Tier 1 networks don't buy bandwidth from anyone, so the majority of the weight of the attack ended up being carried by them. While we don't have direct visibility into the traffic loads they saw, we have been told by one major Tier 1 provider that they saw more than 300Gbps of attack traffic related to this attack. That would make this attack one of the largest ever reported.

The challenge with attacks at this scale is they risk overwhelming the systems that link together the Internet itself. The largest routers that you can buy have, at most, 100Gbps ports. It is possible to bond more than one of these ports together to create capacity that is greater than 100Gbps however, at some point, there are limits to how much these routers can handle. If that limit is exceeded then the network becomes congested and slows down.

Over the last few days, as these attacks have increased, we've seen congestion across several major Tier 1s, primarily in Europe where most of the attacks were concentrated, that would have affected hundreds of millions of people even as they surfed sites unrelated to Spamhaus or CloudFlare. If the Internet felt a bit more sluggish for you over the last few days in Europe, this may be part of the reason why.

Questioned about the attacks, Sven Olaf Kamphuis, an Internet activist who said he was a spokesman for the attackers, said in an online message that, "We are aware that this is one of the largest DDoS attacks the world had publicly seen." Mr. Kamphuis said Cyberbunker was retaliating against Spamhaus for "abusing their influence."

"Nobody ever deputized Spamhaus to determine what goes and does not go on the Internet," Mr. Kamphuis said. "They worked themselves into that position by pretending to fight spam."

While lists of open recursors have been passed around on network security lists for the last few years, on Monday the full extent of the problem was, for the first time, made public. The Open Resolver Project made available the full list of the 21.7 million open resolvers online in an effort to shut them down.

We'd debated doing the same thing ourselves for some time but worried about the collateral damage of what would happen if such a list fell into the hands of the bad guys. The last five days have made clear that the bad guys have the list of open resolvers and they are getting increasingly brazen in the attacks they are willing to launch. We are in full support of the Open Resolver Project and believe it is incumbent on all network providers to work with their customers to close any open resolvers running on their networks.

"As soon as I open the front door, I hear this guy yelling at me, behind a squad car, pointing a pistol at me saying: 'Don't move. Put your hands up,'" Krebs, who is a long-time friend and colleague, told me. "The first thing I said was: 'You've got to be kidding me.'"

In all, there were at least a dozen officers with pistols, shotguns, and assault rifles pointed at him. They had police dogs circling his house and cruisers had sealed off a nearby street. Krebs, who was dressed in just gym shorts and a T-shirt, complied. Wisely.

"Two different guys were barking orders at me," he continued. "I finally said: 'Which way should I go?'" One officer told Krebs to lie on the ground, but before he could comply the other cop ordered Krebs to walk backwards. Eventually, "they put the cuffs on me and took me up the street. I was freezing the whole time."

After about five minutes in custody, Krebs explained that he was the victim of a monstrous crime known as swatting. One of the officers asked if Krebs was the person who had filed a report a few months earlier. When Krebs replied yes, the officers did a quick search of his home. With preparations for a dinner party clearly on display, it quickly became apparent that Krebs' home was not a crime scene and that the call was part of a fiendish plot. An officer told him later that they had tried calling him before he opened his front door but no one had answered the phone.

Often local police are left to investigate, even when the perpetrators may be half a world away. He wants that to change. "Your local police department, the ones that are responding to these distress calls, they don't have the bandwidth," he said. "This is an area where federal law enforcement needs to be coordinating investigations. I'd like to see some sort of recognition or statement from federal law enforcement that this is something they're actively investigating."

Citizens of the world,

Anonymous has observed for some time now the trajectory of justice in the United States with growing concern. We have marked the departure of this system from the noble ideals in which it was born and enshrined. We have seen the erosion of due process, the dilution of constitutional rights, the usurpation of the rightful authority of courts by the "discretion" of prosecutors. We have seen how the law is wielded less and less to uphold justice, and more and more to exercise control, authority and power in the interests of oppression or personal gain.

We have been watching, and waiting.

Two weeks ago today, a line was crossed. Two weeks ago today, Aaron Swartz was killed. Killed because he faced an impossible choice. Killed because he was forced into playing a game he could not win -- a twisted and distorted perversion of justice -- a game where the only winning move was not to play.

However, in order for there to be a peaceful resolution to this crisis, certain things need to happen. There must be reform of outdated and poorly-envisioned legislation, written to be so broadly applied as to make a felony crime out of violation of terms of service, creating in effect vast swathes of crimes, and allowing for selective punishment. There must be reform of mandatory minimum sentencing. There must be a return to proportionality of punishment with respect to actual harm caused, and consideration of motive and mens rea. The inalienable right to a presumption of innocence and the recourse to trial and possibility of exoneration must be returned to its sacred status, and not gambled away by pre-trial bargaining in the face of overwhelming sentences, unaffordable justice and disfavourable odds. Laws must be upheld unselectively, and not used as a weapon of government to make examples of those it deems threatening to its power.

The U.S. Sentencing Commission website has been hacked again and a code distributed by Anonymous "Operation Last Resort" turns ussc.gov into a playable video game.

Visitors enter the code, and then the website that sets guidelines for sentencing in United States Federal courts becomes "Asteroids."

Shooting away at the ussc.gov webpage reveals an image of Anonymous. The trademark Anonymous "Guy Fawkes" face is comprised of white text saying, "We do not forgive. We do not forget."

The exploit is probably counterproductive too. Apart from turning those who want reform of computer crime law into the allies of lawbreakers, Anonymous has substantively hurt the case for amending the CFAA. Heavy criminal penalties are entirely appropriate for people who hack a Supreme Court Justice’s account and disclose personal secrets. But it’s not easy to redraft the CFAA so it reflects the difference between Swartz and the Anonymous hackers, at least not without relying on precisely the prosecutorial discretion that the Swartz prosecutors misused.

Finally, I wonder if this incident won’t affect the Supreme Court’s approach to cybercrime issues. As Frank Rizzo once said, a conservative is a liberal who’s been mugged. If that’s true, every time Anonymous mugs one of the Justices in cyberspace, it could be making the Court just a little less enthusiastic about limiting the tools the government uses to deter computer crime

Not that any of the justices have shown much enthusiasm up to now, but the alternative to bad isn't necessarily good. Things can always get worse.

The first indication that Anonymous made a left turn when it should have made a right was when it picked the United States Sentencing Commission website to show its might. Nobody noticed, because, well, nobody cares about the USSC anymore.

Had this happened a generation ago, it might have meant something. Yesterday, it likely evoked a chuckle and a face palm. Post Booker and some actual crack reforms, it was a big nothing.

So you guys can hack an outlier agency that has drifted into relative irrelevance. Got it. Have a nice day. The USSC is symbolic of nothing other than government bloat. The guidelines don't enable prosecutors to cheat citizens of their constitutionally guaranteed rights. Citizens do that to each other. We do it each time we elect a legislator who calls for tougher laws. We do it each time we demand the creation of a new crime because of the tragic death of a child. We do it whenever we elevate safety over freedom. And that's what Americans do...

By taking out the USSC website, you disturbed nothing while annoying the government. When the head of the FBI cybersecurity squad gets done laughing, he's going to find someone else to prosecute. It may not be one of you, but it will be someone, or more likely, a whole gang of people with computers. And they have guns. Pissing them off over nothing isn't effective. It's just begging for retaliation, and the government has no sense of humor (or irony).

“Aaron’s death is not simply a personal tragedy. It is the product of a criminal justice system rife with intimidation and prosecutorial overreach. Decisions made by officials in the Massachusetts U.S. Attorney’s office and at MIT contributed to his death.”

To the members of the MIT community:

Yesterday we received the shocking and terrible news that on Friday in New York, Aaron Swartz, a gifted young man well known and admired by many in the MIT community, took his own life. With this tragedy, his family and his friends suffered an inexpressible loss, and we offer our most profound condolences. Even for those of us who did not know Aaron, the trail of his brief life shines with his brilliant creativity and idealism.

Although Aaron had no formal affiliation with MIT, I am writing to you now because he was beloved by many members of our community and because MIT played a role in the legal struggles that began for him in 2011.

I want to express very clearly that I and all of us at MIT are extremely saddened by the death of this promising young man who touched the lives of so many. It pains me to think that MIT played any role in a series of events that have ended in tragedy.

I will not attempt to summarize here the complex events of the past two years. Now is a time for everyone involved to reflect on their actions, and that includes all of us at MIT. I have asked Professor Hal Abelson to lead a thorough analysis of MIT's involvement from the time that we first perceived unusual activity on our network in fall 2010 up to the present. I have asked that this analysis describe the options MIT had and the decisions MIT made, in order to understand and to learn from the actions MIT took. I will share the report with the MIT community when I receive it.

I hope we will all reach out to those members of our community we know who may have been affected by Aaron's death. As always, MIT Medical is available to provide expert counseling, but there is no substitute for personal understanding and support. With sorrow and deep sympathy,

L. Rafael Reif

With the advance in internet techonology, comes new grounds for protesting. Distributed denial-of-service (DDoS), is not any form of hacking in any way. It is the equivalent of repeatedly hitting the refresh button on a webpage. It is, in that way, no different than any "occupy" protest. Instead of a group of people standing outside a building to occupy the area, they are having their computer occupy a website to slow (or deny) service of that particular website for a short time.

The service outage was not caused by external influences. It was not a "hack" and it was not a denial of service attack (DDoS). We have determined the service outage was due to a series of internal network events that corrupted router data tables. Once the issues were identified, we took corrective actions to restore services for our customers and GoDaddy.com. We have implemented measures to prevent this from occurring again.

At no time was any customer data at risk or were any of our systems compromised.

Unfortunately, some groups believe that speech or ideas that they disagree with should be silenced. This could not be more wrong. No matter the point of view, everyone has a right to be heard.

The motion picture and television industry has always been a strong supporter of free speech. We strongly condemn any attempts to silence any groups or individuals.

The Internet is home to creativity, innovation and free speech. We want to keep it that way. Protecting copyrights and protecting free speech go hand in hand."

“There’s no such thing as a DDoS ‘attack’,” Leiderman said. “A DDoS is a protest, it’s a digital sit in. It is no different than physically occupying a space. It’s not a crime, it’s speech.”

Leiderman said the crimes shouldn’t be prosecuted at all. “Nothing was malicious, there was no malware, no Trojans. This was merely a digital sit in. It is no different from occupying the Woolworth’s lunch counter in the civil rights era.”

"I think this is a political persecution, end of story," Cohen said. "This administration wants to send a message to those who would register their opposition: 'you come after us, we're going to come after you.' That's what has happened in the Eric Holder Department of Justice."

"When Obama orders supporters to inundate the switchboards of Congress, that's good politics, when a bunch of kids decide to send a political message with roots going back to the civil rights movement and the revolution, it's something else," Cohen told TPM, stipulating that he was not indicating that his client was even involved. "Barack Obama urged people to shutdown the switchboard, he's not indicted."

Recently we heard from a user who mirrored the Cablegate documents on his website. His hosting provider SiteGround suspended his account, claiming that he "severely" violated the SiteGround Terms of Use and Acceptable Use Policy. SiteGround explained that it had gotten a complaint from an upstream provider, SoftLayer, and had taken action "in order to prevent any further issues caused by the illegal activity."

SiteGround told the user that he would need to update his antivirus measures and get rid of the folder containing the Wikileaks cables to re-enable his account. When the user asked why it was necessary to remove the Wikileaks folder, SiteGround sent him to SoftLayer. The user asked SoftLayer about the problem, but the company refused to discuss it with him because he isn't a SoftLayer customer. Finally, SiteGround told the user that SoftLayer wanted the mirror taken down because it was worried about the potential for distributed denial of service (DDOS) attacks. When the user pointed out that no attack had actually happened, and that this rationale could let the company use hypothetical future events to take down any site, SiteGround said that it was suspending the account because a future DDOS attack might violate its terms of use.

Some of you may have heard a few popcorn farts re: our sites being threatened by hackers.

Our legal team and the FBI have been on the case and we have found a few, shall we say "adventurous" young people, who feel they are above the law.

And, as stated in my MIPCOM speech, we will sue their pants off.

First, they will be punished.

Second, they might find their little butts in jail, right next to someone who's been there for years and is looking for a new girl friend.

We will soon be printing their names and pictures.

We will find you.

You cannot hide.

Stay tuned

Beginning Friday, an AT&T customer was impacted by a denial-of-service attack stemming from IP addresses connected to img.4chan.org. To prevent this attack from disrupting service for the impacted AT&T customer, and to prevent the attack from spreading to impact our other customers, AT&T temporarily blocked access to the IP addresses in question for our customers. This action was in no way related to the content at img.4chan.org; our focus was on protecting our customers from malicious traffic.

Overnight Sunday, after we determined the denial-of-service threat no longer existed, AT&T removed the block on the IP addresses in question. We will continue to monitor for denial-of-service activity and any malicious traffic to protect our customers.