[148616] in North American Network Operators' Group
Re: US DOJ victim letter
daemon@ATHENA.MIT.EDU (ML)
Thu Jan 19 16:06:41 2012
Date: Thu, 19 Jan 2012 16:05:49 -0500
From: ML <ml@kenweb.org>
To: nanog@nanog.org
In-Reply-To: <4F1884B1.5020200@doit.wisc.edu>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 01/19/2012 04:01 PM, Michael Hare wrote:
> AS2381 has also received them, we are no further along in this than you
> are.
>
> On 1/19/2012 2:59 PM, Jay Hennigan wrote:
>> We have received three emails from the US Department of Justice Victim
>> Notification System to our ARIN POC address advising us that we may be
>> the victim of a crime. Headers look legit.
>>
>> We have been frustrated in trying to follow the rabbit hole to get any
>> useful information. we've jumped through hoops to get passwords that
>> don't work and attempted to navigate a voice-mail system that resembles
>> the "twisty maze of passages all different" from an old text adventure
>> game.
>>
>> This *seems* to be legit, and I would think that the end result is
>> likely to be a list of IP addresses associated with infected hosts.
>>
>> Has anyone else received the email? Is it legit? If so has anyone
>> successfully navigated the maze, and if so how? Is it worth it?
>>
>> (And why don't they just send the list of infected IPs to the ARIN
>> contact in the first place?)
>>
>> --
>> Jay Hennigan - CCIE #7880 - Network Engineering - jay@impulse.net
>> Impulse Internet Service - http://www.impulse.net/
>> Your local telephone and internet company - 805 884-6323 - WB6RDV
>>
>
If it's related to the same emails I've received from the DOJ over the
past 3 days:
It's related to a case against a few Estonians involved with DNSChanger
malware.
www.fbi.gov/news/stories/2011/november/malware_110911
