I’ll reaching out to you off list.
> > On Apr 14, 2020 at 1:55 PM, <Jonathan M (mailto:jonatha...@riskiq.net)> > wrote: > > > > > My bad - This was not for Rich but for Kushal who initiated the thread taking > the survey about us being "spammers". I'm contacting the administrator at > Nanog.org now to figure out what I did wrong to properly post to the thread > as I haven't used the mailing list before. Have a good day. Jonathan > > > > On Mon, Apr 13, 2020 at 9:55 PM Jonathan M <jonatha...@riskiq.net > (mailto:jonatha...@riskiq.net)> wrote: > > > > > > > This may not have been approved yet by the moderator but was sent to the > > list about 30 minutes ago....I'm sorry, but I'm just learning how to use > > this list and I am concerned that my post was not properly sent--thus, > > replying to the thread here....thx > > > > > > Re: https://twitter.com/RiskIQ_IRT/status/1249721818602070016?s=20 > > > > > > Hi, Rich, > > > > > > > > I hope you are well. If you ever encounter an incident that you think could > > have been handled better on our end, we aspire to continuously improve, and > > don't claim to be perfect. > > > > > > > > Rather than blocking our abuse notification to the abuse POC, it would be > > better to let us know you have concerns so that we can improve our > > communications. Blocking us on Twitter and shutting off communication is no > > better than if we were to just send your customer's domain to a blacklist > > without notifying you of a compromise so that it can possibly be patched. > > Let's keep the overall goal in mind -- it's to make the internet safer by > > flagging possible violations of your acceptable use policy that may lead to > > compromised personal data or sensitive credentials of innocent visitors > > online. > > > > > > > > Before anything is posted to Twitter, I personally review the history of > > the event to see if we have exhausted all reasonable steps to mitigate > > harmful cyber activity or operations on network infrastructure short of > > always picking up the phone or using the fax. While we have attempted to do > > that in the past for each event, there is just too much harmful cyber > > activity going on for us to be relying on phone calls to try and reach the > > abuse team to ask that our ticket be prioritised after an unreasonable > > period of time has elapsed. We have thousands of escalations that we need > > to handle and most of the time though not across the board, when we call to > > reach the abuse teams, we are unsuccessful in reducing the time to > > remediation. > > > > > > > > The goal is not to shame anyone per se. It's to create more transparency > > regarding a problem that we all need to work together on. It's similar to > > where nation state actors use public attribution as part of mitigation to > > improve the Internet from cyber attacks. We did not block you on Twitter, > > and after every tweet, we follow-up to the appropriate abuse point of > > contact to raise visibility of the matter, as well as to the PR team, and > > applicable computer emergency response teams as well as attorney generals > > or other applicable authorities. > > > > > > > > We all need to work together. Please do not hesitate to contact me and I > > will make sure we are meeting our end of aspiring to be a good partner, and > > look forward to working with you as the need arises. Stay safe and healthy > > in these challenging times, and we wish you the best. > > > > > > > > I'm happy to discuss offline as well. We can set up a time to discuss and > > improve the mitigation workflow on both sides. > > > > > > > > Best regards, > > > > Jonathan Matkowsky > > > > VP, Digital Risk > > > > RiskIQ, Inc. > > > > > > > > > > > > > > > > On Mon, Apr 13, 2020 at 9:41 PM Tom Beecher <beec...@beecher.cc> wrote: > > > > > > > > I would agree that Twitter is not a primary place for abuse reporting. > > > > > > > > > > > > If they are reporting things via your correct abuse channel and you are > > > indeed handling them within 48 business hours, then I would also agree > > > this much extra spray and pray is excessive. However RiskIQ is known to > > > be pretty responsible, so if they are doing this they likely feel like > > > they are NOT getting appropriate responses from you and are resorting to > > > scorched earth. Have you attempted to reach out to them and make sure > > > they have the proper direct channel for abuse reporting? > > > > > > > > > > > > > > > On Mon, Apr 13, 2020 at 1:45 PM Kushal R. <kusha...@h4g.co > > > (mailto:kusha...@h4g.co)> wrote: > > > > > > > > > > > > > > > > > > > > > > > All abuse reports that we receive are dealt within 48 business hours. > > > > As far as that tweet is concerned, it’s pending for 16 days because > > > > they have been blocked from sending us any emails due to the sheer > > > > amount of emails they started sending and then our live support chats. > > > > > > > > > > > > > > > > We send our abuse reports to, but we don’t spam them to every publicly > > > > available email address for an organisation, it isn’t difficult to > > > > lookup the Abuse POC for an IP or network and just because you do not > > > > get a response in 24 hours does not mean you forward the same report to > > > > 10 other email addresses. Similarly twitter isn’t a place to report > > > > abuse either. > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > On Apr 13, 2020 at 9:37 PM, <Rich Kulawiec (mailto:r...@gsp.org)> > > > > > wrote: > > > > > > > > > > > > > > > > > > > > On Mon, Apr 13, 2020 at 07:55:37PM +0530, Kushal R. wrote: > We > > > > > understand these reports and deal with them as per our policies and > > > > > timelines but this constant spamming by them from various channels is > > > > > not appreciated. Quoting from: > > > > > https://twitter.com/RiskIQ_IRT/status/1249696689985740800 which is > > > > > dated 9:15 AM 4/13/2020: 5 #phishing URLs on > > > > > admin12.find-textbook[.]com were reported to @Host4Geeks (Walnut, CA) > > > > > from as far back as 16 days ago, and they are all STILL active 16 > > > > > days is unacceptable. If you can't do better than that -- MUCH better > > > > > -- then shut down your entire operation today as it's unworthy of > > > > > being any part of the Internet community. ---rsk > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > > ******************************************************************* > This message was sent from RiskIQ, and is intended only for the designated > recipient(s). It may contain confidential or proprietary information and may > be subject to confidentiality protections. If you are not a designated > recipient, you may not review, copy or distribute this message. If you > receive this in error, please notify the sender by reply e-mail and delete > this message. Thank you. > > > > ******************************************************************* >
