Widget powered by WhatstheScore.com

Author Topic: Spamhaus Project accuse Verizon of Helping Cybercriminals by Routing Stolen IP  (Read 106 times)

0 Members and 1 Guest are viewing this topic.

Offline yungcrux

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 620
    • View Profile
Verizon has some explaining to do because a recent report from The Spamhaus Project has pointed the finger at the company and accused it of aiding cybercriminals by routing over four million IP addresses through its network.

The Spamhaus Project is an international non-profit organization that for the last years has maintained a spam blacklist and also collaborated with law enforcement agencies to track down spammers and some of the Internet's spam operations.

As Spamhaus representative Barry Branagh explains, the recent depletion of the IPv4 address block has forced cybercriminals to steal IP ranges from the IP pools of companies that don't use them, or haven't gotten around to setting up routes for those IPs.

"Setting up a route" is when an ISP tells other ISPs that a particular IP address block can be found on its servers. While spammers have found it quite easy to steal or buy IP blocks from the black market, to set up a route they usually need to register as an AS (Autonomous System) and receive an ASN (Autonomous System Number).

Verizon doesn't vet ASs that want to route IP addresses on its servers

Because of Verizon's relaxed ASN set up process, cybercriminals have found it quite easy to submit forged documents to the company and have it route their stolen IP lots through their servers.

Using this approach, Mr. Branagh says that over 4 million IP addresses have been routed through Verizon's network, which later were used for spamming users via the "snowshoe approach." With this technique, spammers use multiple addresses, in multiple locations, to send spam email to their victims.

The technique makes it harder for organizations like Spamhaus to identify and track down larger spam campaigns while also keeps down the spammy traffic coming from one single IP address, and so avoid getting blacklisted after a few thousand emails.