[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Cogent & FDCServers: Knowingly aiding and abetting fraud and theft?

Important realization: Things donâ??t always work there like they work here (wherever â??hereâ?? is for you).


> On Sep 6, 2019, at 6:57 AM, Carlos Friaças via NANOG <nanog at nanog.org> wrote:
> Hi,
> (Also never been in Australia, unfortunately...)
> Netname is "PMANET":
> ...isn't it OK to assume it could stand for "Port of Melbourne Authority Network"?
> * pma.vic.gov.au is not operational
> (i wonder what can be found with passive dns)
> * vic.gov.au is still operational.
> Quick googling also allowed me to find this:
> https://www.portofmelbourne.com/about-us/port-history/timeline/
> "1996    Melbourne Port Corporation established as successor to Port of
> Melbourne Authority."
> Regards,
> Carlos
>> On Fri, 6 Sep 2019, Mel Beckman wrote:
>> A quick check of one of your facts produces unexpected results, so you might want to perform more research. According the APNIC,
>>  does not ?belong unambiguously to the Port Authority of Melbourne?. It belongs to an individual, with an office address
>> at a building called ?Port Authority of Melbourne?:
>> person:
>> Rob Shute
>> address:
>> Port of Melbourne Authority
>> Level 47 South
>> 525 Collins St
>> country:
>> AU
>> phone:
>> +61 3 9628 7613
>> e-mail:
>> djk at pma.vic.gov.au
>> nic-hdl:
>> RS54-AP
>> remarks:
>> ----------
>> remarks:
>> imported from ARIN object:
>> remarks:
>> remarks:
>> poc-handle: RS546-ARIN
>> remarks:
>> is-role: N
>> remarks:
>> last-name: Shute
>> remarks:
>> first-name: Rob
>> remarks:
>> street: Port of Melbourne Authority
>> Level 47 South
>> 525 Collins St
>> remarks:
>> country: AU
>> remarks:
>> mailbox: djk at pma.vic.gov.au
>> remarks:
>> bus-phone: +61 3 9628 7613
>> remarks:
>> reg-date: 1970-01-01
>> remarks:
>> changed: hostmaster at arin.poc 20001127
>> remarks:
>> source: ARIN
>> remarks:
>> remarks:
>> ----------
>> notify:
>> djk at pma.vic.gov.au
>> mnt-by:
>> last-modified:
>> 2008-09-04T07:31:33Z
>> source:
>> The building called the Port Authority of Melbourne is not, by all accounts, a government agency. It?s just the name of a 54-story
>> office building, like the World Trade Center in NYC. In fact, World Trade Centre (Melbourne) is another name for the building, and
>> although it houses the Port of Melbourne Authority agency (on Level 4, not Level 47), it appears to be largely just a toney address
>> for business offices. Some, perhaps, not unlike American ?Mail Boxes Etc? (although I haven?t confirmed this). But the following Wikipedia
>> excerpt says this unambiguously:
>> The building currently houses some offices of the headquarters of Victoria Police, and the Victoria Police Museum , a collection of
>> exhibits and memorabilia from over 150 years of policing in Victoria.[3] It also houses offices for companies, including Thales
>> Australia.
>> https://en.m.wikipedia.org/wiki/Port_of_Melbourne_Authority
>> Now, I?m not an Ossie, and in fact have never been down under, but it seems likely that the address in the registration is akin to a
>> US business having a World Trade Center address in NYC. It means nothing as far as APNIC asset ownership is concerned. It?s just an
>> address.
>> I could be wrong. However, it seems a simple fact to verify by calling management at that building. I tried sending email to the
>> registered ?.gov.au? address:
>> djk at pma.vic.gov.au
>> But the domain does not exist. 
>>  -mel beckman
>> On Sep 6, 2019, at 1:30 AM, Ronald F. Guilmette <rfg at tristatelogic.com> wrote:
>>      Few of you here probably know about this, but nearly a week ago now
>>      an article appeared in South Africa's largest and most popular online
>>      tech publication, MyBroadband.co.za.  It detailed many, but certainly not
>>      all of the results of my multi-month investigation of a massive and
>>      ongoing fraud involving the theft of large numbers of large (generally
>>      /16 or larger) abandoned legacy blocks, taken from the AFRINIC region
>>      and beyond:
>> https://mybroadband.co.za/news/internet/318205-the-big-south-african-ip-address-heist-how-millions-are-made-on-the-grey-market.html
>>      For various editorial reasons, the article that was published actually
>>      downplayed the magnitude of the of the thefts quite dramatically.  The
>>      totality of the IPv4 space that has been stolen or squatted, primarily
>>      but not exclusively, from South African companies and South African national
>>      goverment agencies and departments is actually at least 5x bigger than what
>>      was reported in the MyBroadband.co.za article.
>>      The overwhelming majority of this stolen and squatted IPv4 space has
>>      been helpfully routed by Cogent (AS174), to their customer, FDCServers
>>      of Chicago, and then on to the prefered destinations of a certain Mr.
>>      Elad Cohen of Israel, and his company Netstyle Atarim, Ltd.  (I have
>>      saved traceroutes up the wazoo that prove the involvement of FDCServers,
>>      in particular, in all of this.)
>>      Mr. Cohen has been exceptionally prolific in his IPv4 theft and squatting
>>      activities, basically grabbing everything that wasn't nailed down, both
>>      within the AFRINIC region and also within the APNIC region.
>>      In order to try to legitimize all of these thefts and squats, Mr. Cohen
>>      created quite a sizable number of fradulent route: objects within the
>>      Merit/RADB data base which, as most here should already know, has
>>      essentially zero authentication of any kind before it allows J. Random
>>      Luser to add pretty much any any route: object he wants to the RADB.
>>      Here's a full listing of all of Mr. Cohen's RADB route: objects as they
>>      existed as recently as August 17th:
>>         https://pastebin.com/raw/ZNgNuvtt
>>      And here is the short summary version showing just all of the prefixes/CIDRs
>>      that Mr. Cohen was effectively claiming rights and/or title to as of that
>>      same date:
>>         https://pastebin.com/raw/4LTaCg5R
>>      Plese do note the numerous blocks of size /16 or greater.
>>      The bottom line is that this one tiny little Israeli company was effectively
>>      claiming rights to a total of no fewer than 1,015,808 IPv4 addresses as of
>>      August 17th, 2019.  (Not too shabby for one lone guy who teaches programming
>>      classes as a side job!) Vitrually all of the space is "legacy" IPv4 space,
>>      and generally consists of blocks having sizes of /16 or larger.
>>      Some of Mr. Cohen claims in his RADB entries are as humorous as they
>>      are pathetically fradulent.  For example, Mr. Cohen has effectively
>>      claimed rights to which unambiguously belongs to the Port
>>      Authority of the City of Melbourne, Australia.  But hell!  That's merely
>>      city property!  Mr. Cohen's limitless appetite for other people's IPv4
>>      space is more vividly on display in his claims to ownerhip over the
>> block, which actually belongs to the Department of Finance
>>      of the Australian national government.  And I haven't even mentioned yet
>>      another of Mr. Cohen volumous IPv4 acqusitions, the block,
>>      which he did not see fit to create an RADB entry for, but which he's
>>      been squatting on for for quite some time now, quite clearly with the
>>      aid and assistance of both Cogent and FDCServers.  That one belongs to
>>      th City of Cape Town, South Africa.  That city's engineers have been
>>      struggling to regain control of their block back from Cogent, from
>>      FDCServers, and from Mr. Cohen for some time now.   I know because I've
>>      personally spoken to them about it.  Cogent, in its infinite wisdom, is
>>      continuing to fight the city for control over property that clearly and
>>      righfully belongs to the City of Cape Town, even as we speak:
>>         https://drive.google.com/file/d/1ytRj1CtuVhDa0eGu4BT-oEz593y5EwJa/view
>>      When asked for LOAs attesting to his legitimate authority to route at
>>      least a few of these blocks, Mr. Cohen has produced blatantly forged
>>      documents, many of which appeared in the MyBroadband.co.za story.  And
>>      when I say "blatant" that's a gross understatement.  Any half-way decent
>>      forger would consider these documents an embarrasment.  The documents all
>>      bear identical signatures, and identical and vaguely official looking
>>      stamps, and purport to actually be sales reciepts attesting to the
>>      alleged purchases, by Mr. Cohen's offshore Seychelles Islands shell
>>      company, Afri Holdings, Ltd., of various /16 blocks from a mysterious
>>      company called Afrivestment, Ltd., which may actually exist in some
>>      faraway galaxy, or in Mr. Cohen's active imagination, but which both
>>      Google and OpenCorporates.com seem to agree exists exactly noplace on
>>      this planet.  Here are the manufactured LOAs supplied by Mr. Cohen:
>>         https://drive.google.com/file/d/1hVjmR6u0ANltuXtZ-Kng8io-EGFyevTR/view
>>         https://drive.google.com/file/d/1x_44_H5hkcFLhEwpkwfFoR5PJUyXHzxJ/view
>>         https://drive.google.com/file/d/1yQyqn4q_f3bt-wDVoN1FzbXf1k58DXtK/view
>>      Recently, Cohen started to move some, but not all, of his stolen and squatted
>>      IPv4 blocks off of Cogent/FDCServers and onto a friendly little bullet-proof
>>      hosting company in the Netherlands named IP Volume, Inc. (AS202425) and/or
>>      to its several sister networks, e.g. AS204655 - Novogara Ltd., all of which,
>>      coincidently, just happen to be owned by the exact same pair of Dutch
>>      gentlemen who previously owned the notorious Ecatel, follwed by the notorious
>>      Quasi Networks.  (IP Volume, Inc. appears to have intherited all or nearly
>>      all of its legitimately assigned IP space from its predecessor entities,
>>      Ecatel and Quasi Networks.)
>>      Despite these relocations, many of Mr. Cohen's stolen and squatted blocks
>>      are still helpfully being routed to Mr. Cohen's preferred desitnations by
>>      his good friends at Cogent and FDCServers, even as we speak.  The current
>>      set of such routes that Cogent is maintaining, at the moment, apparently on
>>      behalf of their customer, Mr. Cohen, consists of the prefixes listed here:
>>         https://pastebin.com/raw/EA3xJVLF
>>      When I noticed two days ago that all of these routes were still up I was
>>      deeply confused.  Did both Cogent and FDCServrs not get the memo??  Do
>>      they not know yet that Cohen is stealing stuff, left, right, and sideways?
>>      Did nobody even tell them about the MyBroadband.co.za article which was
>>      published this past Sunday?  I decided that it was incumbant upon me to
>>      find out.
>>      Thus, more that 48 hours ago now I sent the following polite but firm
>>      inquiry to Cogent, and a separate nearly identical one directly to the
>>      CEO of FDCServers, Mr. Petr Kral (petr(at)fdcservers.net).
>>         https://pastebin.com/raw/ztipqE96
>>      A full forty eight hours later, I have received no reply whatsoever from
>>      either Cogent or FDCServers, not even a "Go pound sand" type of response.
>>      More importantly, most of the stolen IPv4 space that I called out, very
>>      specifically, to both Cogent and FDCservers two+ days ago now is still
>>      being routed by Cogent/FDCservers to their fun-loving and, I'm sure,
>>      promptly paying customer, Mr. Cohen.  If neither Cogent nor FDCServers
>>      still do not know now that Mr. Cohen is a crook, and that he has glommed
>>      onto quite a lot of stolen and squatted IPv4 space... which they have
>>      been helpfully routing for him, no doubt in exchange for some handsome
>>      payments... then I am foreced to say that it appears to be a reasonable
>>      conclusion that it must be because neither Cogent nor FDCServers really
>>      wants to know what sort of a character Cohen is, or what he has been up
>>      to, specifically with their ongoing and material assistance.
>>      But you all be the judges.  What does it look like to you?
>>      Regards,
>>      rfg