[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cogent & FDCServers: Knowingly aiding and abetting fraud and theft?

Hi,

(Also never been in Australia, unfortunately...)

Netname is "PMANET":
...isn't it OK to assume it could stand for "Port of Melbourne Authority 
Network"?

* pma.vic.gov.au is not operational
(i wonder what can be found with passive dns)

* vic.gov.au is still operational.


Quick googling also allowed me to find this:

https://www.portofmelbourne.com/about-us/port-history/timeline/

"1996	Melbourne Port Corporation established as successor to Port of
Melbourne Authority."


Regards,
Carlos



On Fri, 6 Sep 2019, Mel Beckman wrote:

> A quick check of one of your facts produces unexpected results, so you might want to perform more research. According the APNIC,
> 139.44.0.0/16  does not ?belong unambiguously to the Port Authority of Melbourne?. It belongs to an individual, with an office address
> at a building called ?Port Authority of Melbourne?:
> person:
> Rob Shute
> 
> address:
> Port of Melbourne Authority
> Level 47 South
> 525 Collins St
> 
> country:
> AU
> phone:
> +61 3 9628 7613
> e-mail:
> djk at pma.vic.gov.au
> nic-hdl:
> RS54-AP
> remarks:
> ----------
> remarks:
> imported from ARIN object:
> remarks:
> remarks:
> poc-handle: RS546-ARIN
> remarks:
> is-role: N
> remarks:
> last-name: Shute
> remarks:
> first-name: Rob
> remarks:
> street: Port of Melbourne Authority
> Level 47 South
> 525 Collins St
> remarks:
> country: AU
> remarks:
> mailbox: djk at pma.vic.gov.au
> remarks:
> bus-phone: +61 3 9628 7613
> remarks:
> reg-date: 1970-01-01
> remarks:
> changed: hostmaster at arin.poc 20001127
> remarks:
> source: ARIN
> remarks:
> remarks:
> ----------
> notify:
> djk at pma.vic.gov.au
> mnt-by:
> MNT-ERX-PRTMELAUTH-NON-AU
> last-modified:
> 2008-09-04T07:31:33Z
> source:
> APNIC
> The building called the Port Authority of Melbourne is not, by all accounts, a government agency. It?s just the name of a 54-story
> office building, like the World Trade Center in NYC. In fact, World Trade Centre (Melbourne) is another name for the building, and
> although it houses the Port of Melbourne Authority agency (on Level 4, not Level 47), it appears to be largely just a toney address
> for business offices. Some, perhaps, not unlike American ?Mail Boxes Etc? (although I haven?t confirmed this). But the following Wikipedia
> excerpt says this unambiguously:
> 
> The building currently houses some offices of the headquarters of Victoria Police, and the Victoria Police Museum , a collection of
> exhibits and memorabilia from over 150 years of policing in Victoria.[3] It also houses offices for companies, including Thales
> Australia.
> 
> https://en.m.wikipedia.org/wiki/Port_of_Melbourne_Authority
> 
> Now, I?m not an Ossie, and in fact have never been down under, but it seems likely that the address in the registration is akin to a
> US business having a World Trade Center address in NYC. It means nothing as far as APNIC asset ownership is concerned. It?s just an
> address.
> 
> I could be wrong. However, it seems a simple fact to verify by calling management at that building. I tried sending email to the
> registered ?.gov.au? address:
> 
> djk at pma.vic.gov.au
> 
> But the domain does not exist. 
> 
>  -mel beckman
> 
> On Sep 6, 2019, at 1:30 AM, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
>
>       Few of you here probably know about this, but nearly a week ago now
>       an article appeared in South Africa's largest and most popular online
>       tech publication, MyBroadband.co.za.  It detailed many, but certainly not
>       all of the results of my multi-month investigation of a massive and
>       ongoing fraud involving the theft of large numbers of large (generally
>       /16 or larger) abandoned legacy blocks, taken from the AFRINIC region
>       and beyond:
> 
> https://mybroadband.co.za/news/internet/318205-the-big-south-african-ip-address-heist-how-millions-are-made-on-the-grey-market.html
> 
>
>       For various editorial reasons, the article that was published actually
>       downplayed the magnitude of the of the thefts quite dramatically.  The
>       totality of the IPv4 space that has been stolen or squatted, primarily
>       but not exclusively, from South African companies and South African national
>       goverment agencies and departments is actually at least 5x bigger than what
>       was reported in the MyBroadband.co.za article.
>
>       The overwhelming majority of this stolen and squatted IPv4 space has
>       been helpfully routed by Cogent (AS174), to their customer, FDCServers
>       of Chicago, and then on to the prefered destinations of a certain Mr.
>       Elad Cohen of Israel, and his company Netstyle Atarim, Ltd.  (I have
>       saved traceroutes up the wazoo that prove the involvement of FDCServers,
>       in particular, in all of this.)
>
>       Mr. Cohen has been exceptionally prolific in his IPv4 theft and squatting
>       activities, basically grabbing everything that wasn't nailed down, both
>       within the AFRINIC region and also within the APNIC region.
>
>       In order to try to legitimize all of these thefts and squats, Mr. Cohen
>       created quite a sizable number of fradulent route: objects within the
>       Merit/RADB data base which, as most here should already know, has
>       essentially zero authentication of any kind before it allows J. Random
>       Luser to add pretty much any any route: object he wants to the RADB.
>
>       Here's a full listing of all of Mr. Cohen's RADB route: objects as they
>       existed as recently as August 17th:
>
>          https://pastebin.com/raw/ZNgNuvtt
>
>       And here is the short summary version showing just all of the prefixes/CIDRs
>       that Mr. Cohen was effectively claiming rights and/or title to as of that
>       same date:
>
>          https://pastebin.com/raw/4LTaCg5R
>
>       Plese do note the numerous blocks of size /16 or greater.
>
>       The bottom line is that this one tiny little Israeli company was effectively
>       claiming rights to a total of no fewer than 1,015,808 IPv4 addresses as of
>       August 17th, 2019.  (Not too shabby for one lone guy who teaches programming
>       classes as a side job!) Vitrually all of the space is "legacy" IPv4 space,
>       and generally consists of blocks having sizes of /16 or larger.
>
>       Some of Mr. Cohen claims in his RADB entries are as humorous as they
>       are pathetically fradulent.  For example, Mr. Cohen has effectively
>       claimed rights to 139.44.0.0/16 which unambiguously belongs to the Port
>       Authority of the City of Melbourne, Australia.  But hell!  That's merely
>       city property!  Mr. Cohen's limitless appetite for other people's IPv4
>       space is more vividly on display in his claims to ownerhip over the
>       168.198.0.0/16 block, which actually belongs to the Department of Finance
>       of the Australian national government.  And I haven't even mentioned yet
>       another of Mr. Cohen volumous IPv4 acqusitions, the 165.25.0.0/16 block,
>       which he did not see fit to create an RADB entry for, but which he's
>       been squatting on for for quite some time now, quite clearly with the
>       aid and assistance of both Cogent and FDCServers.  That one belongs to
>       th City of Cape Town, South Africa.  That city's engineers have been
>       struggling to regain control of their block back from Cogent, from
>       FDCServers, and from Mr. Cohen for some time now.   I know because I've
>       personally spoken to them about it.  Cogent, in its infinite wisdom, is
>       continuing to fight the city for control over property that clearly and
>       righfully belongs to the City of Cape Town, even as we speak:
>
>          https://drive.google.com/file/d/1ytRj1CtuVhDa0eGu4BT-oEz593y5EwJa/view
>
>       When asked for LOAs attesting to his legitimate authority to route at
>       least a few of these blocks, Mr. Cohen has produced blatantly forged
>       documents, many of which appeared in the MyBroadband.co.za story.  And
>       when I say "blatant" that's a gross understatement.  Any half-way decent
>       forger would consider these documents an embarrasment.  The documents all
>       bear identical signatures, and identical and vaguely official looking
>       stamps, and purport to actually be sales reciepts attesting to the
>       alleged purchases, by Mr. Cohen's offshore Seychelles Islands shell
>       company, Afri Holdings, Ltd., of various /16 blocks from a mysterious
>       company called Afrivestment, Ltd., which may actually exist in some
>       faraway galaxy, or in Mr. Cohen's active imagination, but which both
>       Google and OpenCorporates.com seem to agree exists exactly noplace on
>       this planet.  Here are the manufactured LOAs supplied by Mr. Cohen:
>
>          https://drive.google.com/file/d/1hVjmR6u0ANltuXtZ-Kng8io-EGFyevTR/view
>          https://drive.google.com/file/d/1x_44_H5hkcFLhEwpkwfFoR5PJUyXHzxJ/view
>          https://drive.google.com/file/d/1yQyqn4q_f3bt-wDVoN1FzbXf1k58DXtK/view
>
>       Recently, Cohen started to move some, but not all, of his stolen and squatted
>       IPv4 blocks off of Cogent/FDCServers and onto a friendly little bullet-proof
>       hosting company in the Netherlands named IP Volume, Inc. (AS202425) and/or
>       to its several sister networks, e.g. AS204655 - Novogara Ltd., all of which,
>       coincidently, just happen to be owned by the exact same pair of Dutch
>       gentlemen who previously owned the notorious Ecatel, follwed by the notorious
>       Quasi Networks.  (IP Volume, Inc. appears to have intherited all or nearly
>       all of its legitimately assigned IP space from its predecessor entities,
>       Ecatel and Quasi Networks.)
>
>       Despite these relocations, many of Mr. Cohen's stolen and squatted blocks
>       are still helpfully being routed to Mr. Cohen's preferred desitnations by
>       his good friends at Cogent and FDCServers, even as we speak.  The current
>       set of such routes that Cogent is maintaining, at the moment, apparently on
>       behalf of their customer, Mr. Cohen, consists of the prefixes listed here:
>
>          https://pastebin.com/raw/EA3xJVLF
>
>       When I noticed two days ago that all of these routes were still up I was
>       deeply confused.  Did both Cogent and FDCServrs not get the memo??  Do
>       they not know yet that Cohen is stealing stuff, left, right, and sideways?
>       Did nobody even tell them about the MyBroadband.co.za article which was
>       published this past Sunday?  I decided that it was incumbant upon me to
>       find out.
>
>       Thus, more that 48 hours ago now I sent the following polite but firm
>       inquiry to Cogent, and a separate nearly identical one directly to the
>       CEO of FDCServers, Mr. Petr Kral (petr(at)fdcservers.net).
>
>          https://pastebin.com/raw/ztipqE96
>
>       A full forty eight hours later, I have received no reply whatsoever from
>       either Cogent or FDCServers, not even a "Go pound sand" type of response.
>
>       More importantly, most of the stolen IPv4 space that I called out, very
>       specifically, to both Cogent and FDCservers two+ days ago now is still
>       being routed by Cogent/FDCservers to their fun-loving and, I'm sure,
>       promptly paying customer, Mr. Cohen.  If neither Cogent nor FDCServers
>       still do not know now that Mr. Cohen is a crook, and that he has glommed
>       onto quite a lot of stolen and squatted IPv4 space... which they have
>       been helpfully routing for him, no doubt in exchange for some handsome
>       payments... then I am foreced to say that it appears to be a reasonable
>       conclusion that it must be because neither Cogent nor FDCServers really
>       wants to know what sort of a character Cohen is, or what he has been up
>       to, specifically with their ongoing and material assistance.
>
>       But you all be the judges.  What does it look like to you?
> 
>
>       Regards,
>       rfg
> 
> 
>