New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Aurologic accused of being a major actor in enabling cybercrime
This discussion has been closed.
Comments
Sure: https://x.com/lawrence_sec
Afaik, aurologic is mentioned in so called “notorious markets” dmca annual report. Also, beloved Krebs has mentioned them.
Thanks for the "flowers"
I held myself back because the context is quite hypothetical and not easily understandable without specific intelligence, rather it's a guarantee that people having less insight understand it wrong. Same issue here with the repeatedly named "Correctiv" article, adapting the context to their needs - while being now stripped any further to drive a marketing related article. However, it's a matter of view if you see a picture in black and white or color.
Regarding those speculations: complaints to our abuse desk are quite low, while our actions are in line with what other ISPs would do. If a legal request from authorities reaches us, it's being processed normally.
In most cases, aurologic acts as a transit operator - typically due to DDoS-Protection - while not storing any customer data on our infrastructure / at our points of presence. The fact that certain networks are being single homed behind us, is exactly the same.
btw "Joseph Hofmann trading as 'Tornado Datacenter GmbH" is hosting a ponzi scheme's fake BBC clone
https://104.194.144.161 (links to the below)
https://ai-wealth-grid.com
Did you report to Cloudzy? They don't seem like the type to ignore the reports.
Not our equipment there nor are we dealing with the abuse complaints, but:
nyan:~$ whois 104.194.144.161 |grep abuse
OrgAbuseName: abuse
OrgAbuseEmail: [email protected]
OrgTechName: abuse
OrgTechEmail: [email protected]
I did but I have a feeling the choice to host the BBC clone on another host was exactly because Cloudzy wouldn't let it fly, the main website doesn't really have a legitimate reason for suspension (whats illegal about it?)
ah my bad holmes
"Desperate desire" - amazing what you pull out of your ass. I guess in your case AI might actually be useful, so don't turn it off.
@jh_aurologic
How kind of you to respond to those obvious non-report allegations and thinly disguised attack by that propaganda asset. The fact that quite a few providers connect through aurologic tells way more - and more relevant - than the "report" by those low-lifes.
The modern definition of "cybercrime" = they have some Russian customers and don't bribe us enough money. And they don't execute extrajudicial punishments without due process.
The US government is a terrorist organisation but they're not blocked or sanctioned...
Great look for Aurologic having you on their side for sure, really speaks to the quality of their target audience
Thug life!
The core problem here is the following, someone shares such a report, makes allegations while trying to sell their product / service without getting in touch with us. The article mentions that certain downstream ASN spread or have spread malware. Quite strange that we have no serious complaints about that, underlining the issue with legally usable evidence. Thats the point which I meant in the so often stretched Correctiv article ("I can kick everyone out..."), we have no evidence about that, there is no reason to even consider kicking out a customer as long as its the case and it's not assured that the customer itself is even the issue. If thats happening repeatedly, I'd get suspicious and react accordingly, then maybe the customer is the problem here.
However the abuse ticket queue is not much busy, given the over 800 prefixes we have on the network - maybe 2-3 notices per day. That doesnt align with what gets spread on the internet. We had terminated accounts in the past, when they knowingly did evil or tolerated those, thats documented but I guess the information didnt make it's way to certain people.
Some complaints told us (obviously wrongly) that certain downstreams would provide bulletproof hosting, while we know from our intelligence they react on customers doing something questionable and work with authorities. I do think bulletproof describes something different, otherwise whats bulletproof - being protected against DDoS attacks?
Accused is that you’re helping Aeza avoid sanctions
The one you’re bonding with repeatedly minimized Aeza sanctions saying ”what about massivegrid”
https://lowendtalk.com/discussion/comment/4519046/#Comment_4519046
Not a very good look when the only one who agree with you previously defended what you’re accused of doing
What about massivegrid?
It's funny because you don't recognize your hypocrisy.
When you incorrectly use air quotes, you just look stupid. Also, the "someone somehow" is documented.
Right, but what you know and what exists in reality diverged a long time ago. So you disagree about something you admit have limited knowledge about but well researched and documented proof is all just made up because Russia. Your illogical propaganda rants can go fuck off.
He thought the US and the UK was mean towards Russia for not also sanctioning MassiveGrid as he thinks their servers are slow
I have told that in the past already, we dont have an active customer called 'Aeza'. We are upstream carrier, so called operator of public telecommunication networks in Germany. Thats a neutral party and it does not change anything in those regards.
Helping someone avoiding sanctions is a different thing, providing services to a non sanctioned entity who has no direct ties to such while having an ASN for a sanctioned entity within the downstreams, doesnt make you 'avoid' something and is perfectly legal, even if we would be a US company.
If we start that topic, I'd suggest that you check out some Tier-1 networks with who they downstream, you'd be surprised how many of them are actually sanctioned in some country. Yet we dont know the contractual ties.
So Hurricane Electric and Cogent - both US companies - is also helping 'Aeza' to avoid sanctions, who are both upstreams of AS210644, is that what you would like to tell?
So you are saying that you trust your own intelligence (whatever it is) about your downstreams take action swiftly and responsibly, and you trust them over the abuse reports.
It's like a kid breaks your window, you go to their dad and tell what happened, and dad says 'I know my son, he wouldn't do such thing'. So it has little to no credibility.
How come you are so sure that the complaints are obviously wrong when you blindly trust your downstreams?
You do know what bulletproof describes, but I will try to explain in Layman's term:
When your downstream hosts a client that has questionable content, and when that downstream gets an abuse complaint, they make it so difficult that no action is taken on that abuse report.
Let's give an example, If I find my copyrighted material hosted on a Russian based company which happens to be your downstream, naturally, I will file an abuse report. That Russian based company then doesn't like this abuse report and say 'they can't do anything without a police report'.
There is 2 options: 1-) File a police report / go to court in Russia 2-) Get an order from police of wherever you are living and deliver it to Russian authorities.
As you can see chances of these things happening is slim to none, Russia will most likely won't give a single flying f... about a court order from Western countries.
In the end, your Russian downstream client follows police reports only if it comes from proper sources, and like I explained above, is so slim.
Third option here is going to upstream and getting in touch with them directly. Just like, if an illegal site is hidden behind CloudFlare, and you deliver any court order to CloudFlare and they give you client's info.
Where aurologic comes into play is, if someone delivers a complaint to you about your Russian downstream client, you simply say 'I trust my intelligence, they deal with abuse reports swiftly'. And walk away.
That is what bulletproof hosting is.
>
I didnt say that and our abuse complaint specific processes are quite different from what you are telling here. That doesnt mean we 'blindly' trust someone.
You said you trust your intelligence, whatever that means.
I'm unable to disclose publically which tools we have to identify certain behavior on our network in relation to abuse complaints. You can sign a employment contract coupled with an NDA, then we can talk about that, not before.
Ah okay, sorry then. Signing NDA scares me a lot so...
Do you have any tooling to act proactively on ToS/AUP violations? If so, do they apply only to customers using IPs under aurologic ASN or downstreams too?
I hope no NDA needed to answer these questions 😅
You are such a big guy talking about employees, NDA... your ego is so big that you are unable to SHUT UP and accept the fact that you have PLENTY of criminals as customers, and are fine with being an enabler for them as long as they bring money.
That is a matter which is not really up for discussion for anyone who has a clue and not an agenda, everyone can see the amount of crap which is hosted in your network and downstreams - you obviously are well aware, and it is insulting to tell us the opposite.
I haven’t seen a single carrier with such tooling - and for good reason. Under German law, network operators are strictly prohibited from inspecting or analyzing the content of customer communications. According to applicable law (TKG), any interception or inspection of customer data traffic would constitute a criminal offense.
Furthermore, the EU ePrivacy Directive guarantees the confidentiality of communications, and the GDPR limits data processing to what is necessary for service provision.
In practice, it’s technically impossible to correlate content-level behavior at scale due to widespread encryption (TLS, VPNs, HTTPS), which protects communication end-to-end. Carriers operate on Layer 3 and 4 only - not in content inspection - and that’s both a legal and technical boundary.
Authorities are legally allowed by court order - or specific law like G-10 law to tap communications. Still the hurdle are present, to avoid abusive usage. A carrier should be the least interested in doing such.
You could've just said no, I am not a lawyer 🫠
Such as Kiwi Farms, whose IP range you hijacked back in 2023 to prevent it from routing?
https://web.archive.org/web/20230925054349/https://bgpstream.crosswork.cisco.com/event/306886
https://urlscan.io/result/b7e376d7-d518-41ce-916f-4a642bf9e1f8/
I see mean words are too much for an emperor of cybercrime kingdom. Bulletproof hosting with phishing pages and malware is totally fine, but don't you dare say anything mean.
I would be totally fine with your defense of "being neutral" and only acting on police reports, but its simply not the case. You have double standards.
We didnt "hijack" any ip ranges, thats a crime. Feel free to send us a proper abuse complaint if you are having the impression, something unlawful is happening on our network.
Is BGP data lying? Your downstream was also not informed of this decision, he found out when stuff broke.
The prefix was announced under your ASN, AS30823