Complaint Review: Brad - Internet

I am X-Spamhaus member who was responsible to create networks database of the service providers and LIRs. Rob Schultz, Thomas Morrison and Steve Linford have hacked almost every LIR emails and their web based billing system. Steve Linford analyse the hacked data and SBL the ip with reason "snowshoe range" When following statement is used for SBL it means ip space owner accounts are hacked.

"Based on research, analysis of network records, our own intelligence sources and our experience, Spamhaus

believes that this IP address range is being used or is about to be used for the purpose of high volume spam

emission. As a precaution we are listing this range in an SBL Advisory until we are able to determine with certainty exactly who is operating these domains/hosts/servers and also verify the opt-in permission status and origin of whatever lists are used for those mailings."

Here research, analysis of network records and our own intelligence source and our experience means we as

spamhaus has hacked your online billing system and email accounts. We as spamhaus thinks you are going to spam so we are going to SBL your ip without any Spamhaus listed the ip on their assumption that ip space

will be used for spamming. Most of the time we as spamhaus was wrong. We immediately removed the SBL on call from the police.

My work process at Spamhaus.

1. Monitor network announcement on these sites

http://bgp.potaroo.net/index-bgp.html

http://www.cidr-report.org/as2.0/

http://www.cidr-report.org/as2.0/addwdl-prefixes.txt

2. Make database of the network announced and mark suspected networks

announcements.

3. Make list of ip whois, ASN whois and verify if ip space is announced in the different

region then put flag on it and review it after one week.

4. After one week check the reverse dns and ptr record of the announced ip space. If

domain

name used in reverse dns record, dns server or ptr is newly registered then SBL the

block without any proof.

5. Make whois report of the ips. Check if swip exists and if swip do not exist then list

the announced network. Sometimes when single ip found spamming from /21 then

entire block is SBL.

6. Enquire from fake gmail or aol account if hosting provider is active or lease ip

address. If hosting provider do not have online billing system to hack then ask for the

process of ordering services online . If ISP provide the link to the billing system then

hack the Billing system and find who has purchased the services associated to the ip.

7. Make list of suspected ip owner and send them inquiry about leasing ip space from

fake gmail and aol accounts. If hosting provider reply then ask for the available ranges.

If hosting company reply with ip ranges SBL the entire range after 2 weeks.

8. If hacking of the onilne system do not helps then hack the email id of the ip space

owner and monitor smpt and pop port of the email. The software used by spamhaus is

purchased from a firm in the Germany Gamma International GmbH

http://www.finfisher.com/

which allowed us to read the unencrypted and encrypted emails in clear text.

9. Sometimes we installed trojan, backdoor and spyware in the servers of some

mailing companies like Telic, experian, adconion. Finfisher allow us to do lot of things

remotely. You can read about this software at http://surveillance.rsf.org/en/gammainternational/

10. Sometimes ip are SBL just on the tips sent to [email protected]

11. Spamhasu.org book fake domains and email id on yahoo, aol, hotmail networks

then check

the email accounts periodically. If any spam arrives then forward it to the team for SBL.

Spamhaus.org hacked almost every single Maawg members email and competitors like

Cloudmark,

database and emails.

Spamhaus is now getting into CERTS and using their infrastructure to hack and monitor

the portal

Spamhaus is spying CERTS similar to http://whatreallyhappened.com/WRHARTICLES

/spyring.php

Please report the activities of these criminals and expose them.