I originally held back on a similar response. But I had the exact same opinion. It works against your argument when you start off with insults and condescension. Personally, I would not refer anyone to someone making a post like this. Regards, Ray Orsini – CEO Orsini IT, LLC – Technology Consultants VOICE DATA BANDWIDTH SECURITY SUPPORT P: 305.967.6756 x1009<tel:305.967.6756%20x1009> E: ray@orsiniit.com<mailto:ray@orsiniit.com> TF: 844.OIT.VOIP http://www.orsiniit.com<http://www.orsiniit.com/> | Schedule a Call<https://orsiniit.as.me/?calendarID=1756688> From: NANOG <nanog-bounces@nanog.org> On Behalf Of Tom Beecher Sent: Tuesday, March 19, 2019 10:01 AM To: Ronald F. Guilmette <rfg@tristatelogic.com> Cc: NANOG <nanog@nanog.org> Subject: Re: Contacts wanted: OVH, DigitalOcean, and Microsoft (Deutschland) This entire thread could easily have been simply : "Hey all! I'm having some challenges reaching a live person in the abuse groups for X, Y, and Z. Can anyone help with a contact, or if anyone from those companies sees this, can you contact me off-list?" Calling everyone an idiot in the midst of Endless Pontification isn't really a recipe for success. On Mon, Mar 18, 2019 at 8:04 PM Ronald F. Guilmette <rfg@tristatelogic.com<mailto:rfg@tristatelogic.com>> wrote: OVH, DigitalOcean, and Microsoft... Is there anybody awake and conscious at any of these places? I mean anybody who someone such as myself... just part of the Great Unwashed Masses... could actually speak to about a real and ongoing problem? Maybe most of you here will think that this is just a trivial problem, and one that's not even worth mentioning on NANOG. So be it. Make up you own minds. Here is the problem... For some time now, there has been an ongoing campaign of bitcoin extortion spamming going on which originates primarily or perhaps exclusively from IPv4 addresses owned by OVH and DigitalOcean. These scam spams have now been publicised in multiple places: https://myonlinesecurity.co.uk/fake-cia-sextortion-scam/ Yea, that's just one place, I know, but there's also no shortage of people tweeting about this crap also, in multiple languages even! https://twitter.com/SpamAuditor/status/1107365604636278784 https://twitter.com/dvk01uk/status/1107510553621266433 https://twitter.com/bortzmeyer/status/1107737034049900544 https://twitter.com/ariestess69/status/1107468838596038656 https://twitter.com/bernhard_mahr/status/1107513313020297216 https://twitter.com/jzmurdock/status/1107679858945974272 https://twitter.com/gamamb/status/1107384186548207617 https://twitter.com/davidgsIoT/status/1107725201331097606 https://twitter.com/cybers_guards/status/1107675396076560384 https://twitter.com/ThatHostingCo/status/1107588660831105024 https://twitter.com/fladna9/status/1107554090765242368 https://twitter.com/JUSTADACHI/status/1107549777607184384 https://twitter.com/okhin/status/1107627379650908160 https://twitter.com/Purple_Wyrm/status/1107454618705887232 https://twitter.com/LadyOFyre/status/1107349022220550144 https://twitter.com/laurelvail/status/1107345980062523392 https://twitter.com/Alex__Rubio/status/1107595560440217600 The thing of it is that ALL of this crap... al of these scam spams... are quite obviously originating out of the networks of OVH and DigitalOcean. And it's not even all that hard to figure out where from, exactly and specifically. I generated the following survey, on the fly, last night, based on a simple reverse DNS scan of the evidently relevant addrdess ranges: https://pastebin.com/raw/WtM0Y5yC As anyone who isn't as blind as a bat can easily see, there's a bit of a pattern here. All of the spam source IPs are on just two ASNs: AS16276 - OVH SAS AS4061 - DigitalOcean, LLC It's equally clear that there have already been numerous reports about this ongoing and blatantly criminal activity that have been sent to the low-level high school dropout interns that these companies, like most others on the Internet these days, choose to employ as their first-level minions in their "not a profit center" abuse handling departments. So, guess what? Surprise, surprise! None of those clue-deprived flunkies have apparently yet managed to figure out that there's a pattern here. Duh!. As a result, the scamming and the spamming just go on and on and on, and the spammer-scammer just keeps on getting fresh new IP addresess on both of these networks... and fresh (and utterly free) new domain names from the equally careless company called Freenom. So, you know, I really would appreciate it if someone could either put me in touch with some actual sentient being at either OVH or DigitalOcean... assuming that any such actually exist... or at the very least, try to find one to whom clue may be passed about all this, because although these scam spams were kind of humorous and novel at first, the novelty has now worn off and they're really not all that funny anymore. Oh! And while we are on the subject, I'd also like to obtain a contact, preferbly one which is also and likewise in possession of something roughly approximating clue, at this place: AS200517 - Microsoft Deutschland MCIO GmbH The reason is that although MS Deutschland is most probably not the source of any of the spams, they, or at least their 51.18.39.107 address, do appear to be mixed up in all of this somehow: https://pastebin.com/raw/ziVNCmZ8 I dunno. Maybe Microsoft has managed to engineer a merger with the CIA (?) If not, then maybe they would be so kind as to rat out this specific criminal customer of their's to appropriate authorities. Don't get me wrong. I heartily applaud Microsoft's Digital Crimes Unit for all of the admirable work they do, but you know the old saying... charity begins at home. So my hope is that they will seek to get this low-life off their network immediately, if not sooner, and then also seek to arrange suitable long term accomodations for him in, say, Florence, Colorado, or, if he/she/it has a higher than average level of tan, I hope that they will make all necessary inquiries to find out if there are still any open bunks available in Gitmo. Regards, rfg P.S. In recent days, the popular media has fanned the flames of controversy, as it is their habit to do, over the question of whether or not the various social media companies could have somehow automagically spotted and deleted, in real time, with some sort of yet-to-be-invented artificial intelligence wizardry, the shooter videos from New Zealand. Of course, none of the TV personalities who so cavalierly offer up their totally uninformed opinions on this question have ever themselves gotten within a country mile of the kinds of AI that could, perhaps in another decade or three, reliably distinguish between a video of a msss shooting and a video of a particularly raucous birthday party. It's a hard problem. In contrast to that hard problem, spotting the kind of trivial reverse DNS pattern I've noted above is child's play and a no brainer. Why then, one might reasonbly ask, have the combined abuse departments of both OVH and DigitalOcean been either utterly unable or else utterly unwilling to do so? Solving these kinds of trivial problems does not await the development of some advanced new artificial intelligence. It just requires the judicious application of a small bit of the non-artificial kind of intelligence. But the industry, it seems, can't, or won't, even manage that.