS attacks against the spam blacklisting organization Spamhaus in March. Those attacks were in retaliation for Cyberbunker being added to the Spamhaus blacklist. The botnet fueled traffic floods ranged up to to 300 Gigabits per second, caused ripple effects throughout the Internet, as many commercial products and companies rely on the Spamhaus blacklist as a basis for spam filtering operations. Reports, however, that the attacks were big enough to “break the Internet” didn’t pan out.
In the March 27 interview, he acknowledged Cyberbunker’s role in some attacks on Spamhaus, but blamed them on groups within China and Russia. “At this moment we are not conducting any attacks. “Our people from our group stopped any attacks yesterday morning or something.”
In other interviews in March, Kamphuis defended the DDoS attacks against Spamhaus.
“There are a lot of people who are really pissed off about this,” Kamphuis said of Spamhaus. “And we are the first to show some balls and do something about it,” he is quoted saying.
Still, Kamphuis has tried to separate himself from the DDoS attack, claiming to be just a “spokesman” for Stophaus, an informal group created to oppose Spamhaus.”I’m not doing the attacks and neither are my companies,” he said when interviewed in March.
Still, the prospect of a law enforcement crackdown appears to have occurred to the controversial Cyberbunker operator. “I’ve been arrested before, it’s no big deal.” Besides “there’s a whole bunch of embassies to run to, so I don’t think I’ll be arrested.”