Slashdot Mirror

← Back to Stories (view on slashdot.org)

Spammers Hijacking IP Space

Posted by kdawson on from the open-and-shut-case dept.

Ron Guilmette writes "As reported in the Washington Post's Security Fix blog, a substantial hunk of IP address space has apparently been taken over by notorious mass e-mailing company Media Breakaway, LLC, formerly known as OptInRealBig, via means that are at best questionable. The block in question is 134.17.0.0/16, which I documented in depth in an independent investigation. (Apparently, the President of Media Breakaway has now admitted to the Washington Post that his company has been occupying and using the 134.17.0.0/16 block and that front company JKS Media, which provides routing to the block, is actually owned by Media Breakaway.) Remarkably, the president of Media Breakaway, who happens to be an attorney, is trying to defend his company's apparent snatching of this block based upon his own rather novel legal theory that ARIN doesn't have jurisdiction over any IP address space that was handed out before ARIN was formed, in 1997."

7 of 233 comments (clear)

  1. "Hijack?" by PhotoGuy · · Score: 4, Interesting

    Apparently, the President of Media Breakaway has now admitted to the Washington Post that his company has been occupying and using the 134.17.0.0/16 block and that front company JKS Media, which provides routing to the block, is actually owned by Media Breakaway.

    If he is president of a company that owns the company that provides routing for the block, doesn't that mean he has legal ownership of that block?

    Yes, if the block is used primarily for spam, I'm all for people blackholing the range. And if he's using it for illegal purposes, yes, he should be punished (and the range appropriated). But I don't see where the term "hijacking" could be applied at all.

    If I own some cars and use them in crimes, I haven't "hijacked" anyone.

    What am I missing?
    --
    Love many, trust a few, do harm to none.
    1. Re:"Hijack?" by Kadin2048 · · Score: 3, Interesting

      Humm ... San Francisco Packet Radio ... with a Colorado mailing address. Somehow I don't think so.

      It looks like what they did was just register a company with a similar-sounding name to a defunct organization that had an old /16. Then they went to ARIN and got control of it on the strength of the similar name, including getting themselves listed in WHOIS. (Which, when you think about it, isn't that hard -- there's no real authentication mechanism for proving you're the "real" San Francisco Packet Radio.)

      Then they had another front company obtain an AS number and provide routing, and suddenly they have lots of IPs from which to send spam.

      The even-creepier part is that it looks like they have another block stolen through similar means (currently registered to a P.O. box in NYC) and possible connections to Russian spammers, which means basically the Russian mafia.

      Here's hoping that when the whole thing falls apart, the Russian mob comes calling for this guy's head. Ironically they're the best chance for this guy getting the slow, painful death he so richly deserves.

      --
      "Ladies and gentlemen, my killbot features Lotus Notes and a machine gun. It is the finest available."
  2. A lack of ethics by mlwmohawk · · Score: 4, Interesting

    I will continue to say it every time I can.

    We need a strong societal repudiation of the violation of ethics. Organizations like Microsoft, SCO, and the like and people like Bill Gates, Darl McBride, etc. need to be made pariahs for the shameless unethical and illegal behavior.

    "Spamming" is unethical. The only reason why it is done is because their unethical behavior is not shunned.

  3. Re:SImple, blackhole the IP space by dave.josephsen · · Score: 4, Interesting

    It really isn't that simple. I'd refer you to my own work (http://www.usenix.org/media/events/lisa07/tech/videos/josephsen.mp4, and http://media.defcon.org/dc-15/video/Defcon15-Dave_Josephsen-Homeless_Vikings.mp4 ) or that of Nick Feamster at Georgia tech. They've been hijacking address space via short-lived BGP prefix hijacks for at least 5 years now, and It is exactly the attitude of "we'll just block X" that got us here in the first place. If you use RBL's and make the arms race about IP's , then the most direct response is to attack the network layer and/or IP space. Further there are real world reasons why IP filters just aren't going to work on a global scale. For that I'd refer you to the work of Mohit Lad at UCLA. There is an economic layer on top of BGP. The effect of no-valley routing is that you're going to get route propagation from folks you think you can trust but cannot. It's a bit much to get into here, but off-handedly blacklisting more shit isn't the answer here, it's the problem.

  4. IP or IP? by Anonymous Coward · · Score: 1, Interesting

    Slashdot is notorious for using "IP" to mean both "Internet Protocol" and "Intellectual Property", so I read the headline as "Spammers Hijacking Intellectual Property Space".

  5. He's only pretending to be a HAM! by Anonymous Coward · · Score: 1, Interesting

    Per my reading of TFA, he made a phony company under the name of the real (but apparently defunct) Amateur Radio group that actually owned that IP block once upon a time, then pretended to be them.

    That's what you're missing.

  6. Re:who is linking this to the backbone? by Anonymous Coward · · Score: 1, Interesting

    No, in this case the Postal Inspectors need to prosecute for mail fraud. They claimed to be SF packet radio by registering a similar company name and having ARIN re-assign the Block to them. They are not in fact SF packet radio and claiming they were entilted to the SF Packet radio Netblock is fraud. Doing it by the post is mail fraud and the US postal service takes a very dim view of it.