Verizon Accused of Helping Spammers By Routing Millions of Stolen IP Addresses

An anonymous reader writes: Spamhaus, an international non-profit organization that hunts down spammers, is accusing Verizon of indifference and facilitation of cybercrime because it failed for the past six months to take down stolen IP routes hosted on its network from where spam emails originated. Spamhaus detected over 4 million IP addresses, mainly stolen from China and Korea, and routed on Verizon's servers with forged paperwork. Spamhaus says, "For a start, it seems very strange that a large US-based ISP can be so easily convinced by abusers to route huge IP address blocks assigned to entities in the Asian-Pacific area. Such blocks are not something that can go unnoticed in the noise of everyday activity. They are very anomalous, and should call for an immediate accurate verification of the customer. Internal vetting processes at large ISPs should easily catch situations so far from normality."

Verizon/UUnet used to be the best

[kevmeister]

A few years ago, Verizon employed some to the best people in the best people in the world to handle network and routing security. They were very responsive to reports of address hijacking and related issues. Those folks have all left Verizon since they bought UUnet, though the rush for the door didn't start until about 4 years ago.

This all happened about the time I left the operational world and started moving into retirement, so I don't know the people who replaced them, but I am sure that, if they were replaced at all, that the new people were not of the caliber of those who left.

As is often the case, network security seems to have been declared a low priority at Verizon. after all, it does not make them any money. Of course, if they become known for bad security, it could have an impact on the bottom line at some point.

Re:Verizon/UUnet used to be the best

[whoever57]

The positions though? Probably H1B replacements.

What makes you think that they in the USA? India-based engineers are cheaper than H1-Bs.

Eliminate the Corporation Shield

[Gojira+Shipi-Taro]

Hold the principles of corporations criminally liable for things that happen on their networks. Imprison a few of these motherfuckers and watch corporate behavior get better overnight.

Re:Eliminate the Corporation Shield

[HiThere]

That's not the corporate shield. The corporate shield protects minority stockholders (I think less than 10% of the stock) from liability. The executives, board, and majority stockholders are protected by the much simpler approach of nobody caring to prosecute them.

money changed hands

[roc97007]

> Such blocks are not something that can go unnoticed in the noise of everyday activity.

Although it can probably never be proven, occam's razor indicates that money changed hands. It's a more logical conclusion than this level of incompetence amongst the necessary number of employees.

Re:wtf Spam?

I run the mail cluster at work and have a personal server for my own domains. Even after Barracuda, SpamAssassin, clamav, and a host of custom rules for SA and procmail... Yes, spam still exists. If you haven't received a spam email in years, you (or whoever operates your email) are filtering way too heavily and I guarantee you're losing legitimate messages in the process. That might be fine for your personal box but it's not really acceptable in business.

If you mean you receive spam, but gets filtered to a spam folder instead of your primary inbox, that's not much of a feat, and is pretty much normal now. The shit is still wasting countless resources around the world. Just because you don't see it (or choose not to look at it) doesn't mean it's not a problem.