Fwd: Interesting Point of view - Russian police and RIPE accused of aiding RBN

Sat Nov 7 01:39:10 UTC 2009

---------- Forwarded message ----------
From: noc acrino <noc.akrino at gmail.com>
Date: 2009/11/6
Subject: Re: Interesting Point of view - Russian police and RIPE accused of
aiding RBN
To: Jeffrey Lyon <jeffrey.lyon at blacklotus.net>

Thanks for the quick answer, Jeffrey.

2009/11/6 Jeffrey Lyon <jeffrey.lyon at blacklotus.net>

Kanak,
>
> It's good to see you here. The primary issue is that we receive a fair
> deal of customers who end up with wide scale DDoS attacks followed by
> an offer for "protection" to move to your network. In almost every
> case the attacks cease once the customer has agreed to pay this
> "protection" fee. Every one of these attacks was nearly identical in
> signature.
>
> I would be very grateful if you provide the history of those communications
- in fact we have never organized the DDoS-attacks ourselves, it's just
nonsense. Our AS is ready for any public testing to see what we are really
doing. I realize the fact that none of the normal network operators have any
instruments to organize a heavy DDoS-attack but a single web-engineer can
test any web-server in our network to see the algorithms of traffic
analyzing and attacks mitigation.

> A couple of years back we followed up on this and a handful of trusted
> security analysts who focus on RBN alleged that Akrino was an RBN
> shill network thus prompting the spawn of this article:
>
> http://www.computerworld.com/s/article/9063418/Russian_hosting_network_running_a_protection_racket_researcher_says
> .
>
I'm sorry, in this article there's no concrete reference to Akrino Networks.
And no evidence that we're affiliated. I would ask any person of the
maillist to check the domain history (for example, using domaintools.com) to
see whether the A-records of those domains (for example, TheCanadianMeds.com
and OfficialMedicines.com) have ever been bind to Akrino Networks. I must
buy some extra service units to make this kind of report - if you wait I'll
be ready in a few days. And anyway this also won't be a proof of evidence -
the malefactor could do this binding specially but we have never served
these A-records.

I'd be grateful if you show any current problems concerning this AS, let's
investigate the issue together. We not long ago closed a number of spam
sources within our networks (yes, there really were a few problem clents) in
collaboration with the Spamhaus team and we are always ready to help our
colleagues if there's a need to.

> Since first seeing your network arise in early 2008 i've never
> actually seen anyone claim to own it and a Google search for your name
> and ASN were completely devoid of any useful information. The ASN and
> IP assignment are registered to a BVI offshore corporation that based
> on my research do not seem to correlate to any legitimate commercial
> activity. All of these things seem to support the Computerworld
> article.
>
> And as I've already mentioned, we're forced to hide because of the personal
security. ( We can provide the documents concerning our activity only after
an official request obligating the requesting organization to keep this data
privately.

Why have I written only now? I've discovered this claim now by chance and
have been greatly disappointed. Now I have to prove that Akrino Networks has
nothing to do with RBN and I can't even imagine a more comical and at the
same time weird situation.

> I would love to be proven wrong on this issue as I do not like to see
> a good net op ostracized without just cause. Perhaps your reseller(s)
> are giving you a bad name? Either way I would love to chat, feel free
> to Skype: blacklotus.net .
>
> Thank you for this proposition, I'll contact you tomorrow.

Kanak

Akrino Abuse Team