Operational value and legality of Spamhaus vs. unfounded accusations by Elad Cohen

Cooke, David david.g.cooke at baesystems.com
Thu May 14 18:29:41 UTC 2020

Could I request NANOG to remove this thread completely and take the soap opera elsewhere.


From: NANOG [mailto:nanog-bounces+david.cooke=baesystemsdetica.com at nanog.org] On Behalf Of Owen DeLong
Sent: Thursday, May 14, 2020 1:55 PM
To: Elad Cohen
Cc: nanog at nanog.org
Subject: Operational value and legality of Spamhaus vs. unfounded accusations by Elad Cohen

This email has been sent from an account outside of the BAE Systems network.

Be aware that this could be a phishing attempt. For more guidance, search "phishing email" on Connect. If you think this is a phishing email report it using the "PhishMe" button on Outlook.

Subject changed per request from NANOG staff.

On May 13, 2020, at 19:20 , Elad Cohen <elad at netstyle.io<mailto:elad at netstyle.io>> wrote:

This is the second time I’ve seen you make this claim in public. I see nothing in the slide deck you linked which claims they are illegal.
According to their private presentation in the following link - they receive on a regular basis private data from their contacts in internet companies and internet organizations in illegal way - and then they share it with Law Enforcement Agencies in illegal way (without any warrant).

https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Violation<https://www.scribd.com/document/445894312/Spamhaus-Illegal-Private-Data-Violation >

You keep claiming that they receive this data in an illegal way, yet have not substantiated that claim with any actual evidence.

Continuing to point to the same slide deck which only states that they hold a lot of information provided in confidence by industry players and that the “players” in question provide the information with the understanding that Spamhaus may pass it on to LEA “where needed”.

There’s nothing in the slide deck about the nature of the information (nothing says it is private data, though I suppose that might be implied to some extent by “provided in confidence”). Certainly nothing says that it is illegal for their contacts to provide said data or that they don’t have appropriate permission from the data owners, etc.

Nor does it say that they are anonymous, in fact, the CIO’s name (Richard D G Cox) is prominently displayed on the title slide.
Spamhaus using fake names such as "Mike Anderson", "Rob Shultz", "Thomas Morrison", "Pete Dewas" - is a fact.
Richard D G Cox name is displayed in the presentation - because it was a private presentation that was displayed in a private event and they never knew that it will become public.

You’ll need to provide a basis and some evidence to back that up. Otherwise, it’s just your word, which frankly, IMHO, isn’t worth the electrons it’s transmitted on.

I seriously doubt that if they were truly the criminals you say they are, they would be permitted to name the FBI as a partner on their website: https://www.spamhaus.org/organization/<https://www.spamhaus.org/organization/ >
They are helping Law Enforcement Agencies on a regular basis and in very high volume according to their own presentation (by sharing with them all the illegaly-obtained privacy data) - so Law Enforcement Agencies look the other way.

Not generally the way criminals work.

Again, “illegally obtained privacy data” is your accusation without evidence so far.

Do you have a basis for this claim? Do you have evidence to support it?

I also sincerely doubt that if they were criminals, as you state, that they would be admitted as members, let alone receive awards from the National Cber-Forensics and Training Alliance.
Some of the employees of Spamhaus are past members of Law Enforcement Agencies, such as Andrew Fried (from deteque.com<http://deteque.com/ > - owned by Spamhaus) - which was a former special agent in USA government before hoped to his new job at Spamhaus. They are connected to the Law Enforcement Agencies in the Western world.

So your claim is that the FBI is supporting former agents who have become career criminals and are operating organizations that should be prosecuted under the RICO act?

That’s quite an accusation… Care to present any evidence to back it up? Truth is an absolute defense to defamation in the US, but unless you have some evidence to back that up, the only thing protecting you from a successful lawsuit at this point is probably:
            +          Your credibility is so completely lacking, it’s unlikely your (likely false) accusations are causing actual harm (the plaintiff must show harm)
            +          They probably consider it to be not worth their time and expense to bother with you.

Indeed, ISPA has also presented them with an “Internet Hero Award”.
Yes, they help Law Enforcement Agencies, but in illegal way.

You keep saying this as if continuing to repeat it while still providing zero evidence to support the claim somehow makes it more believable.

It is true that repeating a lie makes it more likely for others to fall for it, but only if those to whom you are repeating the lie aren’t aware that it’s a lie.

            https://en.wikipedia.org/wiki/Illusory_truth_effect<https://en.wikipedia.org/wiki/Illusory_truth_effect >

The problem you have here is that your audience knows better.

Frankly, when it comes to the issues of criminality, I think Spamhaus has significantly more credibility than you do.
Thank you for keep taking part in the illegal cyber influence operation. I dislike the word "credibility" - I like the words facts and data. Facts and data are booleans and don't let imbaciles like you are to have an opinion, please relate to facts and to data.

Fact: Your IPv4+ idea makes no sense.
Fact: Your proposed solution to dDOS is a non-starter for multiple technical reasons.
Fact: Your proposed solution(s) to the SPAM problem are impractical at best and likely do more harm than good.
Fact: You have admitted that you have little to no operational network engineering experience.
Fact: I’ve been doing this for more than 25 years and I have a deep understanding of how the network actually works.
Fact: You’ve provided zero evidence to support your specious accusations against Spamhaus.
Fact: Spamhaus has a good reputation in this community for the most part.
Fact: You’ve now engaged in an ad hominem attack which is prohibited on this list by its charter.
Fact: You mis-spelled imbecile in your ad hominem attack.

That’s an awfully strange interpretation of (presumably):
“Spamhaus holds a lot of information provided in confidence by industry players — on the understanding that it can be made available to LEAs where needed.”
confidence means illegal unless you are an imbacile, industry players means internet companies and internet organizations, "on the understanding" - meaning that their contacts that shared with them the mass privcay data know that this data can be available to LEAs without any warrant "where needed”.

No, “in confidence" means “in private” unless you are (apparently) incapable of spelling imbecile. Meaning that the expectation exists between the sharing party and Spamhaus that the information will not be further disclosed by Spamhaus other than as expected in the (tacit) agreement between the sharing party and Spamhaus. It says nothing about the nature of the data being shared, nor does it say anything about the legality of said sharing.

I would say “industry players” actually means “people of significance within the industry”.

Finally, yes, “on the understanding” means exactly that… The people who shared the data with Spamhaus did so knowing full well that Spamhaus may share the data with LEA without any warrant.

You don’t need a warrant if the data owner has consented to the disclosure, just as the police do not need a warrant if they ask “May we search your home?” and you say “yes”.

Uh, sure, and I’m the Prince of Whales.
Ronald doesn't deny it, so you are denying it for him?

I’m neither confirming nor denying that RFG is associated with Spamhaus, frankly I don’t know. I tend to doubt that Spamhaus would make RFG their “front person”. I happen to like Ron. He’s a good researcher. However, even I recognize his shortcomings when it comes to public interface and as such, I am not inclined to believe that anyone would make him their “Front Person”.

At this point, the best you’ve got on this list is an a-said/b-said with no public evidence on either side. In such a case, it boils down to credibility and frankly, IMHO, yours is lacking.
Yours lacking. You are asking from me to share with you private business documents publicly ? who are you ?

I’m not asking you to do anything. You’re making public accusations and then refusing to provide any evidence to support them. As such, you lack credibility. If you wish to create credibility, then find a way to back up your accusations. Otherwise, I humbly suggest you crawl back under the rock from whence you came.

Who am I? I’m an experienced network engineer and network architect with 25+ years in this industry serving my 5th 3-year term as an elected representative of the IP number resource community in North America, parts of the Caribbean, and certain other territories around the world. I’m a long-standing member of the NANOG community with a strong track record of support for a free and open internet available to all.

Quote 1 might be bad style on RFG’s part, but style and eloquence have never been his strong suits.
People that cover up racism are worst than racists.

I’m not covering up anything. I freely admit that RFG made a poor choice of words and has a particularly bad way of expressing himself.

Frankly, I suspect RFG’s age and limited ability to filter his own speech leads to his use of terms he doesn’t even realize carry racist connotations.

I don’t defend his choice of terminology, but I question the claim that he harbors any ill will towards any entire class of people other than criminals and spammers.

a meticulous researcher and brutally honest
Proofs ? Facts ? Data ? Ever heared on any of these ? instead of mumbling here that Coconut Guilmette is a meticulous researcher and brutally honest.

I’ve never met a coconut that could speak. That’s a fact.
I’m pretty sure from phone conversations and other communication I’ve had with RFG that he is not, in fact, a coconut.
I’d even go so far as to say it is a fact that RFG is not a coconut.

Here just one note on his "honesty", Coconut Guilmette wrote here in Nanog the text in the following link:

https://imgur.com/xWSq3g3<https://imgur.com/xWSq3g3 >

You do love your screenshots without context or attribution, don’t you… Yet another example of your attempts to manipulate the facts.
            Original full text of post here: https://mailman.nanog.org/pipermail/nanog/2019-September/103073.html<https://mailman.nanog.org/pipermail/nanog/2019-September/103073.html >

I was never contacted by CoCT like he wrote nor anyone else was contacted, he lied to you all, not only that - but internal correspondences of CoCT proof the complete opposite of what he wrote - Alister of CoCT explained to Coconut Guilmette in his imagination what he wrote there - Coconut Guilmette will not be able to show a single proof to anything in that linked text paragraph of his.
I'm willing to show evidences of the exact opposite to one respected member of Nanog and he will confirm it to the Nanog community (for example to William Herrin).

I’ve reached out to Mr. Van Tonder. I will await his reply to see whose story is confirmed and post the information to the list.

Evidence would, indeed, be a nice change of pace from your claims thus far.

Are you attempting to hide the rest of the thread from closer scrutiny while cherry-picking quotes you hope support your narrative?
Racism is racism, you are again trying to to justify racism. The person that called Ronald a racist and the person that called Ronald an antisemitic - both of them read everything he wrote.

Huh? The person who called him a racist (Niels) retracted his claim and apologized. Did you miss that part of the thread? It was sent specifically TO YOU in addition to NANOG.

As I said, you are cherry-picking the pieces of messages that you believe support your claims. I notice you again deleted my link to the actual thread.

Quote 3 is the most amusing in that the person all but states that you, Mr. Cohen, are acting guilty of the allegations made by RFG and that the original poster thinks you both have things to answer for.
No, that response regarding me was due to the lies of Coconut Guilmette like I showed above. And there were many many more lies - everything that Coconut Guilmette wrote about me was without any single proof against me - only from his imagination.
Are you comparing the quote of stating that I need to answer to the lies of Coconut Guilmette to the quote which is stating that Ronald is an antisemitic ???

No, that response was entirely legitimate and specifically called out YOUR ACTIONS.

Ron has UI problems, to be sure. Not the least of which, he doesn’t filter and doesn’t put any effort into political correctness. He definitely lacks polish and a certain level of social skills.
Nice way to cover up a person which is a racist and an antisemitic, and was called a racist and an antisemitic not by me but by people which are not related to me.

Again, the person who called him a racist recanted, so continuing to base your claim there doesn’t work as well as you hope.

As to the claim he is antisemitic, I agree he used antisemitic language. I remain unconvinced that he harbors actual antisemitic feelings.

There is a difference between a person who is genuinely antisemitic and a person who will make the mistake of using antisemitic language to describe jewish criminals.

I don’t think for one second that he is actually a racist or a bigot. He identifies patterns and calls out what he sees. Often without regard for the collateral damage.
Patterns like country-origin ? city-origin ? race-patterns ? This is called racism, you are still trying to cover up a racist and an antisemitic.

Again, I think RFG’s choice of language was poor, indeed. He’s admitted as much.

Racism is when the person genuinely believes that the bad actors from a particular race (or in its extended meaning, nationality, etc.) are indicative of the entire group being bad actors.

While RFG’s lack of social skills (for lack of a better description) may lead to his use of such language, I remain unconvinced that he actually harbors such feelings, as indicated by his subsequent conversation with Niels.

You, Mr. Cohen, are not collateral. You are dead center of the wrongdoing he’s been pointing out.
The only wrongdoing is him not going to a complete health check and you covering up a racist and an antisemitic.

I’m covering up nothing. I’ve put everything out in the open. I’m not defending RFG’s choice of language, nor would I defend his attitude if I believed that it matched his language.

Just because RFG used racist terms and you happen to be Israeli (and for all I know Jewish, too), doesn’t mean that his accusations against you are baseless or inaccurate.
or Proof-less ???
And now in this sentence you are confirming that he is a racist and antisemitic - so why you wrote all the above?

Uh, no, I’m confirming that he used racist language. I never denied that.

Is it your claim that the following article:
https://mybroadband.co.za/news/internet/318205-the-big-south-african-ip-address-heist-how-millions-are-made-on-the-grey-market.html<https://mybroadband.co.za/news/internet/318205-the-big-south-african-ip-address-heist-how-millions-are-made-on-the-grey-market.html >
is entirely baseless? Do you have any documentation to support such a claim?
Here is the latest ordered article from the illegal anonymous organization "The Spamhaus Project" in that site:

https://mybroadband.co.za/news/internet/350973-man-connected-to-african-ip-address-heist-running-for-board-position-at-european-ip-address-organisation.html<https://mybroadband.co.za/news/internet/350973-man-connected-to-african-ip-address-heist-running-for-board-position-at-european-ip-address-organisation.html >

And in it you can see that is written:

"It must be noted that Cohen is not being accused of any illegal activity in this report.”

Yeah, that’s boilerplate to get past the legal department by turning it into an opinion piece so that any libel or defamation suit would likely be summarily dismissed.

Also, technically, it’s questionable whether IP address hijacking actually constitutes criminal activity under the laws of various jurisdictions or not. Nonetheless, it is perceived as anti-social at best in this community and I suspect most of us would consider it criminal conduct under the tacit understandings that make the community and the internet work, if not under the actual laws of the various lands in question.

That is the last article after the mumbo-jumbo that you linked.

Sure… Care to provide any evidence to discredit said article, or are you again just asking us to take it on faith that you are the aggrieved party and the journalists, RFG, and Spamhaus are all bullying you for no legitimate reason?


BAE Systems will collect and process information about you that may be subject to data protection laws. For more information about how we use and disclose your personal information, how we protect your information, our legal basis to use your information, your rights and who you can contact, please refer to the relevant sections of our Privacy note at www.baesystems.com/en/cybersecurity/privacy <http://www.baesystems.com/en/cybersecurity/privacy>

Please consider the environment before printing this email. This message should be regarded as confidential. If you have received this email in error please notify the sender and destroy it immediately. Statements of intent shall only become binding when confirmed in hard copy by an authorised signatory. The contents of this email may relate to dealings with other companies under the control of BAE Systems PLC, details of which can be found at http://www.baesystems.com/Businesses/index.htm.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nanog.org/pipermail/nanog/attachments/20200514/80b839fc/attachment.html>

More information about the NANOG mailing list