Jump to content

Some folks just can't leave the Internet alone


Recommended Posts

A Case of Network Identity Theft?

Brian Krebs on Computer Security

Digital real estate leased to one of the Internet's oldest landholders appears to have been quietly seized by e-mail marketers closely associated with an individual once tagged by anti-spam groups as the world's most notorious spammers.

What's remarkable about this case study is that it pits a vocal spammer against the American Registry for Internet Numbers, which has yet to take action. ARIN is one of five regional Internet registries worldwide that is responsible for allocating IP addresses (ARIN handles this process for the United States, Canada and 22 Caribbean countries).

The real estate in question is Internet address space long ago issued to San Francisco Bay Packet Radio, an organization that was involved way back in the 1970s in testing ARPANET, a predecessor to the global commercial Internet that we all use today. That organization was given the rights to do whatever it wanted with any numeric Internet addresses that begin with 134.17 (an allocation that is known in the industry as a "slash 16 or /16," or enough Web space to accommodate up to 65,536 unique Internet addresses).


That entire swath of Internet space is now registered to an entity in Westminster, Colo., called SF Bay Packet Radio LLC, but except for a similar name, this company has no relation to San Francisco Bay Packet Radio.

The name on SF Bay Packet Radio LLC's business records lists a Trudy DeBell as the registered agent. DeBell also is the chief financial officer for a company called Media Breakaway, an online marketing company which lists as its president an attorney named Steven Richter. Richter says Media Breakaway has 70 employees and generates more than $100 million in annual revenue.

As it happens, Steven is father to one Scott Richter, an e-mail marketer who has been sued by a number of the Internet's biggest players -- including Microsoft, Myspace and former New York Attorney General Eliot Spitzer, for sending spam. In 2005, Scott Richter agreed to pay $7 million in damages to Microsoft. He is now CEO of Media Breakaway.

A trace through the global Internet routing tables conducted by Security Fix indicates that traffic destined for the Internet addresses previously owned by the original San Francisco Bay Packet Radio entity is now being routed through servers controlled by a San Diego based e-mail marketing company called JKS Media LLC.

Who owns JKS Media? When Security Fix tried connecting to the site over an FTP (file transfer protocol) connection, the greeting displayed by the site read "wholesalebandwidth.com," a company owned by Media Breakaway. Anti-spam activists have implicated wholesalebandwidth.com in multiple spam operations. Steve Richter confirmed that JKS Media also is owned by Media Breakaway.

So what about spam seen currently sent through networks now controlled by JKS Media? A review of records posted by both Spamhaus.org and e-mail provider Outblaze.com shows that a large number of Internet addresses on the company's Internet space have been blacklisted for sending junk e-mail.

A spokesperson for Spamhaus said that JKS Media/Media Breakaway had indeed hijacked the IP space from its previous owner, and that the IP space should be revoked under the rules set out by ARIN.


In January 2007, MySpace sued Scott Richter and his e-mail marketing firm Optinrealbig.com LLC, alleging that Richter gained access to MySpace member accounts and used them to send millions of spam messages appearing to be from users' MySpace "friends." Among the many legal claims MySpace filed was that -- in spamming MySpace users -- Richter was in "breach of contract" with MySpace's terms of use, the legalese that every user of the site must agree to in order to have a MySpace account.

Interestingly, Scott Richter's attorneys pointed out to the judge in the case that MySpace's own terms of service stipulate that either party to a dispute over violations of the company's terms of service can demand to settle the dispute through arbitration. As a result, in August of last year the judge in the matter ordered both sides into arbitration, and dismissed the lawsuit.

I could not find current contact information for anyone who worked on the original San Francisco Bay Packet Radio project. If you are someone you know was affiliated with that effort, please drop me a line or leave a comment below.

Link to comment
Share on other sites

Very scary ... a /16 on DIRECT assignment from ARIN ...

Of course, at this point, all they may own is a big sack of numbers. I pinged a couple at random and never got any response. I guess they'd have to get an upstream of some sort to hook them to the backbone.

My WHOIS for the block shows an October 2007 registry date, and gives e-mail addresses in the sfbaypr.com domain, registered at NetSol in June 2007 with cloaked registrant data.

-- rick

Link to comment
Share on other sites


This topic is now archived and is closed to further replies.

  • Create New...