This entire thread could easily have been simply : "Hey all! I'm having some challenges reaching a live person in the abuse groups for X, Y, and Z. Can anyone help with a contact, or if anyone from those companies sees this, can you contact me off-list?"
Calling everyone an idiot in the midst of Endless Pontification isn't really a recipe for success. On Mon, Mar 18, 2019 at 8:04 PM Ronald F. Guilmette <r...@tristatelogic.com> wrote: > > OVH, DigitalOcean, and Microsoft... > > Is there anybody awake and conscious at any of these places? I mean > anybody who someone such as myself... just part of the Great Unwashed > Masses... could actually speak to about a real and ongoing problem? > > Maybe most of you here will think that this is just a trivial problem, and > one that's not even worth mentioning on NANOG. So be it. Make up you own > minds. Here is the problem... > > For some time now, there has been an ongoing campaign of bitcoin > extortion spamming going on which originates primarily or perhaps > exclusively from IPv4 addresses owned by OVH and DigitalOcean. > These scam spams have now been publicised in multiple places: > > https://myonlinesecurity.co.uk/fake-cia-sextortion-scam/ > > Yea, that's just one place, I know, but there's also no shortage of people > tweeting about this crap also, in multiple languages even! > > https://twitter.com/SpamAuditor/status/1107365604636278784 > https://twitter.com/dvk01uk/status/1107510553621266433 > https://twitter.com/bortzmeyer/status/1107737034049900544 > https://twitter.com/ariestess69/status/1107468838596038656 > https://twitter.com/bernhard_mahr/status/1107513313020297216 > https://twitter.com/jzmurdock/status/1107679858945974272 > https://twitter.com/gamamb/status/1107384186548207617 > https://twitter.com/davidgsIoT/status/1107725201331097606 > https://twitter.com/cybers_guards/status/1107675396076560384 > https://twitter.com/ThatHostingCo/status/1107588660831105024 > https://twitter.com/fladna9/status/1107554090765242368 > https://twitter.com/JUSTADACHI/status/1107549777607184384 > https://twitter.com/okhin/status/1107627379650908160 > https://twitter.com/Purple_Wyrm/status/1107454618705887232 > https://twitter.com/LadyOFyre/status/1107349022220550144 > https://twitter.com/laurelvail/status/1107345980062523392 > https://twitter.com/Alex__Rubio/status/1107595560440217600 > > The thing of it is that ALL of this crap... al of these scam spams... are > quite obviously originating out of the networks of OVH and DigitalOcean. > And it's not even all that hard to figure out where from, exactly and > specifically. I generated the following survey, on the fly, last night, > based on a simple reverse DNS scan of the evidently relevant addrdess > ranges: > > https://pastebin.com/raw/WtM0Y5yC > > As anyone who isn't as blind as a bat can easily see, there's a bit of a > pattern here. All of the spam source IPs are on just two ASNs: > > AS16276 - OVH SAS > AS4061 - DigitalOcean, LLC > > It's equally clear that there have already been numerous reports about this > ongoing and blatantly criminal activity that have been sent to the > low-level > high school dropout interns that these companies, like most others on the > Internet these days, choose to employ as their first-level minions in their > "not a profit center" abuse handling departments. So, guess what? > Surprise, > surprise! None of those clue-deprived flunkies have apparently yet managed > to figure out that there's a pattern here. Duh!. As a result, the > scamming > and the spamming just go on and on and on, and the spammer-scammer just > keeps on getting fresh new IP addresess on both of these networks... and > fresh (and utterly free) new domain names from the equally careless company > called Freenom. > > So, you know, I really would appreciate it if someone could either put me > in touch with some actual sentient being at either OVH or DigitalOcean... > assuming that any such actually exist... or at the very least, try to find > one to whom clue may be passed about all this, because although these scam > spams were kind of humorous and novel at first, the novelty has now worn > off > and they're really not all that funny anymore. > > Oh! And while we are on the subject, I'd also like to obtain a contact, > preferbly one which is also and likewise in possession of something roughly > approximating clue, at this place: > > AS200517 - Microsoft Deutschland MCIO GmbH > > The reason is that although MS Deutschland is most probably not the source > of any of the spams, they, or at least their 51.18.39.107 address, do > appear > to be mixed up in all of this somehow: > > https://pastebin.com/raw/ziVNCmZ8 > > I dunno. Maybe Microsoft has managed to engineer a merger with the CIA (?) > If not, then maybe they would be so kind as to rat out this specific > criminal > customer of their's to appropriate authorities. > > Don't get me wrong. I heartily applaud Microsoft's Digital Crimes Unit for > all of the admirable work they do, but you know the old saying... charity > begins at home. So my hope is that they will seek to get this low-life off > their network immediately, if not sooner, and then also seek to arrange > suitable long term accomodations for him in, say, Florence, Colorado, or, > if he/she/it has a higher than average level of tan, I hope that they will > make all necessary inquiries to find out if there are still any open bunks > available in Gitmo. > > > Regards, > rfg > > > P.S. In recent days, the popular media has fanned the flames of > controversy, > as it is their habit to do, over the question of whether or not the various > social media companies could have somehow automagically spotted and > deleted, > in real time, with some sort of yet-to-be-invented artificial intelligence > wizardry, the shooter videos from New Zealand. Of course, none of the TV > personalities who so cavalierly offer up their totally uninformed opinions > on this question have ever themselves gotten within a country mile of the > kinds of AI that could, perhaps in another decade or three, reliably > distinguish between a video of a msss shooting and a video of a > particularly > raucous birthday party. It's a hard problem. > > In contrast to that hard problem, spotting the kind of trivial reverse DNS > pattern I've noted above is child's play and a no brainer. Why then, one > might reasonbly ask, have the combined abuse departments of both OVH and > DigitalOcean been either utterly unable or else utterly unwilling to do so? > Solving these kinds of trivial problems does not await the development of > some advanced new artificial intelligence. It just requires the judicious > application of a small bit of the non-artificial kind of intelligence. But > the industry, it seems, can't, or won't, even manage that. >
