Elad Cohen (was: Re: Cogent sales reps who actually respond)

Thu Sep 19 08:04:43 UTC 2019

In message <CAL9jLaaSLcS55ZO-UO0pmVeFEGmHvXxVse6WgxO_gKQb88p4iA at mail.gmail.com>
Christopher Morrow <morrowc.lists at gmail.com> wrote:

>"who cares about the sale?"

My apologies.  I see that I have failed to be adequately clear.

There was no "sale".  There was only theft, and then stolen goods
being passed from hand to hand to hand, ultimately ending up in the
hands of Mr. Cohen, who has acted and who is still acting, even as
we speak, as the penultimate monitizer of these purloined resources,
with the ongoing and helpful endorsement, I should note, of the Merit
RADB data base:

    https://pastebin.com/raw/115RifX3
    https://pastebin.com/raw/r9SRMJJk

Please note in particular, in that first file, Mr. Cohen's route object
for the entire 196.16.0.0/14 block... a block which AFRINIC historical
WHOIS records show clearly was and is the rightful property of a thing
called "Infoplan", which was the South African national government's
captive IT services arm until the passage of the "SITA Act" (1998) in
South Africa, by whose express and explict terms what used to be
"Infoplan" was subsumed and taken over, lock, stock and barrel, by the
South African government's newly formed replacement captive IT services
provider, The State Information and Technology Agency (SITA):

    https://pastebin.com/raw/cXLy6QYf

But apparently, by some miracle of persuasiveness, in addition to making
the Right Friends inside that Australian national government AND inside
the administration of the City of Cape Town... at least briefly...  Mr.
Cohen also also deftly persuaded the national government of South Africa
that they really didn't need that $4 million dollar (USD) IPv4 asset after
all (i.e. the 196.16.0.0/14 block) and that they should sell it to him for
an as yet undisclosed price.

>If the outcome of 'someone' controlling IP space is that there is
>abusive activity coming from that space...

Nobody knows what the hell is really going on with that space or what
Mr. Cohen's customers need quite so much IPv4 space for... an amount
that lots of folks in the ARIN region would kill for.

I tried to make some polite inquiries with one of Mr. Cohen's apparent
better and more noteworthy customers, and I am still awaiting some
reply, adequate or otherwise, from that company.  In the meantime,
Mr. Cohen's English language web site became notably scrubbed of the
glowing customer testimonials with which it had been previously adorned,
shortly before I started asking questions.

Nothing at all suspicious about that, now is there?

It would appear that at least one of the companies that are Mr. Cohen's
best customers, and that had previously given Mr. Cohen's company glowing
testimonials no longer wish to have their company names associated with
him or his company, at least not in public.

Now why do you suppose that might be?  And what are THEY doing with the
large and illicitly snatched IPv4 blocks that he has leased to them?

In due course, I will have more to say about Mr. Cohen's customers and
what I believe them to be up to, based on the evidence.

>If the 'rightful owners' of the space need/want it back there's clear
>redress for them via their RIR and the various networks which are /
>were offering transit to these prefixes.

No, actually, there isn't, and that's the point.

Firstly, the RIRs are not the Internet Police, and by and large they
are adamantly unwilling (and allegedly even unable) to interject even
so much as their views or firmly held beliefs into the global BGP system
of routing.  In fact, the overwhelming majority of them are so throughly
cowed, both by their memberships and their respective legal teams, that
they dare not even speak the truth of whether it is night or day for fear
of such public pronouncements being the cause of subsequent litigation.

With regards to transit providers, Mr. Cohen and his ill-gotten resorces
have now, at long last,  been 100% kicked off of Cogent, indicating that
even they, at least, find it no longer plausibly deniable that most or all
of Mr. Cohen's allegedly purchased IPv4 space just simply doesn't belong
to him.  It only took them about 15 days of fiddling to finally come
around to this inescapable conclusion, but better late than never.

With regards to to the various relevant transit providers for the small
group of commonly-owned Dutch networks to which Mr. Cohen has, of late,
been migrating his booty, I have already spent more than a week, politely
browbeating all of these transit providers, as well as an official at
AMS-IX, and I have tried my best to acquaint them all with the plain
facts of this case.

The net effect of all this effort on my part has been that AMS-IX has
shrugged and told me that there is simply nothing they can do, and the
transit providers have politely informed me that they are all "still
investigating".

Meanwhile, Mr. Cohen continues to laugh all the way to the bank, and
continues to enjoy much connectivity, centered primarily in Amsterdam,
and all of it apparently immune to anything resembling "peer pressure".

Th net effects of my sincere entreaties, over the past week or more, to
the various relevant transit providers, and to AMS-IX, do not appear to
have been materially influenced at all by me sharing with all of these
folks the information that the following commonly-owned and mutually
interconnected Dutch "bullet proof" networks seem to be Mr. Cohen's
destination of choice these days:

     Novogara, ltd.  -- AS204655
     FiberXpress     -- AS57717 ****
     Reba Holding    -- AS56611 ****
     IP Volume, Inc. -- AS202425 ****
     SpectraIP, B.V. -- AS62068  

(The ASNs with the asterisks above are all residents in AMS-IX.)

The above named networks and companies can all quite easily be tied directly
to two Dutch gentlemen named Ferdinand Reinier Van Eeden and Bartholomeus
Johannes ("Bap") Karreman.

All available public records point to the conclusion that these two gentlemen,
or perhaps Mr. Van Eeden alone, are the proprietors -and- owners of all of
the above named companies and networks.  Why they need quite so many is
something I leave for them to comment on, if they so wish.

It is worthy of note however that many most or all of the IPv4 blocks
currently assigned, by RIPE to what is nowadays called "IP volume, Inc."...
an entity allegedly incorporated in the Seychelles Islands... were blocks
that were prevously the property of the bullet proof Dutch hosting company
known, until its disapperance, as Ecatel, and that these same blocks were
then the property of the Dutch bullet proof hosting network known as Quasi
Networks, until it's disapperance, in turn.

    https://pastebin.com/raw/9zft6eVZ
    https://pastebin.com/raw/6czXQVTg
    https://pastebin.com/raw/Y1j5B1cp

Based on the historical record, one could be forgiven, I think, for inferring
that Mr. Van Eeden and Mr. Karreman, in the form of their various corporate
personas, may have repeatedly changed their stripes in order to avoid scrutiny
and/or to dodge the bad publicity associated with their prior and now defunct
networking company facades.

I mean seriously... Who would today guess that IP Volume, or either Mr. Van
Eeden or Mr. Karreman had ever had anything at all to do with the now 
dissolved Quasi Networks, a company that even Dhia Mahjoub, head of Cicso's
Umbrella network security division characterized, in his RIPE-77 presentation,
as an unrepentant "bullet proof hoster"?  (See slide 11, lower right.)

https://ripe77.ripe.net/wp-content/uploads/presentations/134-RIPE77_Anti_Abuse_WG.pdf

So now, it seems, after having had their prior bullet proof corporate entities
become of such ill-repute that they became a hidrance, rather than a help,
Mr. Van Eeden and Mr. Karreman have now discovered the advantages of the
Seychelles Islands, where questions can be asked, but where none are ever
answered.  (Mind you that is -only- where Mr. Van Eeden's and Mr. Karreman's
latest business venture is incorpotated.  The acutual network is still very
firmly in place in Amsterdam, as far as I can tell.)

And now that the demonstratably ethical Mr. Cohen has had his ass kicked
to the curb by even Cogent, he has signed up for routing service with
the ever socially-responsible Mr. Van Eeden and Mr. Karreman.   Who woulda
thunk it!

The important take away is that all of these clowns and crooks are still
very much in business, as we speak and, as I have said, laughing all the
way to the bank.  The transit providers and AMS-IX all apparently need
something more than I have it in my power to give them, before they can be
persuaded to drop all of these mischievous turkeys, as they all quite
certainly should.

In the case of AMS-IX, it is my sincere hope that it will not again
require another unfortunate confrontation with Spamhaus in order to
bring them around to yet another "Come To Jesus" moment, but at present
they do appear bent on defending their rights to do the indefensible,
despite anything approximating reasoned argument... as has happened
before in their case.

I never like to generalize to entire populations, and I will therefore
refrain from suggesting any endemic or widespread defect in the Dutch
national psyche, but I cannot help but note that, as pointed out in
the MyBroadband.co.za news report, a gentleman named Maikel Uerlings,
who is also Dutch, and who presently appears to be notably absent from the
Netherlands, perhaps due to certain less-than-friendly legal entanglements,
is also, it appears, intimately connected to Mr. Cohen and to his business,
such as it is.  It would be entirely improper for me to say or even to
suggest that the Dutch are any more inclined toward cybercrime, or toward
looking the other way while it takes place, than anyone else.  I will
instead only paraphrase William Shakespeare and say that there is something
rotten in the Netherlands, and that whatever it is, it ain't doing their
national reputation any good at all.

I continue to hope that they themselves will rectify that in short order.

Regards,
rfg