Prefix hijacking by Michael Lindsay via Internap

Sun Aug 21 01:05:04 UTC 2011

Hello All,

I was hired by the Russian ISP company to get it back to the business. Due
to impact of the financial crisis, the company was almost bankrupt, but then
found the investor and have a big wish to life again.

When I tried to announce it's networks, upstreams rejected to accept it
because of Spamhaus listings. But our employer sworn there is not and was
not any spamming from the company. The Spamhaus lists all our networks as
spamming Zombies. And it IS announced and used now!!! The announce is from
American based company Internap (AS12182). I wrote the abuse report them,
but instead of stop unauthorized announces of our networks, I was contacted
by a person named 'Michael Lindsay' - he tell me he buy our networks from
some other people and demand we get back our abuse reports. Of course, we
don't. After a short googling, I found this is well-known cyber crime
person: http://www.spamhaus.org/rokso/listing.lasso?file=818&skip=0, and he
did IP hijacking with the fake letter of authorization before:
http://www.spamhaus.org/rokso/evidence.lasso?rokso_id=ROK8686 so our company
is not a first victim of him. Yes, our company "help" him with the mistake
of loosing old domain link-telecom.biz he was also squatted. This domain was
listed as contact at RIPE Database.

It is a good topic why these easy-to-forge LOAs is still in use, as
RADB/RIPE DB/other routing database with the password access is a common
thing. But this is not the main thing. The main thing is why Internap helps
to commit a crime to the well-known felony person, and completely ignores
our requests? Is there any way to push them to stop doing that immediately?
If anybody can - please help...