define:nanog North American Network Operators Group A membership organization that provides for the exchange of tecnical information among public, commercial ...
I think this conversation should have ended way long time ago. My $0.50 cents + $1.00 or $2 Regards, Pedram On Wed, Sep 24, 2008 at 1:29 AM, Russell Mitchell <[EMAIL PROTECTED]>wrote: > Hello Mark, > > What's YOUR motivation to consistantly attack my company? > > What's my motivation to continue working @ InterCage? > To keep a roof over my family's heads, and to keep them well-fed: > 1.) Myself > 2.) My Wife > 3.) My near 2 year old Son (November) > 4.) My near 3 week old Daughter (Born Sept. 4th) > > It's great that you finally accepted the claim of InterCage being > associated with the famed "RBN" as being "alledged". > You've taken the first step into seeing how much BS information has been > spread out about our company. > > Whether you support me in my anti-abuse endeavor or not, as long as you get > FACTUAL information, I'm happy. > However someday, I trust you will find and accept the truth about > InterCage. From what I see now from the claims your making, that day may not > come soon. > > Thank you for your time. Have a great day. > --- > Russell Mitchell > > InterCage, Inc. > > ----- Original Message ---- > From: Mark Foo <[EMAIL PROTECTED]> > To: Russell Mitchell <[EMAIL PROTECTED]> > Cc: Bruce Williams <[EMAIL PROTECTED]>; Christopher Morrow < > [EMAIL PROTECTED]>; nanog@nanog.org; Joe Greco < > [EMAIL PROTECTED]> > Sent: Wednesday, September 24, 2008 1:14:01 AM > Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer > > Russell: > > Oh I got the memo, you'll be getting served one soon too. > > I just wonder why you don't consider playing both sides of the fence > -- with your > knowledge of who's who in the cyber crime field, you could probably get > paid > more as an informant (either to LEO or one of the "Intel" companies than > whatever you're doing for Emil and (allegedly) the RBN. You can't possible > sleep well knowing what your up to now so I figure it's the money that > motivates you. > > Or, maybe you don't really know anyone, you just respond to their demands > and > they end up with all the money, pr0n chicks, etc. Doesn't that bother > you -- don't > you want more? > > Plus, no one would know you were pulling two pay checks -- you manage > systems > on one side and pass info to the other. It's actually fairly simple -- > maybe you already > know this ;). > > If not, please explain this: > > http://www.spamhaus.org/news.lasso?article=636 > > Without exception, all of the major security organizations on the > Internet agree that the 'Home' of cybercrime in the western world is a > firm known as Atrivo/Intercage, based in California. We ourselves have > not come to this conclusion lightly but from many years of dealing > with criminal operations hosted by Atrivo/Intercage, gangs of > cybercriminals - mostly Russian and East European but with several US > online crime gangs as well - whose activities always lead back to > servers run by Atrivo/Intercage. We have lost count of the times we > have tracked a major virus botnet's "command and control" to > Atrivo/Intercage servers, readers can view here some of the current > and historic SBL records for Atrivo for a taste of what has been > happening in this network. At almost every Internet security > conference, or law enforcement seminar on cyber-crime, a presentation > will detail some attack, exploit, phish or financial crime that has > some nexus at Atrivo/Intercage. > > The person who runs Atrivo/Intercage, Emil Kacperski is an expert at > playing the "surprised janitor", unaware of every new criminal > enterprise found on his servers and keen to show he gets rid of some > criminals once their activities on his network are exposed. His > Internet hosting career first came to the attention of most anti-abuse > organizations when he pinched (or 'purchased stolen goods' as he put > it) and routed an unused block of 65,536 IP addresses belonging to the > County of Los Angeles. > > Spamhaus has dealt with over 350 incidents of cyber-crime hosting on > Atrivo/Intercage and its related networks in the last 3 years alone, > all of which involved criminal operations such as malware, virus > spreaders and botnet command and control servers. Malware found by > Spamhaus on Atrivo/Intercage/Cernel/Hostfresh just in the last few > months included the Storm Worm installer and controller and a MySpace > spambot amongst others. Spamhaus currently sees a large amount of > activity related to malicious software and exploits being hosted on > Atrivo/Intercage which include DNS hijack malware, IFRAME browser > attacks, dialers, pirated software websites and blatantly criminal > services. > > We assume that every law enforcement agency with a cyber-crimes > division has a dossier bursting at the seams on Atrivo/Intercage and > its tentacles such as Esthost, Estdomains, Cernel, Hostfresh. The only > question on everyone's mind is which agency will beat the others to > shutting the whole place down and indicting the people behind it. > Because if shut down, one thing is certain: the amount of > malware-driven crime on the Internet would drop overnight as > cyber-criminals rush to find a new crime-friendly host - difficult to > find in the US, as Atrivo/Intercage is one of the very few remaining > dedicated crime hosting firms whose customer base is composed almost, > or perhaps entirely, of criminal gangs. More importantly, millions of > Internet users currently being targeted by the malware gangs operating > from Atrivo/Intercage will be, for a while, safer. > > Perhaps one may be wondering about the costs of hosting at > Atrivo/Intercage or how to sign up? Well, don't expect to find this > information at the company's websites as they were empty for years and > for the last year have just shown "Website Coming Soon." > > http://www.atrivo.com => "InterCage, Inc.. INTENSE SERVERS. Website > Coming Soon:" > Last Updated: Thursday, September 06, 2007 4:32:59 PM > > http://www.intercage.com => "InterCage, Inc. INTENSE SERVERS. > Website Coming Soon:" > Tuesday, September 04, 2007 6:45:52 PM > > At one time after being asked, "how on earth does your company get > business?" an Atrivo/Intercage representative coyly said, "by word of > mouth." That seems to be quite obvious. > > > > > On Wed, Sep 24, 2008 at 12:45 AM, Russell Mitchell <[EMAIL PROTECTED]> > wrote: > > Hello Mark, > > > > It really seems YOU _DID_ miss the memo. > > I think that since no one else is responding to your non-sense, there is > no reason for me to either. > > > > If you have something accurate to say, I'll be happy to listen. > > Until then, there's not much I can say. There's no sense in repeating > myself. > > --- > > Russell Mitchell > > > > InterCage, Inc. > > > > > > > > ----- Original Message ---- > > From: Mark Foo <[EMAIL PROTECTED]> > > To: Russell Mitchell <[EMAIL PROTECTED]> > > Cc: Bruce Williams <[EMAIL PROTECTED]>; Christopher Morrow < > [EMAIL PROTECTED]>; nanog@nanog.org; Joe Greco < > [EMAIL PROTECTED]> > > Sent: Wednesday, September 24, 2008 12:27:50 AM > > Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer > > > > Russell: > > > > Ferg was just being coy -- what you don't understand is there are about 3 > other > > security mailing lists plotting to TAKE YOUR SERVICE DOWN. You FAIL. Law > > Enforcement might not take action against you (but appear to be > interested now), > > but the community can. GET OFF THE NET WITH YOUR MALWARE! > > > > You mistake me for someone who believes you pack of lies! Don't you > > understand each > > time you post to this list gives those of us who know the opportunity > > to post MORE EVIDENCE > > of your MALWARE? > > > > You disconnected Hostfresh and think that's the extent of your cimes? > > Gimme a break. > > Only those who are easily socially engineered would believe your > > pathetic claims of innocence. > > You've BEEN HOSTING MALWARE since 2003 -- SEE Nanog post: > > > > Re: The in-your-face hijacking example > > http://www.irbs.net/internet/nanog/0305/0038.html > > > >> Let me know if there's anything else you'd like me to state to the > public. > > > > Answer Ferg's question -- Why are you moving to CERNAL? Do you think this > > is going to work? That's just another of Emil's networks. > > > >> We're on a rocky road right now. But it IS starting to smooth out. > > > > That's just the calm before the storm. > > > > Go ahead and post a response to each of these allegations: > > > > Cybercrime's US Hosts > > http://www.spamhaus.org/news.lasso?article=636 > > > > Report Slams U.S. Host as Major Source of Badware > > > http://voices.washingtonpost.com/securityfix/2008/08/report_slams_us_host_as_major.html?nav=rss_blog > > > > A Superlative Scam and Spam Site Registrar > > > http://voices.washingtonpost.com/securityfix/2008/09/estdomains.html?nav=rss_blog > > > > ICANN cast as online scam enabler > > http://www.theregister.co.uk/2008/09/03/cyber_crime_reports/ > > > > 'Malware-friendly' Intercage back with the living > > http://www.theregister..co.uk/2008/09/24/intercage_back_online/ > > > > > > > > > > > > > > > > > > On Tue, Sep 23, 2008 at 11:50 PM, Russell Mitchell <[EMAIL PROTECTED]> > wrote: > >> > >> Hello John Doe, > >> > >> I welcome any further comments you have. > >> We have to get past people such as yourself, and your blasphemous and > false statements. > >> > >> This is the same issue with the recent media and self-proclaimed > "Security Researchers". Fly-by-night mind you. > >> > >> To help you out in your claims: > >> Yes, we did house a client whom had quite a run with their client's from > various locations, such as Russia. > >> That Client is no longer hosted on our network. I myself spent all of > monday afternoon, night, and tuesday morning shutting off EVERY machine they > had leased in our Billing System. I'm currently working to scan further and > see if there's anything I may have missed. > >> > >> Yes, Russia is very well known for Virus and Malware writer's. > >> > >> Yes, we have had issues with malware distribution from our network. > >> This was directly and near singularly related to the former client of > ours. We did have another client, Hostfresh, whom had their share of malware > issues. > >> > >> Both have been completely and effectively removed. The server's leased > to both of them have been canceled, and their machines have been shutoff. > >> > >> Let me know if there's anything else you'd like me to state to the > public. > >> We're on a rocky road right now. But it IS starting to smooth out. > >> > >> Thank you for your time. Have a great day. > >> --- > >> Russell Mitchell > >> > >> InterCage, Inc. > >> > >> > >> > >> ----- Original Message ---- > >> From: Mark Foo <[EMAIL PROTECTED]> > >> To: Bruce Williams <[EMAIL PROTECTED]> > >> Cc: Christopher Morrow <[EMAIL PROTECTED]>; nanog@nanog.org; > Joe Greco <[EMAIL PROTECTED]> > >> Sent: Tuesday, September 23, 2008 11:08:21 PM > >> Subject: Re: YAY! Re: Atrivo/Intercage: NO Upstream depeer > >> > >> NANOG: > >> > >> Look, the people posting here who are trashing Intercage are pure > security > >> analysts -- they > >> know and understand the evil that is Intercage. STOP TRYING TO ASSIST > >> INTERCAGE > >> -- you are effectively aiding and abetting the enemy. > >> > >> Intercage/Atrivo hosts the malware c&c botnets that DDoS your systems > and > >> networks. > >> > >> Intercage/Atrivo hosts the spyware that compromises your users' > passwords. > >> > >> Intercage/Atrivo hosts the adware that slows your customers' machines. > >> > >> Don't take my word for it, DO YOUR OWN RESEARCH: > >> http://www.google.com/search?hl=en&q=intercage+malware > >> > >> You don't get called the ***American RBN*** for hosting a couple bad > >> machines. They > >> have and will continue to host much of the malware pumped out of > America. > >> THEY > >> ARE NOT YOUR COMRADES.. > >> > >> These people represent the most HIGHLY ORGANZIED CRIME you will ever > >> come across. Most people were afraid to speak out against them until > this > >> recent ground swell. > >> > >> This is the MALWARE CARTEL. GET THE PICTURE? > >> > >> Many links have been posted here that prove this already -- instead of > >> asking > >> what customers they cut off, let them show WHAT CUSTOMERS ARE LEGIT-- > >> because there are NONE. > >> > >> > >> > >> > >> > >> > >> I would suggest a different Step 1. Instead of killing power, > simply > >> > >> isolate the affected machine. This might be as simple as putting > up a > >> > >> firewall rule or two, if it is simply sending outgoing SMTP spam, > or > >> > > it's probably easiest (depending on the network gear of course) to > >> > > just put the lan port into an isolated VLAN. It's not the 100% > >> > > solution (some badness rm's itself once it loses connectivity to the > >> > > internets) but it'd make things simpler for the client/LEA when they > >> > > need to figure out what happened. > >> > > > >> > > -chris > >> > > > >> > > > >> > > >> > > >> > >> > >> > >> > >> > > > > > > > > > > > > > > > > > > >
