Contacts wanted: OVH, DigitalOcean, and Microsoft (Deutschland)

• Previous message (by thread): Contacts wanted: OVH, DigitalOcean, and Microsoft (Deutschland)
• Next message (by thread): Contacts wanted: OVH, DigitalOcean, and Microsoft (Deutschland)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This entire thread could easily have been simply :

"Hey all! I'm having some challenges reaching a live person in the abuse
groups for X, Y, and Z. Can anyone help with a contact, or if anyone from
those companies sees this, can you contact me off-list?"

Calling everyone an idiot in the midst of Endless Pontification isn't
really a recipe for success.

On Mon, Mar 18, 2019 at 8:04 PM Ronald F. Guilmette <rfg at tristatelogic.com>
wrote:

>
> OVH, DigitalOcean, and Microsoft...
>
> Is there anybody awake and conscious at any of these places?  I mean
> anybody who someone such as myself... just part of the Great Unwashed
> Masses... could actually speak to about a real and ongoing problem?
>
> Maybe most of you here will think that this is just a trivial problem, and
> one that's not even worth mentioning on NANOG.  So be it. Make up you own
> minds.  Here is the problem...
>
> For some time now, there has been an ongoing campaign of bitcoin
> extortion spamming going on which originates primarily or perhaps
> exclusively from IPv4 addresses owned by OVH and DigitalOcean.
> These scam spams have now been publicised in multiple places:
>
>    https://myonlinesecurity.co.uk/fake-cia-sextortion-scam/
>
> Yea, that's just one place, I know, but there's also no shortage of people
> tweeting about this crap also, in multiple languages even!
>
>     https://twitter.com/SpamAuditor/status/1107365604636278784
>     https://twitter.com/dvk01uk/status/1107510553621266433
>     https://twitter.com/bortzmeyer/status/1107737034049900544
>     https://twitter.com/ariestess69/status/1107468838596038656
>     https://twitter.com/bernhard_mahr/status/1107513313020297216
>     https://twitter.com/jzmurdock/status/1107679858945974272
>     https://twitter.com/gamamb/status/1107384186548207617
>     https://twitter.com/davidgsIoT/status/1107725201331097606
>     https://twitter.com/cybers_guards/status/1107675396076560384
>     https://twitter.com/ThatHostingCo/status/1107588660831105024
>     https://twitter.com/fladna9/status/1107554090765242368
>     https://twitter.com/JUSTADACHI/status/1107549777607184384
>     https://twitter.com/okhin/status/1107627379650908160
>     https://twitter.com/Purple_Wyrm/status/1107454618705887232
>     https://twitter.com/LadyOFyre/status/1107349022220550144
>     https://twitter.com/laurelvail/status/1107345980062523392
>     https://twitter.com/Alex__Rubio/status/1107595560440217600
>
> The thing of it is that ALL of this crap... al of these scam spams... are
> quite obviously originating out of the networks of OVH and DigitalOcean.
> And it's not even all that hard to figure out where from, exactly and
> specifically.  I generated the following survey, on the fly, last night,
> based on a simple reverse DNS scan of the evidently relevant addrdess
> ranges:
>
>     https://pastebin.com/raw/WtM0Y5yC
>
> As anyone who isn't as blind as a bat can easily see, there's a bit of a
> pattern here.  All of the spam source IPs are on just two ASNs:
>
>    AS16276 - OVH SAS
>    AS4061 - DigitalOcean, LLC
>
> It's equally clear that there have already been numerous reports about this
> ongoing and blatantly criminal activity that have been sent to the
> low-level
> high school dropout interns that these companies, like most others on the
> Internet these days, choose to employ as their first-level minions in their
> "not a profit center" abuse handling departments.  So, guess what?
> Surprise,
> surprise!  None of those clue-deprived flunkies have apparently yet managed
> to figure out that there's a pattern here.  Duh!.  As a result, the
> scamming
> and the spamming just go on and on and on, and the spammer-scammer just
> keeps on getting fresh new IP addresess on both of these networks... and
> fresh (and utterly free) new domain names from the equally careless company
> called Freenom.
>
> So, you know, I really would appreciate it if someone could either put me
> in touch with some actual sentient being at either OVH or DigitalOcean...
> assuming that any such actually exist... or at the very least, try to find
> one to whom clue may be passed about all this, because although these scam
> spams were kind of humorous and novel at first, the novelty has now worn
> off
> and they're really not all that funny anymore.
>
> Oh!   And while we are on the subject, I'd also like to obtain a contact,
> preferbly one which is also and likewise in possession of something roughly
> approximating clue, at this place:
>
>    AS200517 - Microsoft Deutschland MCIO GmbH
>
> The reason is that although MS Deutschland is most probably not the source
> of any of the spams, they, or at least their 51.18.39.107 address, do
> appear
> to be mixed up in all of this somehow:
>
>     https://pastebin.com/raw/ziVNCmZ8
>
> I dunno.  Maybe Microsoft has managed to engineer a merger with the CIA (?)
> If not, then maybe they would be so kind as to rat out this specific
> criminal
> customer of their's to appropriate authorities.
>
> Don't get me wrong. I heartily applaud Microsoft's Digital Crimes Unit for
> all of the admirable work they do, but you know the old saying... charity
> begins at home.  So my hope is that they will seek to get this low-life off
> their network immediately, if not sooner, and then also seek to arrange
> suitable long term accomodations for him in, say, Florence, Colorado, or,
> if he/she/it has a higher than average level of tan, I hope that they will
> make all necessary inquiries to find out if there are still any open bunks
> available in Gitmo.
>
>
> Regards,
> rfg
>
>
> P.S.  In recent days, the popular media has fanned the flames of
> controversy,
> as it is their habit to do, over the question of whether or not the various
> social media companies could have somehow automagically spotted and
> deleted,
> in real time, with some sort of yet-to-be-invented artificial intelligence
> wizardry, the shooter videos from New Zealand.  Of course, none of the TV
> personalities who so cavalierly offer up their totally uninformed opinions
> on this question have ever themselves gotten within a country mile of the
> kinds of AI that could, perhaps in another decade or three, reliably
> distinguish between a video of a msss shooting and a video of a
> particularly
> raucous birthday party.  It's a hard problem.
>
> In contrast to that hard problem, spotting the kind of trivial reverse DNS
> pattern I've noted above is child's play and a no brainer.  Why then, one
> might reasonbly ask, have the combined abuse departments of both OVH and
> DigitalOcean been either utterly unable or else utterly unwilling to do so?
> Solving these kinds of trivial problems does not await the development of
> some advanced new artificial intelligence.  It just requires the judicious
> application of a small bit of the non-artificial kind of intelligence.  But
> the industry, it seems, can't, or won't, even manage that.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20190319/8330ad45/attachment.html>

• Previous message (by thread): Contacts wanted: OVH, DigitalOcean, and Microsoft (Deutschland)
• Next message (by thread): Contacts wanted: OVH, DigitalOcean, and Microsoft (Deutschland)
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]