Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

From the datacentre perspective: cartel spambot extortion

Freewheeling spot to chew the fat on anything cryptostorm-related that doesn't fit elsewhere (i.e. support, howto, &c.). Criticism & praise & brainstorming & requests for explanation... this is where it goes when it's hot & ready for action! :-)
User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

From the datacentre perspective: cartel spambot extortion

Postby Pattern_Juggled » Tue Mar 08, 2016 9:16 am

Here's a discussion we've been having with one of our datacentres, which provides a bit of inside-view on how these cartel spambots operate: an extortion scheme, basically.

UPDATE: here's the latest reply from the datacentre (which I've also added into the proper message flow, down towards bottom of this already-long post):

Hello. Well, we are all aware. But, you must understand us too. The fact that the terminal address is the address of our server. and all abuzy come to our company. For these messages, we have to report to sender. According to the rules, we need to stop the server. Unsubscribe to the sender that these actions were stopped. Yes, and the message data is not very positive impact on the company's reputation in the network.

And so we have two suggestions. Which one you choose is your right.

    1. If you and we do business, let's do this: for every complaint you will pay compensation in the amount of $ 20 (this amount can be specified). In a way the penalty for breaking the rules. In this case, your server will not be stopped when a complaint is received on your server

    2. If you receive another complaint we stop working with you.

We value the reputation of the company, and we will do everything to not The supported the company's reputation at the proper level, and strive to meet the needs of our Clent.

-------------------------
Best regards
StepHost TEAM
{name not redacted, because... yeah}



First, we receive this message from the datacentre admins (note: I mark in boldface the actual text of the DC's message, at the bottom of this quote):

Dear Sir or Madam:

We are contacting you on behalf of Paramount Pictures Corporation (Paramount). Under penalty of perjury, I assert that IP-Echelon Pty. Ltd., (IP-Echelon) is authorized to act on behalf of the owner of the exclusive copyrights that are alleged to be infringed herein.

IP-Echelon has become aware that the below IP addresses have been using your service for distributing video files, which contain infringing video content that is exclusively owned by Paramount.

IP-Echelon has a good faith belief that the Paramount video content that is described in the below report has not been authorized for sharing or distribution by the copyright owner, its agent, or the law. I also assert that the information contained in this notice is accurate to the best of our knowledge.

We are requesting your immediate assistance in removing and disabling access to the infringing material from your network. We also ask that you ensure the user and/or IP address owner refrains from future use and sharing of Paramount materials and property.

In complying with this notice, Nav Datacenter Telecom Srl should not destroy any evidence, which may be relevant in a lawsuit, relating to the infringement alleged, including all associated electronic documents and data relating to the presence of infringing items on your network, which shall be preserved while disabling public access, irrespective of any document retention or corporate policy to the contrary.

Please note that this letter is not intended as a full statement of the facts; and does not constitute a waiver of any rights to recover damages, incurred by virtue of any unauthorized or infringing activities, occurring on your network. All such rights, as well as claims for other relief, are expressly reserved.

Should you need to contact me, I may be reached at the following address:

Adrian Leatherland
On behalf of IP-Echelon as an agent for Paramount
Address: 6715 Hollywood Blvd, Los Angeles, 90028, United States
Email: copyright@ip-echelon.com

Evidentiary Information:
Protocol: BITTORRENT
Infringed Work: Terminator Genisys
Infringing FileName: TERMINATOR GENISYS (2015) PAL Rentail DVD9 DD5.1 Multi Subs 2LT
Infringing FileSize: 6959715899
Infringer's IP Address: 5.154.191.25
Infringer's Port: 20071
Initial Infringement Timestamp: 2016-03-05T20:13:27Z

This email (including any attachments) is for its intended-recipient's use only. This email may contain information that is confidential or privileged. If you received this email in error, please immediately advise the sender by replying to this email and then delete this message from your system.

{gratuitous, redundant XML version of plaintext message above removed, because silly}

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEcBAEBAgAGBQJW2z32AAoJEN5LM3Etqs/W0/cIAJLzKmQMbbgxJxDoa6gkpjwO
rRuRFyj/37Oy/qZVqyPisL+TJW/gvTopJ721ifZRCJuMOTVYIuqMxRJpA6aN5RYH
5jw4tbTlux+WaW7PrqQ5GEQ2/3FZAT0DHYp2rFcIuHrupAEVLBDX/zcXjS1qIETB
aMu9gXXqsAt6+UirQClTzqCt5co9RMlQmQRz1JMjSjnsDwZhtOUx+WrZh+lfSq73
jpGMOCG5sMCoEYlawW36s8KnmEOU+cor0jEZadRPs2+jTVnLIgKSFOSZ8Xmq2og7
wMasZoGvxQxQBvU7UgLfqP3O64DOTxfXd18U8g7yJPlNZjdEDSFkk89nGwyf9GU=
=ViUe
-----END PGP SIGNATURE-----

Can you say us how along we will receive emails like this. Do you understand that is an illigal oparations. You must to remove the illigal content. If we get another email a complaint to your server, we will be forced to shut down your server and close the order. Good Luck.

-------------------------
Best regards
{datacentre name redacted to protect the, umm... "innocent?" :-P}



We reply as follows:

We don't have any illegal content on the server. We run a VPN service, which means it is possible for our customers to download copyrighted material on to their own computers with Bittorent while connected to our service.



...aaand their reply is as follows:

We know, we seen your VPN scripts on GitHub.



Huh? At this point, I decided to provide a bit more backstory (as it were) via the following reply:

Hello, yes our nework security service provides many opensource materials via our github repository, here:
https://github.com/cryptostorm/

We also maintain our customer discussion forum at:
https://cryptostorm.org

Our main twitter account is at:
https://twitter.com/cryptostorm_is

In fact, a summary of cryptostorm resources availale to the general public can be found here:
https://cryptostorm.is/map

We provide many tools, websites, and educational resources for our members and for the larger internet community - a service we now provide for almost ten years. Our researchers have provided useful contributions to many important areas of network security, digital privacy, and cryptographic systems during those years.

There is nothing in this work that is hidden, illegal, or "black hat" in style or substance. Yes, it is true that we are sent poorly-worded "DMCA complaints" pretty regularly - in our discussion forum we explore the legal and technological issues that are highlighted by these kinds of efforts to coerce censorship or extort money from our members. For example, here is one such thread:
https://cryptostorm.org/viewtopic.php?t=5808

With many of our datacentres, we work with them to develop procedures to reply to these "cartel spambots" with a detailed, legally reasoned answer and request for additional information. This is something we are happy to do, in working with you, if it is necessary. I would point out that the DMCA itself (a specific law) covers *only* companies based in the United States. We, cryptostorm, are not based in the USA and I do not think your company is either.

Finally, we understand that there are services on the internet that exist specifically to make money from pirated content. This is true, and we understand there are strong feelings about them. However, please understand: we are *not* a service that makes money from pirated content. We are a network security service: we send and receive information securely, on behalf of our customers. We do not filter or block any information. We are similar to a wholesale bandwidth provider (like Level 3), who simply transmits data. We are not a "content company" and have nothing to do with specific content. We do not host websites, provide files, offer filesharing services, or anything else. We only send and receive packets of data for our members, securely and with cryptographic protection: when using our service, members have *all* of their internet traffic secured.

If we can answer any additional questions, please let us know. However, we cannot continue to do business with hosting companies that turn off servers if a single "cartel spambot" message arrives - even before we have a chance to reply! This is bad for our members, bad for our service, and bad business in general.

With respect,

~ cryptostorm private network



Now, we'll see how the discussion goes from here - and I'll post any further thread additions here, to keep things fully synchronised.

UPDATE: here's the latest reply from the datacentre:

Hello. Well, we are all aware. But, you must understand us too. The fact that the terminal address is the address of our server. and all abuzy come to our company. For these messages, we have to report to sender. According to the rules, we need to stop the server. Unsubscribe to the sender that these actions were stopped. Yes, and the message data is not very positive impact on the company's reputation in the network.

And so we have two suggestions. Which one you choose is your right.

    1. If you and we do business, let's do this: for every complaint you will pay compensation in the amount of $ 20 (this amount can be specified). In a way the penalty for breaking the rules. In this case, your server will not be stopped when a complaint is received on your server

    2. If you receive another complaint we stop working with you.

We value the reputation of the company, and we will do everything to not The supported the company's reputation at the proper level, and strive to meet the needs of our Clent.

-------------------------
Best regards
StepHost TEAM



Never a dull moment, eh? :roll:
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


Khariz
Posts: 161
Joined: Sun Jan 17, 2016 7:48 am

Re: From the datacentre perspective: cartel spambot extortion

Postby Khariz » Tue Mar 08, 2016 11:36 am

When did you get back? I think this is your first post since last fall? Welcome back?


LoveTheStorm
Posts: 22
Joined: Fri Feb 26, 2016 1:10 am

Re: From the datacentre perspective: cartel spambot extortion

Postby LoveTheStorm » Tue Mar 08, 2016 7:25 pm

Welcome back PJ.

Anyway, hope this "cartel spambot" story will not compromise/prejudice the crypto service for the future. ;)

User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: From the datacentre perspective: cartel spambot extortion

Postby Pattern_Juggled » Wed Mar 09, 2016 9:14 am

LoveTheStorm wrote:Welcome back PJ.


My genuine thanks for the kind words. It's been... interesting times.

Very much glad to be back.

Anyway, hope this "cartel spambot" story will not compromise/prejudice the crypto service for the future. ;)


Heh, no worries mate! :-P

Honestly, we've been dealing with this sort of silly nonsense for many years - it's neither new, nor terribly problematic. It certainly has no impact on the service, and we'd never allow it to have any security impact on our members. That's utterly non-negotiable, and always has been.

It does mean that, fairly often given the growth in our network footprint over the years, we're finding ourselves in the position of "cycling out" particular nodes because a given datacentre or hosting company... well, simply doesn't get it.

We always try to communicate openly and clearly, and we always strive to be reasonable and patient in such things. However, our loyalties are to our members - and to the cryptostorm project overall. The role of our datacentres is to provide a service to us, for monies paid; they are vendors. We like to build good vendor relationships, and some of our hosting providers have become respected colleagues in the years we've done business together. That's always a good thing, for all involve.d

That said, when a datacentre just goes a bit off the rails on us, and that begins impacting member service (not the security of the service, of course, but rather reliability and uptime statistics)... well, it's time to part ways and shift business to new vendors.

It's not something we track with high precision, but anectdotally I'd say we see a datacentre exit our network every week or two, on average. And, oh yah - there was a time last fall when we were working hard to provision US_central cluster with additional capacity. We'd add a new node (or two), and even before we could get them announced, they'd drop - DMCA drama, mostly. We'd add more, they'd drop... and we'd lose an existing node.

It became something of a test of persistence: I personally became (admittedly, and entirely predictably) obsessive about getting at least two nodes into the cluster that weren't going to disappear out from underneath us. I lost count of how many machines we added, provisioned, then all but immediately lost. (and yes, there was a good bit of evidence that the situation wasn't entirely random - although we had not the luxury of documenting those empirical data or extrapolating to hypothetical antagonists who might be on the other side of that particular table, as it were... we most likely know who it was; the relevant point is our obligation to members to provide reliable, consistent service and that goal overrode our curiosity about the source and motivation of the likely attack we were experiencing)

Anyhow, yah... this happens, behind the scenes, alot. It's one of those not-sexy and yet very important parts of running the network - not something we make much noise about publicly, but it sucks up a decent chunk of staff time to stay ahead of it. I don't even want to guess how much time df puts into provisioning, testing, validating, and deploying each node - it's a manual process, intentionally so, as we like to know we're doing it right - and all that time is a total waste if the node drops in a day or three because some cartel spammer sends a "takedown notice" and the datacentre panics.

Because sometimes we get stuff like this, even after we work hard to explain what's what:

Hello. Well, we are all aware. But, you must understand us too. The fact that the terminal address is the address of our server. and all abuzy come to our company. For these messages, we have to report to sender. According to the rules, we need to stop the server. Unsubscribe to the sender that these actions were stopped. Yes, and the message data is not very positive impact on the company's reputation in the network.

And so we have two suggestions. Which one you choose is your right.

    1. If you and we do business, let's do this: for every complaint you will pay compensation in the amount of $ 20 (this amount can be specified). In a way the penalty for breaking the rules. In this case, your server will not be stopped when a complaint is received on your server

    2. If you receive another complaint we stop working with you.

We value the reputation of the company, and we will do everything to not The supported the company's reputation at the proper level, and strive to meet the needs of our Clent.

-------------------------
Best regards
StepHost TEAM


Derp.

We choose option two, thanks.

Cheers.
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f

User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: lurk-y Olympics

Postby Pattern_Juggled » Wed Mar 09, 2016 9:49 am

Khariz wrote:When did you get back? I think this is your first post since last fall? Welcome back?


I wasn't gone... I just felt really, really lurk-y this winter.

Heh. :ugeek:

Cheers,
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


Khariz
Posts: 161
Joined: Sun Jan 17, 2016 7:48 am

Re: From the datacentre perspective: cartel spambot extortion

Postby Khariz » Wed Mar 09, 2016 10:13 am

Well, I for one am glad you are back. I missed all of the information and witty repartee that you provide. Welcome back, indeed.


LoveTheStorm
Posts: 22
Joined: Fri Feb 26, 2016 1:10 am

Re: From the datacentre perspective: cartel spambot extortion

Postby LoveTheStorm » Fri Mar 11, 2016 3:54 am

Pattern_Juggled wrote:Because sometimes we get stuff like this, even after we work hard to explain what's what:

Hello. Well, we are all aware. But, you must understand us too. The fact that the terminal address is the address of our server. and all abuzy come to our company. For these messages, we have to report to sender. According to the rules, we need to stop the server. Unsubscribe to the sender that these actions were stopped. Yes, and the message data is not very positive impact on the company's reputation in the network.

And so we have two suggestions. Which one you choose is your right.

    1. If you and we do business, let's do this: for every complaint you will pay compensation in the amount of $ 20 (this amount can be specified). In a way the penalty for breaking the rules. In this case, your server will not be stopped when a complaint is received on your server

    2. If you receive another complaint we stop working with you.

We value the reputation of the company, and we will do everything to not The supported the company's reputation at the proper level, and strive to meet the needs of our Clent.

-------------------------
Best regards
StepHost TEAM


Derp.

We choose option two, thanks.

Cheers.


LOL 20$ every compliant, probably they are drunk..

Well done PJ and thanks for the clear reply ;)

User avatar

marzametal
Posts: 504
Joined: Mon Aug 05, 2013 11:39 am

Re: From the datacentre perspective: cartel spambot extortion

Postby marzametal » Fri Mar 11, 2016 12:05 pm

Welcome back PJ...

Lurky lurky, huh? Much like Rambo in First Blood, covered in mud, stuck to a small cliff-face... eyes open, and BANG. pwned!!!

User avatar

Topic Author
Pattern_Juggled
Posts: 1492
Joined: Sun Dec 16, 2012 6:34 am
Contact:

Re: Do It Nao!

Postby Pattern_Juggled » Fri Mar 18, 2016 6:41 am

marzametal wrote:Lurky lurky, huh? Much like Rambo in First Blood, covered in mud, stuck to a small cliff-face... eyes open, and BANG. pwned!!!

hqdefault.jpg
hqdefault.jpg (7.56 KiB) Viewed 8832 times



No no... nothing like that, not at all!

(but they did draw first blood!!!11! :twisted: )

IMG_2639.JPG



...'twas more like this, of course!

630x341px-80d7a86b_predator06.jpeg


:mrgreen:

Cheers
...just a scatterbrained network topologist & crypto systems architect……… ҉҉҉

    ✨ ✨ ✨
pj@ðëëþ.bekeybase pgpmit pgpðørkßöt-on-consolegit 'er github
bitmessage:
BM-NBBqTcefbdgjCyQpAKFGKw9udBZzDr7f


Return to “general chat, suggestions, industry news”

Who is online

Users browsing this forum: Boorbun21 and 19 guests

Login