kmolloy Posted December 18, 2010 Share Posted December 18, 2010 I'm boosting signal for the Spamhaus folks, with permission from Mr. Linford. They did post this at spamhaus.org, but it's no longer visible due to DDoS. For speaking out about the crime gangs located at the wikileaks.info mirror IP, Spamhaus is now under ddos by AnonOps. As our site can't be reached now, we can not continue to warn Wikileaks users not to load things from the Heihachi IP. If you know journalists who would get this message out, please forward this message (entire) to them. AnonOps did not like our article update, here's what we said and what brought the ddos on us: ---- In a statement released today on wikileaks.info entitled "Spamhaus' False Allegations Against wikileaks.info", the person running the wikileaks.info site (which is not connected with Julian Assange or the real Wikileaks organization) called Spamhaus's information on his infamous cybercrime host "false" and "none of our business" and called on people to contact Spamhaus and "voice your opinion". Consequently Spamhaus has now received a number of emails some asking if we "want to be next", some telling us to stop blacklisting Wikileaks (obviously they don't understand that we never did) and others claiming we are "a pawn of US Government Agencies". None of the people who contacted us realised that the "Wikileaks press release" published on wikileaks.info was not written by Wikileaks and not issued by Wikileaks - but by the person running the wikileaks.info site only - the very site we are warning about. The site data, disks, connections and visitor traffic, are all under the control of the Heihachi cybercrime gang. There are more than 40 criminal-run sites operating on the same IP address as wikileaks.info, including carder-elite.biz, h4ck3rz.biz, elite-crew.net, and bank phishes paypal-securitycenter.com and postbank-kontodirekt.com. Because they are using a Wikileaks logo, many people thought that the "press release" was issued "by Wikileaks". In fact there has been no press release about this by Wikileaks and none of the official Wikileaks mirrors sites even recognise the wikileaks.info mirror. We wonder how long it will be before Wikileaks supporters wake up and start to question why wikileaks.info is not on the list of real Wikileaks mirrors at <a href="http://wikileaks.ch/mirrors.html">wikileaks.ch</a>. Currently wikileaks.info is serving highly sensitive leaked documents to the world, from a server fully controlled by Russian malware cybercriminals, to an audience that faithfully believes anything with a 'Wikileaks' logo on it. Spamhaus continues to warn Wikileaks readers to make sure they are viewing and downloading documents only from an official Wikileaks mirror site. We're not saying "don't go to Wikileaks" we're saying "Use the wikileaks.ch server instead". ---- Steve Linford The Spamhaus Project http://www.spamhaus.org Link to comment Share on other sites More sharing options...
wkitty42 Posted December 18, 2010 Share Posted December 18, 2010 I'm boosting signal for the Spamhaus folks, with permission from Mr. Linford. They did post this at spamhaus.org, but it's no longer visible due to DDoS. i've posted this to facebook and twitter to assist in spreading the word Link to comment Share on other sites More sharing options...
Farelf Posted December 18, 2010 Share Posted December 18, 2010 ......Currently wikileaks.info is serving highly sensitive leaked documents to the world, from a server fully controlled by Russian malware cybercriminals, to an audience that faithfully believes anything with a 'Wikileaks' logo on it. ... And for any having difficulty believing Spamhaus, just check out for yourselves the domains sharing servers with wikileaks.info: http://www.robtex.com/dns/wikileaks.info.html#shared. I see 211 sharing internet address and 136 sharing nameservers - some very bad company - for the current DNS records (mostly Russian Federation hosting): Base Record Name IP Reverse Route AS wikileaks.info a [/tcol] 92.241.190.202 webspace.heihachi.net 92.241.160.0/19 AS41947 ns-soa ns1.heihachi.net 92.241.190.201 dns.heihachi.net ns ns1.heihachi.net 92.241.190.201 dns.heihachi.net ns2.heihachi.net 77.91.225.156 (none) 77.91.224.0/21 [tcol]mx 10mail.wikileaks.info 87.102.255.156 mail.wdr.org 87.102.128.0/17 AS6772 Link to comment Share on other sites More sharing options...
Farelf Posted December 19, 2010 Share Posted December 19, 2010 Spamhaus currently reachable. Update to the DDoS attack noted, amongst other things: By no coincidence, the 'AnonOps' DDOS group irc.anonops.net is also hosted by the same Heihachi Russian-German cybercrime gang in the same CIDR as wikileaks.info: wikileaks.info = 92.241.190.202 irc.anonops.net = 92.241.190.94 Ah well ... http://xkcd.com/834/ Link to comment Share on other sites More sharing options...
Farelf Posted December 20, 2010 Share Posted December 20, 2010 Still (or again) able to access Spamhaus. In an update, SH has retracted allegations that AnonOps is behind the DDoS attack. ...AnonOps members have denied responsibility for the DDoS. They have stated how much they hate spam and would not attack Spamhaus. ... It now appears far more likely that the DDoS was the work of people running, or hosting at, the Heihachi cybercrime group. Possibly they were angered by the attention this article brought to their dirty section of the internet. ... Link to comment Share on other sites More sharing options...
kmolloy Posted December 20, 2010 Author Share Posted December 20, 2010 Still (or again) able to access Spamhaus. In an update, SH has retracted allegations that AnonOps is behind the DDoS attack. I actually find that very credible; I can believe that RBN (who is likely behind Heihachi) would "frame" AnonOps for a DDoS. thanks all who spread the word. Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.