Re: [External] Re: Anyone else getting the 'spam' bomb threat?
Hi Omar, This is likely a hoax. Probably a “joe job” - making it appear as someone innocent is responsible. Its good to share this info to raise network operators awareness since even if it is fake its concerning how many received it. I’ll leave it to the pros here to tell us if we shouldn’t worry. Warm regards, -M< On Wed, Oct 20, 2021 at 21:18 Omar Haider <mrhdr405@gmail.com> wrote:
I feel uncomfortable in this newsletter
On Wed, Oct 20, 2021, 10:56 AM Martin Hannigan <hannigan@gmail.com> wrote:
I put what we received up on pastebin entirely with headers (and redacted our info).
Warm regards,
-M<
On Wed, Oct 20, 2021 at 9:19 AM Radu-Adrian Feurdean < nanog@radu-adrian.feurdean.net> wrote:
On Tue, Oct 19, 2021, at 16:00, Hunter Fuller via NANOG wrote:
We have a distinct abuse address (not just abuse@) and that is where the messages were sent.
We didn't receive the bomb threat ones. We only received the (somewhat more amusing) messages entitled "Your network has been PWNED" and "Fuck you".
Hi,
We got the same here at France-IX. It was on friday 15th. Hopefully, they "PWNED" all our Cisco and Mikrotik routers (of which we have none).
The situation loses its humor entirely with the introduction of bomb threats. Seems like a script kiddie taking things way too far.
I heard that yesterday (19th) evening there was law enforcement deployment and evacuation in the area of a major Paris (FR, EU) telco hotel, apparently due to "threats to a business in the area". Details (popcorn) on FrNOG (in french) : https://www.mail-archive.com/frnog@frnog.org/msg67540.html
So what ever happened to the threatener? Was he caught? From: NANOG <nanog-bounces+bkain1=ford.com@nanog.org> On Behalf Of Martin Hannigan Sent: Wednesday, October 20, 2021 11:44 PM To: Omar Haider <mrhdr405@gmail.com> Cc: nanog <nanog@nanog.org> Subject: Re: [External] Re: Anyone else getting the 'spam' bomb threat? WARNING: This message originated outside of Ford Motor Company. Use caution when opening attachments, clicking links, or responding. Hi Omar, This is likely a hoax. Probably a “joe job” - making it appear as someone innocent is responsible. Its good to share this info to raise network operators awareness since even if it is fake its concerning how many received it. I’ll leave it to the pros here to tell us if we shouldn’t worry. Warm regards, -M< On Wed, Oct 20, 2021 at 21:18 Omar Haider <mrhdr405@gmail.com<mailto:mrhdr405@gmail.com>> wrote: I feel uncomfortable in this newsletter On Wed, Oct 20, 2021, 10:56 AM Martin Hannigan <hannigan@gmail.com<mailto:hannigan@gmail.com>> wrote: I put what we received up on pastebin entirely with headers (and redacted our info). https://pastebin.com/kLjPm8Nk<https://clicktime.symantec.com/35Wa5BUMZ7c8nUrobeoNvR67Vc?u=https%3A%2F%2Fpastebin.com%2FkLjPm8Nk> Warm regards, -M< On Wed, Oct 20, 2021 at 9:19 AM Radu-Adrian Feurdean <nanog@radu-adrian.feurdean.net<mailto:nanog@radu-adrian.feurdean.net>> wrote: On Tue, Oct 19, 2021, at 16:00, Hunter Fuller via NANOG wrote:
We have a distinct abuse address (not just abuse@) and that is where the messages were sent.
We didn't receive the bomb threat ones. We only received the (somewhat more amusing) messages entitled "Your network has been PWNED" and "Fuck you".
Hi, We got the same here at France-IX. It was on friday 15th. Hopefully, they "PWNED" all our Cisco and Mikrotik routers (of which we have none).
The situation loses its humor entirely with the introduction of bomb threats. Seems like a script kiddie taking things way too far.
I heard that yesterday (19th) evening there was law enforcement deployment and evacuation in the area of a major Paris (FR, EU) telco hotel, apparently due to "threats to a business in the area". Details (popcorn) on FrNOG (in french) : https://www.mail-archive.com/frnog@frnog.org/msg67540.html<https://clicktime.symantec.com/3P7mG6Lx8b2Qo7sjs1uqaSZ7Vc?u=https%3A%2F%2Fwww.mail-archive.com%2Ffrnog%40frnog.org%2Fmsg67540.html>
Hi Becki, For me, it's not credible enough to put resources into pursuing it. Beyond that any benefits as a result of tracking it down would probably be less than zero. I posted the contents and headers in pastebin so if it had value to anyone else they'd be able to take advantage of it. Warm regards, -M< On Thu, Oct 21, 2021 at 9:24 AM Kain, Becki (.) <bkain1@ford.com> wrote:
So what ever happened to the threatener? Was he caught?
*From:* NANOG <nanog-bounces+bkain1=ford.com@nanog.org> *On Behalf Of *Martin Hannigan *Sent:* Wednesday, October 20, 2021 11:44 PM *To:* Omar Haider <mrhdr405@gmail.com> *Cc:* nanog <nanog@nanog.org> *Subject:* Re: [External] Re: Anyone else getting the 'spam' bomb threat?
WARNING: This message originated outside of Ford Motor Company. Use caution when opening attachments, clicking links, or responding.
Hi Omar,
This is likely a hoax. Probably a “joe job” - making it appear as someone innocent is responsible. Its good to share this info to raise network operators awareness since even if it is fake its concerning how many received it.
I’ll leave it to the pros here to tell us if we shouldn’t worry.
Warm regards,
-M<
On Wed, Oct 20, 2021 at 21:18 Omar Haider <mrhdr405@gmail.com> wrote:
I feel uncomfortable in this newsletter
On Wed, Oct 20, 2021, 10:56 AM Martin Hannigan <hannigan@gmail.com> wrote:
I put what we received up on pastebin entirely with headers (and redacted our info).
https://pastebin.com/kLjPm8Nk <https://clicktime.symantec.com/35Wa5BUMZ7c8nUrobeoNvR67Vc?u=https%3A%2F%2Fpastebin.com%2FkLjPm8Nk>
Warm regards,
-M<
On Wed, Oct 20, 2021 at 9:19 AM Radu-Adrian Feurdean < nanog@radu-adrian.feurdean.net> wrote:
On Tue, Oct 19, 2021, at 16:00, Hunter Fuller via NANOG wrote:
We have a distinct abuse address (not just abuse@) and that is where the messages were sent.
We didn't receive the bomb threat ones. We only received the (somewhat more amusing) messages entitled "Your network has been PWNED" and "Fuck you".
Hi,
We got the same here at France-IX. It was on friday 15th. Hopefully, they "PWNED" all our Cisco and Mikrotik routers (of which we have none).
The situation loses its humor entirely with the introduction of bomb threats. Seems like a script kiddie taking things way too far.
I heard that yesterday (19th) evening there was law enforcement deployment and evacuation in the area of a major Paris (FR, EU) telco hotel, apparently due to "threats to a business in the area". Details (popcorn) on FrNOG (in french) : https://www.mail-archive.com/frnog@frnog.org/msg67540.html <https://clicktime.symantec.com/3P7mG6Lx8b2Qo7sjs1uqaSZ7Vc?u=https%3A%2F%2Fwww.mail-archive.com%2Ffrnog%40frnog.org%2Fmsg67540.html>
FWIW the term I'd use is "swatting" rather than "joe job". Perhaps picky but it may be the right interpretation, someone is trying to get someone else arrested and in some dramatic fashion, not just harassed. On October 21, 2021 at 16:43 hannigan@gmail.com (Martin Hannigan) wrote:
Hi Becki,
For me, it's not credible enough to put resources into pursuing it. Beyond that any benefits as a result of tracking it down would probably be less than zero. I posted the contents and headers in pastebin so if it had value to anyone else they'd be able to take advantage of it.
Warm regards,
-M<
On Thu, Oct 21, 2021 at 9:24 AM Kain, Becki (.) <bkain1@ford.com> wrote:
So what ever happened to the threatener? Was he caught?
From: NANOG <nanog-bounces+bkain1=ford.com@nanog.org> On Behalf Of Martin Hannigan Sent: Wednesday, October 20, 2021 11:44 PM To: Omar Haider <mrhdr405@gmail.com> Cc: nanog <nanog@nanog.org> Subject: Re: [External] Re: Anyone else getting the 'spam' bomb threat?
WARNING: This message originated outside of Ford Motor Company. Use caution when opening attachments, clicking links, or responding.
Hi Omar,
This is likely a hoax. Probably a “joe job” - making it appear as someone innocent is responsible. Its good to share this info to raise network operators awareness since even if it is fake its concerning how many received it.
I’ll leave it to the pros here to tell us if we shouldn’t worry.
Warm regards,
-M<
On Wed, Oct 20, 2021 at 21:18 Omar Haider <mrhdr405@gmail.com> wrote:
I feel uncomfortable in this newsletter
On Wed, Oct 20, 2021, 10:56 AM Martin Hannigan <hannigan@gmail.com> wrote:
I put what we received up on pastebin entirely with headers (and redacted our info).
Warm regards,
-M<
On Wed, Oct 20, 2021 at 9:19 AM Radu-Adrian Feurdean < nanog@radu-adrian.feurdean.net> wrote:
On Tue, Oct 19, 2021, at 16:00, Hunter Fuller via NANOG wrote: > We have a distinct abuse address (not just abuse@) and that is where > the messages were sent. > > We didn't receive the bomb threat ones. We only received the (somewhat > more amusing) messages entitled "Your network has been PWNED" and > "Fuck you".
Hi,
We got the same here at France-IX. It was on friday 15th. Hopefully, they "PWNED" all our Cisco and Mikrotik routers (of which we have none).
> The situation loses its humor entirely with the introduction of bomb > threats. Seems like a script kiddie taking things way too far.
I heard that yesterday (19th) evening there was law enforcement deployment and evacuation in the area of a major Paris (FR, EU) telco hotel, apparently due to "threats to a business in the area". Details (popcorn) on FrNOG (in french) : https:// www.mail-archive.com/frnog@frnog.org/msg67540.html
-- -Barry Shein Software Tool & Die | bzs@TheWorld.com | http://www.TheWorld.com Purveyors to the Trade | Voice: +1 617-STD-WRLD | 800-THE-WRLD The World: Since 1989 | A Public Information Utility | *oo*
participants (3)
-
bzs@theworld.com
-
Kain, Becki (.)
-
Martin Hannigan