Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Verizon China Networking Spam

Verizon Accused of Helping Spammers By Routing Millions of Stolen IP Addresses (spamhaus.org) 120

An anonymous reader writes: Spamhaus, an international non-profit organization that hunts down spammers, is accusing Verizon of indifference and facilitation of cybercrime because it failed for the past six months to take down stolen IP routes hosted on its network from where spam emails originated. Spamhaus detected over 4 million IP addresses, mainly stolen from China and Korea, and routed on Verizon's servers with forged paperwork. Spamhaus says, "For a start, it seems very strange that a large US-based ISP can be so easily convinced by abusers to route huge IP address blocks assigned to entities in the Asian-Pacific area. Such blocks are not something that can go unnoticed in the noise of everyday activity. They are very anomalous, and should call for an immediate accurate verification of the customer. Internal vetting processes at large ISPs should easily catch situations so far from normality."
This discussion has been archived. No new comments can be posted.

Verizon Accused of Helping Spammers By Routing Millions of Stolen IP Addresses

Comments Filter:
  • Math (Score:5, Informative)

    by sexconker ( 1179573 ) on Tuesday January 12, 2016 @07:58PM (#51290989)

    Illicit gains > anticipated cost of getting caught? Proceed to fuck everyone.

  • by bobbied ( 2522392 ) on Tuesday January 12, 2016 @08:24PM (#51291093)

    That an ISP is being duped into routing stolen IP's so easily!

    Come on, this is Verizon we are talking about here. They don't hire the sharpest knives in the drawer and so they managed to collect a little bit of cash believing the paperwork provided by their customer? Collect the fees, route the IP and should the real owner of the address finally show up and complain, keep the fees, say your are sorry, remove the route and move on to the next prospective customer throwing money at you. Seriously, what's Verizon's incentive to go out of it's way here?

    So, these folks want to try and play the "Shame on Verizon" card now? Yea, good luck with making anything change. Verizon doesn't shame that easily or they'd be changing their consumer business practices too..

    • by khasim ( 1285 )

      And anyone who knows anything about SPAM will have those addresses flagged as very likely spammers.

      Yes, it would be nice if Verizon would take responsibility for their network. But in the meantime (because that is never going to happen) just flag those addresses yourself.

      And not just for SPAM. Also look at restricting them at your firewall so they cannot spread malware to your machines.

    • Verizon knows exactly what they're doing.

      They're already in bed with the gov, so not much else they do surprises me.

  • by surfdaddy ( 930829 ) on Tuesday January 12, 2016 @08:24PM (#51291097)

    IMHO Verizon is right up there with Comcast in being one of the most despicable companies in the US. They bought spectrum from the FCC promising to keep it "open" but don't approve non-Verizon devices until tons of "testing" that can take a year. They are the ones who started fighting any net neutrality. And then they (according to this post) enable spammers. Because as a huge ISP, paying attention to real technical details might be too....time consuming and profit-leaching...

  • by kevmeister ( 979231 ) on Tuesday January 12, 2016 @08:57PM (#51291187) Homepage

    A few years ago, Verizon employed some to the best people in the best people in the world to handle network and routing security. They were very responsive to reports of address hijacking and related issues. Those folks have all left Verizon since they bought UUnet, though the rush for the door didn't start until about 4 years ago.

    This all happened about the time I left the operational world and started moving into retirement, so I don't know the people who replaced them, but I am sure that, if they were replaced at all, that the new people were not of the caliber of those who left.

    As is often the case, network security seems to have been declared a low priority at Verizon. after all, it does not make them any money. Of course, if they become known for bad security, it could have an impact on the bottom line at some point.

  • Recently discovered that Verizon is mainly using IPv6 so... Yes it would be easy with that many addresses to allocate.
    • Re: (Score:3, Informative)

      by Anonymous Coward
      Verizon is mainly using IPv6 in their cellular network, not their physical networks (not in any large number anyway). Very few residential customers have IPv6 addresses from Verizon and next to no business-class customers have IPv6 ranges supplied to them. Verizon is also not too interesting in rolling out IPv6 to their physical network customers any time soon since the common statistics out there show Verizon as being on the forefront of IPv6 deployment. This false impression has duped many, including you.
    • Err thats not quite how things work.....

  • by Gojira Shipi-Taro ( 465802 ) on Tuesday January 12, 2016 @09:14PM (#51291233) Homepage

    Hold the principles of corporations criminally liable for things that happen on their networks. Imprison a few of these motherfuckers and watch corporate behavior get better overnight.

    • by Anonymous Coward

      Hold the principles of corporations criminally liable for things that happen on their networks. Imprison a few of these motherfuckers and watch corporate behavior get better overnight.

      Great idea, this has proved somewhat useful in Europe. But just how are you going to pull off this miracle? Big corporations control the government through lobbyists and bribery. An honest, unowned politician just doesn't stand a change in the US.

    • by HiThere ( 15173 ) <charleshixsn.earthlink@net> on Tuesday January 12, 2016 @10:29PM (#51291455)

      That's not the corporate shield. The corporate shield protects minority stockholders (I think less than 10% of the stock) from liability. The executives, board, and majority stockholders are protected by the much simpler approach of nobody caring to prosecute them.

    • Hold the principles of corporations criminally liable for things that happen on their networks. Imprison a few of these motherfuckers and watch corporate behavior get better overnight.

      First you'd have to have a government that doesn't allow itself to be paid off via fines in the billions of dollars/euros/pounds/whatever which just isn't going to happen anytime soon, if ever (dreams of post scarcity societies aside).

    • by AmiMoJo ( 196126 )

      In Japan corporations can be sent to prison. Recently a pharmaceutical company that had been found to be misleading the regulator was "jailed" for 106 days, the longest ever. In practice that means that the company can't do any business for that period. Staff still get paid, but can't do any work. It's a near complete shut down for 106 days.

      Since Verizon provides an essential service perhaps they could be forced to suspend all non-essential work, e.g. sales, billing, customer support etc.

  • money changed hands (Score:4, Interesting)

    by roc97007 ( 608802 ) on Tuesday January 12, 2016 @09:32PM (#51291279) Journal

    > Such blocks are not something that can go unnoticed in the noise of everyday activity.

    Although it can probably never be proven, occam's razor indicates that money changed hands. It's a more logical conclusion than this level of incompetence amongst the necessary number of employees.

    • by grcumb ( 781340 )

      Although it can probably never be proven, occam's razor indicates that money changed hands. It's a more logical conclusion than this level of incompetence amongst the necessary number of employees.

      If past experience [smh.com.au] is any indication, then yes, telcos are perfectly content to engage in the dodgiest of dodgy practices if it means making a buck or two.

    • by Altanar ( 56809 )
      I prefer Hanlon's razor. "Never attribute to malice that which is adequately explained by stupidity." The most likely reason, in my opinion, is incompetence.
  • wtf Spam? (Score:3, Funny)

    by frankenheinz ( 976104 ) on Tuesday January 12, 2016 @09:45PM (#51291321)
    Does spamhaus still exists? Does spam still exist? (Its been years since I've seen any spam in _my_ inbox.)
    • Re: (Score:2, Interesting)

      by Anonymous Coward

      I run the mail cluster at work and have a personal server for my own domains. Even after Barracuda, SpamAssassin, clamav, and a host of custom rules for SA and procmail... Yes, spam still exists. If you haven't received a spam email in years, you (or whoever operates your email) are filtering way too heavily and I guarantee you're losing legitimate messages in the process. That might be fine for your personal box but it's not really acceptable in business.

      If you mean you receive spam, but gets filtered to a

    • Re: (Score:2, Funny)

      Does spamhaus still exists? Does spam still exist? (Its been years since I've seen any spam in _my_ inbox.)

      Your penis must already be big enough then.

  • Don't assume malice. When it comes to routing customer-provided IP blocks (eBGP), there are two types of companies:

    The first will demand, inspect and understand your documentation. Their routers will accept announcements from your end only for the ranges have been registered to the ASN that you've proved belongs to your organization.

    The other doesn't really know what BGP does, but when you asked for it, they read the manual for their router and figured out how to activate it on your port.

    You'll find rough

  • I quote for you an important consideration from the summary: "Spamhaus detected over 4 million IP addresses, mainly stolen from China and Korea, and routed on Verizon's servers with forged paperwork."

    So next time you accuse China or Russia of hacking or being full of criminals because you saw it was a Chinese IP, remember Verizon is quite willing to pretend that an IP comes from there when from a location nowhere near that region.

  • They're too busy denying bandwidth of those who've paid for it to be bothered by those who have not.

Some people manage by the book, even though they don't know who wrote the book or even what book.

Working...