New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Aurologic accused of being a major actor in enabling cybercrime
This discussion has been closed.
Comments
@OpaqueRegistrant You don’t have to inspect traffic to decide that you don’t want to host sanctioned affiliated companies awaiting (criminal?) trials. You’re making something complex whereas its really not.
According to Aurologic, they consider all aspects and realize that they are still safe from risks. They have not experienced massive abuses with evidence of malicious activity. Everyone now knows that any internet service is a high-risk field. For example, if we removed SMS verification for clients, we would increase the volume of various abuses several times on our network.
Someone uses full KYC to prevent malicious registration.
Each business needs to find its own solution.
I agree. And just like they can choose to take on higher risks clients with a very questionable history, I can choose to spread awareness of this and make potential clients aware of this. Right? Not sure we’re in disagreement here?
That's why I am against activism. Because in real life, if you share information about an individual, you need solid evidence to prove the authenticity of that information before you make it public. Otherwise, you run the risk of being labeled as a part of a harassment or defamation network.
There are many legal ways to punish criminal businesses.
It’s just the free market. Do business with what people believe to be shady entities, suffer the consequences of the market. Free will and all.
who is a crazy activist?
It's rather alarming how fast certain service providers being stamped as bulletproof and how bad certain blacklists operate.
Some recent example:
a) An /22 on AS30823 was blacklisted because a /24 within the same range shared a netname previously used by a former customer. The prefix was part of a so-called “escalation” in the US, triggered by a well-known provider not responding promptly to an abuse report.
Although there was no actual abuse originating from our network, the entire /22 was added to an RBL without justification, causing unnecessary impact to some of our customers.
b) Some person contacted us regarding a downstream ASN, claiming it to be “bulletproof” because it has around 1,200 IPs and a history of alleged abuse incidents. However, the referenced abuse dates back to a time when this ASN did not even exist - it appears the previous owner simply forgot to clean up old reputation data before reassigning it to our current downstream.
In his view, the downstream is considered “bulletproof” merely because it has no public website. When asked for details, the request to depeer this downstream was based on roughly 10 allegedly abusive IPs over the course of several months. No concrete evidence was provided, and the complaint itself originated from an email address using the domain *@nigge.rs, containing clearly fake details. Up on asking about previous contact attempts with the downstream, no answer was given.
If one chooses to terminate business relationships based on such unverified and dubious complaints, they should reconsider operating a public telecommunications network.
They can, but they're not legally required to do so, at least not until there's an actual legal procedure. This isn't like banking where you have to verify what your clients ate for breakfast this morning or else your banking license gets revoked.
Some businesses choose to fire their customers so they can save money on compliance and customer support. Other businesses choose to accept more customers so they can have more customers. Both are allowed. Actually the latter is more legal than the former, since you might be able to sue them for denying service in a discriminatory way.
I never said they’re legally required to. They’re as free to choose who they’re doing business with as I’m free having opinions about it and as rhe next guy is free not to use them because of it. One might even use them because of it.
FWIW that's a real email domain of... the one that starts with a C. I'm exercising my free market right not to give them publicity by naming them.
Nobody with serious motivations uses their services. Their users should be considered similarly to 4chan or KF users: they are not concerned about, they are just trying to cause havoc for shits and giggles. They'd get everyone depeered from everyone if they could.
But apparently, by not taking a shitpost from a KF troll seriously, you're a "bulletproof hoster" and "evading sanctions" huh.
Fair points about RBL accuracy and bad faith reporters. Nobody's arguing that every blacklist is perfect or that all abuse complaints are legitimate. There are definitely issues with how some blocklists operate, and dealing with low-quality reports from dubious sources is a real problem in the hosting industry.
But let's be honest about what we're actually discussing here. The Insikt Group report isn't some random person with a @nigge.rs email making unsubstantiated claims. It's a detailed intelligence report from Recorded Future with specific ASNs, routing data, malware families, C2 infrastructure, and validated indicators. They're not saying "this looks suspicious" - they're documenting patterns of actual malicious activity with technical evidence.
The issue isn't one or two downstream customers with questionable reputations. It's that your network has become a common upstream provider for a statistically significant concentration of networks associated with malicious infrastructure. When multiple TAEs, including a sanctioned entity like Aeza International, route substantial portions of their traffic through AS30823, that's not a blacklist accuracy problem. That's a pattern.
You're right that having no public website shouldn't automatically make someone "bulletproof." But when a downstream announces only two /24 prefixes and consistently ranks among the highest concentrations of validated malicious infrastructure globally, hosts C2 servers for multiple malware families, and operates under a company registration that doesn't match its actual operations, the lack of a website is just one data point among many.
The question isn't whether some abuse reports are garbage. They clearly are. The question is what you do when credible security researchers with actual evidence identify your infrastructure as a central hub for threat activity enablers. Dismissing that as "being stamped as bulletproof" misses the point entirely.
Yes, telecommunications neutrality is important. But neutrality doesn't mean treating a detailed intelligence report from a reputable security firm the same way you'd treat a complaint from an obvious troll. There's a middle ground between "terminate everyone based on unverified complaints" and "wait for law enforcement to force our hand." That middle ground is where most responsible upstream providers operate.
In my eyes, Aurologic is just taking advantage of a legal loophole that needs to get corrected.
If the DDG were to be reworded even just slightly, as to word it in such a way as to where it catches Aurologic in the bucket, this conversation would be a very different story/explanation/set of excuses, from Aurologic's side.
The RBL in that case is called Spamhaus, hasnt been the first time this is happening.
Sure, Spamhaus can be overly aggressive sometimes. The /22 listing based on a shared netname is a legitimate example of their methodology being too broad.
But the Recorded Future report isn't a Spamhaus listing. It's detailed threat intelligence with routing data, specific malware families, validated C2 infrastructure, and documented connections to sanctioned entities. You can disagree with Spamhaus's methods all day, but that doesn't address the substantive findings in the Insikt Group research.
Pointing to problems with one blocklist doesn't refute the pattern documented across multiple independent security researchers and intelligence sources. These are different issues.
That's what I call people who use harassment against a particular person or company. And they do it because of their personal opinion, or because someone else thinks the same way, without any real evidence.
I should ignore this because “my house is last on the street”?
You may ignore or not ignore. That's completely up to you. I do not attempt to teach you or anyone else, because human history shows perfectly that this is useless. Instead, I just try to show the position of other people: those who want to live in an environment where only two human biological genders exist, where racism, Nazism, discrimanation, voluntarism are forbidden, and people at least try to follow the law where it's possible and don't violate their moral and ethical principles.
What the hell? This is a hosting forum, not a psychological help forum for mental illnesses you may have mentioned
rustelekom, stop spamming with offtopic comments
Unsolicited politics is against the rules @angstrom
Since you say this allegations arent true, are you going to sue them? You are a german company and _Correctiv _is also based in germany.
Don't stick your dick into anything everything, seriously.
To late im afraid
What would you change? The law is written the way it's written for a reason.
If a criminal buys a knife from a supermarket and stabs some people, the law is written so the supermarket is not liable. But nobody thinks the supermarket is taking advantage of a legal loophole that needs to get corrected.
It's nice to see that not only crazy activists are active here.
Very good point. Many people say fk this or fk that, but they don't care about the dangers.
Thanks for this, precisely my opinion as well. It’s the concentration of the things you deacribed that’s the issue, everything else is just noise
I’ve also flagged the repeated attempts at derailing the thread and making it about Russia and/or LBTQ. It’s so tiring letting these people derail and then close any thread they want with such a simple strategy.
Strange that no one see problem caused by activists. That is people who don't bother about anything actually and want only choose victim and bulling him for any reason. Reason might be any but bulling will continue again and again.
Mean words make rustelekom sad
[reserved for mean words]