Monday, 21 July 2014

Andrew Stephens

From the Facebook pages come the thoughts of Chairman Stephens on :-


The STOPhaus Movement gained notoriety during the, then largest DDoS attack in recorded history, against anti-spam outfit Spamhaus. The 300gps attack inundated Spamhaus’ removal servers for 5 days before they recruited an American firm by the name of Cloudflare to mitigate the attack. After another 3 days of unsuccessful attempts to mitigate the attack, Cloudflare put out a press release that startled the world entitled, “The DDoS that Almost Broke The Internet”. This press release was picked up by Nicole Perlroth of the New York Times and reprinted in almost every tech column across the globe. The actors behind the attack were mysteriously known as a collective called STOPhaus. What was unknown is what STOPhaus is and what led up to the attack that was so abusively misreported.

In 2009 I operated a small IT and Web Design firm in Cincinnati, OH called IBT, Inc. or Integrated Business Technologies. During it’s startup phase I hired a systems administrator from Craigslist named Donald D.. This admin was more than adequate to operate our network, but came from a business that used “spam” as a marketing tool. He was the SysAdmin for a job-board and his former employer wanted him to send out email to the users that submitted resumes to the job board. I didn’t see an issue with that, but I was also not an expert in spam, other than that I knew I didn’t like it. I sure didn’t think we were spamming and we didn’t have complainers saying we were either, until Spamhaus complained very publicly that is.

We became close acquaintances until one day it seems that I found myself on a list ran by an international private organization named Spamhaus, that stated I was a “spam supporter” because Don setup this mailing system using one of the company’s ns records. The domain registration was not private because I, as the company rep, had no idea that we were doing something that was frowned upon and had not received “digital frowns” aka “complaints”. In a layman’s eyes, it appeared that we were marketing to opt-in recipients collected through authentic means and in 2009 I was still getting my feet wet in email marketing, so the fine lines between spam and commercial email had not been established.

The accusations in this ROKSO file were fictitious, egregious, libelous, and provoking and I was pretty easily provoked at the time. So, I went on to a USENET group called N.A.N.A.E. to find the CEO of this abusive DNSBL (blacklist) operator, Stephen John Linford, as he founded his efforts on this group and his support system is active there. I was quickly attacked and called vicious names as were my family and friends and I didn’t take kindly to such activities, so I responded with a mass media campaign against this type of behavior.

During this media campaign Spamhaus used their support system to knock down blogs hosted on WordPress, Blogger, and Webs. They had Gmail accounts removed, over 100 virtual servers were terminated, a dozen or more dedicated servers were terminated with no warning or explanation other than, “because you are on the Spamhaus list”, and several hundred domains were rendered useless by underhanded tactics of getting a registrar to suspend a domain name… waiting on it to be transferred to a new registrar (by coercion)…and then having the new registrar do the same so the ICANN waiting period would prevent material from being hosted on the domain. This is only one of many attacks Spamhaus initiated against our media sites, which were merely hosted to combat the libel Spamhaus was publishing.

This went on for a number of years before we finally started The STOPhaus Movement in Nov. of 2011, which was an effort to make the abusers see their abuse via mimicking them. Spamhaus did not like this much and started attacking the hosts for STOPhaus materials until we finally located Sven Olaf Kamphuis of Cyberbunker o n the Spamhaus ROKSO list. Yes, Spamhaus was our referral to Cyberbunker. Sven told us, “If it is not illegal, we will host it”. We were ecstatic to find someone that believed in free media, but the ecstasy would be short-lived, as Spamhaus attacked Cyberbunker’s upstream continuously, trying to force them to shut down the STOPhaus content, and they refused…but Steve Linford and his band of extortionists were not going to stop harassing our ISPs until they were able to stop the media campaign against them. That is, until their actions made headline news across the globe and they were put under a microscope and didn’t have a lot of choice other than to back off.

In March of 2013 a group was formed with the intent to shut down Spamhaus. This group had no name, only met on IRC, Jabber, and Skype. The group included ISPs and domain registrars from 5 continents and over a dozen countries…all with one goal…stop DNSBL Censorship. One day an attack was begun against Spamhaus’ by a member of the group and the group supported the attacker in his efforts to “make a statement”. This was not an anonymous attack by criminals with motives of financial gain, it was a protest by innocent civilians who were being attacked in the shadows by a private censorship component, complete with propaganda, and demands.

When it became international news we knew we had to take credit for it or our goals would never be released and the attack would be in vain, so we had to find a spokesman and a name for the group. Sven had already done such things for Cyberbunker, so he was perfect and volunteered to be the public relations coordinator and the name “STOPhaus” was already being used to combat such things. So we took the name TSM or The STOPhaus Movement and Sven contacted the media for interviews. This put the heat on Sven and we knew that he would eventually be persecuted for being the messenger, but he’s a team player and was willing to be self-sacrificial for the good of the internet community as a whole…like he’s always done.

Little did we know that the media would then make it about a scuffle between Cyberbunker and Spamhaus. That was actually a great unexpected twist to minimize the movement, but ultimately a failure because a movement can’t be silenced. The actors behind the Spamhaus attack were making a global point, that DNSBLs who use their influence to censor media or to profit are not doing a public service, but rather working on someone’s agenda and censoring media in the process. In Spamhaus’ case, the agenda belongs to large media Corps looking to control opinion, such as Google and Email Service Providers (see MAAWG). Other DNSBLs may have other agendas, but the fact that private DNSBLs have enough influence to cause the censorship of media and have the agenda of manipulating public opinion is quite enough to get our attention.

The STOPhaus Movement has several accounts, including a twitter account, several FB groups, and their own IRC channel but no individual administers any of them. The groups have dynamic administration teams and even the domains such as and are controlled by several entities in multiple countries. STOPhaus is merely a voice for those that choose to note security flaws in the internet that affect a human’s ability to publish opinion. If those flaws are tied into spam-fighting then they need to be fixed so that spam can be fought without private blacklists and ISPs working cooperatively or by coercion to eliminate opinions they find unsettling.

The STOPhaus attack has proven that Spamhaus is using AMERICAN PUBLIC SERVANTS to mitigate attacks vicariously through Cloudflare, that Cloudflare is using American Law Enforcement to mitigate DDoS attacks that they are being paid to mitigate themselves, and that DNSBLs have far too much influence on internet media to remain unregulated by democratically elected global authorities. The STOPhaus attack readdressed a major flaw in the entire internet protocol, made the internet community aware of DNSBL coercion, and brought attention to DoS attacks, conducted by Spamhaus in the shadows for a decade. As long as private business are allowed to use capitalism to control media, the internet will always be a propaganda machine instead of an information superhighway. Sign The Petition to STOP SPAMHAUS!


So here we have Andrew Stephens admitting that he was part of The Stophaus Movement that was responsible for a DDOS on Spamhaus.