Verizon Accused of Helping Spammers By Routing Millions of Stolen IP Addresses

An anonymous reader writes: Spamhaus, an international non-profit organization that hunts down spammers, is accusing Verizon of indifference and facilitation of cybercrime because it failed for the past six months to take down stolen IP routes hosted on its network from where spam emails originated. Spamhaus detected over 4 million IP addresses, mainly stolen from China and Korea, and routed on Verizon's servers with forged paperwork. Spamhaus says, "For a start, it seems very strange that a large US-based ISP can be so easily convinced by abusers to route huge IP address blocks assigned to entities in the Asian-Pacific area. Such blocks are not something that can go unnoticed in the noise of everyday activity. They are very anomalous, and should call for an immediate accurate verification of the customer. Internal vetting processes at large ISPs should easily catch situations so far from normality."

Verizon/UUnet used to be the best

[kevmeister]

A few years ago, Verizon employed some to the best people in the best people in the world to handle network and routing security. They were very responsive to reports of address hijacking and related issues. Those folks have all left Verizon since they bought UUnet, though the rush for the door didn't start until about 4 years ago.

This all happened about the time I left the operational world and started moving into retirement, so I don't know the people who replaced them, but I am sure that, if they were replaced at all, that the new people were not of the caliber of those who left.

As is often the case, network security seems to have been declared a low priority at Verizon. after all, it does not make them any money. Of course, if they become known for bad security, it could have an impact on the bottom line at some point.

Re:Verizon/UUnet used to be the best

[Mashiki]

Sadly I remember when you could directly contact UUnet engineers when there were routing problems and get tickets opened instantly, and repairs took next to no time. The positions though? Probably H1B replacements.

Re:Verizon/UUnet used to be the best

[whoever57]

The positions though? Probably H1B replacements.

What makes you think that they in the USA? India-based engineers are cheaper than H1-Bs.

Eliminate the Corporation Shield

[Gojira+Shipi-Taro]

Hold the principles of corporations criminally liable for things that happen on their networks. Imprison a few of these motherfuckers and watch corporate behavior get better overnight.

Re:Eliminate the Corporation Shield

[HiThere]

That's not the corporate shield. The corporate shield protects minority stockholders (I think less than 10% of the stock) from liability. The executives, board, and majority stockholders are protected by the much simpler approach of nobody caring to prosecute them.

money changed hands

[roc97007]

> Such blocks are not something that can go unnoticed in the noise of everyday activity.

Although it can probably never be proven, occam's razor indicates that money changed hands. It's a more logical conclusion than this level of incompetence amongst the necessary number of employees.

Re:wtf Spam?

I run the mail cluster at work and have a personal server for my own domains. Even after Barracuda, SpamAssassin, clamav, and a host of custom rules for SA and procmail... Yes, spam still exists. If you haven't received a spam email in years, you (or whoever operates your email) are filtering way too heavily and I guarantee you're losing legitimate messages in the process. That might be fine for your personal box but it's not really acceptable in business.

If you mean you receive spam, but gets filtered to a spam folder instead of your primary inbox, that's not much of a feat, and is pretty much normal now. The shit is still wasting countless resources around the world. Just because you don't see it (or choose not to look at it) doesn't mean it's not a problem.

Re:Math

How was people going bankrupt the fault of anyone else but the people who asked to be given money in the first place?

If you want to buy a house and need a loan to do so THEN FUCKING MAKE SURE YOU ARE CAPABLE OF PAYING THAT LOAN. If you are not able to pay if conditions slightly worsen then it's all on you. Stop blaming the bank for your own inadequacy. You look the loan, you have to make sure you can pay it back, if you can't it's 100% on you.

Take responsibility for your own life and stop blaming your failure on others.

Re:Math

People taking a loan they can't pay may be their own fault - at least in part.
Banks bankrupting themselves by giving out too many such loans have only themselves to blame too.
A nation getting a recession by allowing too many banks to operate like that has itself to blame . . .

Re:Math

If you want to buy a house and need a loan to do so THEN FUCKING MAKE SURE YOU ARE CAPABLE OF PAYING THAT LOAN.

They were told they'd be able to pay the loan, and didn't have the financial sophistication to understand what an interest-only loan really was, didn't understand that there would be a huge balloon payment at the end of the term, and wholly trusted those who sold them the loan. The bottom-feeders selling the loan didn't care, because the mortgage was going to be bundled up and sold to someone else, and were getting their money regardless of whether the buyer defaulted or not. Lenders had every motivation to encourage people to accept debt they couldn't handle, because they were giving them criminally bad financial advice that was accepted because, hey, they're "the professionals".

If those taking the loans out had truly understood what they were signing, I'm quite sure the majority of them wouldn't have done it.