Ruskie gang hijacks Microsoft network to push penis pills For the past three weeks, internet addresses belonging to Microsoft have been used to route traffic to more than 1,000 fraudulent websites maintained by a notorious group of Russian criminals, publicly accessible internet data indicates. The 1,025 unique websites — which include seizemed.com, yourrulers.com, and …
Since these networks are demonstrably run by Microsoft and Microsoft have lots of money, any one who has an issue with any of these website should sue M$.
You own the IP address and therefore you did is an accepted legal point, it has been repeatedly used in courts of law around the world by media businesses suing filesharers. The defence that it wasn't you it was a defect in your network security has not been accepted by the courts. So time to turn the tables here. Criminal activity is happening from there addresses so they are guilty. The courts will have to decide whether to continue to accept IP address based evidence as being admissible. So either MS are in big trouble here, or the media companies and their [il]legal sharks are going to loose a big stick.
...then you get to a money mule. People are offered jobs where they can work at home - all they need is a bank account to receive payments. They keep a percentage of the payment, cash rest and send it via Western Union or similar cash transfer service to someone in Eastern Europe. There are apparently enough people gullible enough to do this.
And Western Union or similar cash services have records of where their payments went. So jail the mule as is his due and continue to chase the money.
I like the idea of going after MS too.
I'll add a third, which is that even though they are dummy corps, somebody is set up to process the payments, go after them, follow their money and their associations.
Chase all the money on all the angles until you get as much of it as possible. I mean, I hear governments all over the world are short on cash at the moment. The scammers seem to have plenty of it, so isn't it time to shake them down?
DNS and whois are not enough. Is it that difficult to go to the Linx looking glass or one of the publically available route servers and see if the network in question is still being routed to microsoft?
The article language also reads almost like the Daily Fail. The reg is a technical website, we do not need the babytalk explanations of what Dig is for crying out loud.
In order to hijack a range of IP addresses, you have to subvert a core ISP, or find some way of injecting false BGP (or whatever they use nowadays) information into the wider network. You have to be trusted, and in particular points in the network to have BGP info believed by your neighbours.
While I am not saying this is impossible, it is so fundamental in the operation of the Internet as a whole that if this is compromised, the operation of the whole Internet is at risk.
To El. Reg. To see whether an IP address is where you think it is, you can try to use traceroute (oh, sorry, tracert for windows users) to see where the packets appear to go. While it is not a sure-fire thing (traceroute can be blocked easily, and some routers do not respond), you may get sufficient clues from the names of the routers that have DNS entries to guess at the routing of the packets. If this does not work, you might try a ping -R (UNIX/Linux only?) to get the return path of the packets.
There are probably many better tools, but Dig (although I still use nslookup), traceroute, ping, netcat, telnet, nmap, wireshark and other tools such as nessus should all be in the metaphorical toolbox of people who want to diagnose network problems.
Convince your upstream you're allowed to announce routes for xyz/16 (or anything down to around a /19), do it, profit.
That kind of attack is hardly new. I first encountered it back in 2003 while tracking a spam gang and as a result of the ensuing investigations there are now several private mailing lists dedicated to shutting down rogue announcements & returning the networks to their rightful owners or having them returned to the registries (this is where a lot of the recent reassignments of old swamp space have come from)
Ron may well be right that MS have a compromised server, but I've known him for nearly 15 years and he's got a tendency to loudly assume the worst case scenario. The fact that so many IPs are involved points more to network route hijacking than physical compromise.
By the way, the scary part is that the world's telephone number routing uses a very similar protocol which is even easier to hijack as there are no security measures installed against fraudulent activity. The vulnerability isn't theoretical - in the late 1990s UK porn operators were found to be hijacking number ranges belonging to Chile and Niue Island, among others...
Oh dear, we should immediately revoke MS's licence to use the internet, shutting down all their update servers, verification servers, activation servers etc, all according to the desires of...well...microsoft!
They can't possibly complain, at was thier idea!
http://www.prisonplanet.com/microsoft-proposal-opens-door-for-government-licensing-to-access-internet.html
...that the world would be far better off if Russia and China were cut off completely from the wider internet. Follow their borders with a backhoe and an angle grinder and be done with it.
Is there any major criminal effort not headquartered in Russia and hosted in China? Maybe a couple, but not a lot. And if you physically sliced off the net connections, it's not like they could just operate out of different countries unless they moved there - risky and a pain in the ass.
Sure, there'd be some collateral, but at this point those two countries alone are close to destroying the utility of the net for the rest of us. Screw 'em and the horse they rode in on - let them back in the club when they won't let the trash line their pockets while feigning innocence.
...and will happily cook with electric. I'd be fine with subsidizing eastern Europeans' energy needs if it meant a 90% reduction in malware, spam, and as a consequence, odious Linux zealots who think it's clever to say "MicroSux" and "Winbloze".
As for western Europe, there's a reason God made the French - and as recent events have shown, it's not for liberty, equality, and fraternity: It's for nuclear power. The French have done at least two things the world is better off for - proving nuclear power is a viable large-scale energy source, and Grand Prix racing.
These things have been largely offset by their electing Sarkozy, but you can't bat 1000, can you?
Reporting this problem should be as simple as checking the ARIN record for that address, right?
abuse@msn.com, abuse@hotmail.com, abuse@microsoft.com
Auto-reply bots saying that your complaint was sent to the wrong address and discarded.
noc@microsoft.com
Carefully guarded by a filter that rejects anything that might mention any type of abuse going on.
Spam on!
This post has been deleted by its author
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
