Archive for the ‘Account Compromise’ Category

Perhaps a little birdie told Twitter to buy a malware company or maybe they took a page from the ThreatMetrix™ playbook. On January 10, ThreatMetrix acquired Australia-based TrustDefender, which provides secure browsing technology to protect against malware and man-in-the-browser (MitB) attacks. Or maybe it was done in advance of Twitter’s new advertising launch? Say, didn’t one of the company’s founders say Twitter would never use advertising as a way to monetize the company? Nah, must’ve been another company with the same name. 

In any case, in preparation for its new ad service, Twitter announced the acquisition of spam and malware protection service, Dasient. Rachael Horwitz, a Twitter spokesperson told Mashable.com that Dasient would be integrated into Twitter’s “revenue engineering team because they have a deep understanding of advertising-platform security issues.” Considering the cybercrime-ridden environment into which Twitter is starting its new ad service, it would seem prudent that first and foremost the company would address security.

According to an Aite Group report (“Know Your Enemy: Successful Online Fraud Mitigation Strategies”), 25 million new, unique strains of malware were released in 2011. That number is projected to grow to 87 million strains by the end of 2015.

A Gartner Group report (“The Five Layers of Fraud Prevention and Using Them to Beat Malware”) containing a survey of 76 U.S. banks found malware was the number one cyberthreat.

Of the advertising platform, Mashable.com reports, “The self-serve platform lets advertisers purchase ads without going through a sales representative. Anyone with a credit card and the desire to utilize ‘Promoted Products’ to boost their brand recognition can get on-board with this service. However, the service is not yet available to the public.”

eMarketer, which does market research and statistics, projected Twitter’s ad-generated revenue could earn the company $399.5 million by 2013. With that kind of money on the table, Twitter would appear to be a magnet for cyberthieves.

Mashable.com observes that Twitter is already the object of malware threats going back to 2010, when “the FTC ruled that Twitter would be subject to a bi-annual security audit after 55 celebrity accounts were hacked, including the accounts of Barack Obama, Britney Spears and Facebook. Spammers have also taken advantage of Twitter’s trending topics in order to target a large amount of people.”

Till now, Twitter’s reputation was on the line with the possibility of a search engine blacklisting any site “overrun” by malware.  However, adding big advertising dollars to the mix raises the stakes considerably and makes the Dasient acquisition a very smart move.

Is buying and integrating a malware company into your company a bit “over the top?”  No worries.  You can still get the best protection on the planet from malware and the full range of cyberthreats from ThreatMetrix.

Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

Zappos, the online shoe outlet owned by Amazon, was hacked putting some 24-million customers’ personal information at risk. PCWorld.com reported that Zappos CEO, Tony Hsieh, told customers that, “names, email addresses, billing and shipping addresses, phone numbers, the last four digits of credit card numbers, and encrypted passwords may have been exposed.”  He added that the good news was that the database storing actual credit card and payment data had not been breached.

Nevertheless, the New York Daily News reported that the company had put out a statement informing customers of the incident and asking them to change their passwords. Customers, who attempted to phone Zappos for information, were met with the sounds of silence. Zappos’ CEO said in a memo, “We have made the hard decision to turn off our phones and direct customers to contact us by email because our phone systems simply aren’t capable of handling so much volume. (If 5% of our customers call, that would be over 1 million phone calls, most of which would not even make it into our phone system in the first place.).”

In an email to employees, which was posted to the Zappos blog, the company said the cyberattack came from a criminal who had gained access to parts of the company’s internal network and systems through a server in Kentucky.

Andrew Storms, director of security operations at nCircle, told PCWorld.com that Zappos’ response to the incident seemed to be appropriate in so far as it had notified customers, and reset all passwords to force customers to create new ones to replace those that may be exposed or cracked as a result of the breach.

Security expert, Neil Roiter, research director for Corero Network Security, observed, “Companies such as Zappos should have technology in place that monitors activity on their networks and reports in real time on suspicious activity or activity that does not conform to security policy. The sooner an organization detects a breach, the more quickly it can contain it.”

ThreatMetrix, the fastest-growing provider of integrated cybercrime prevention solutions, offers superior solutions that can’t be compromised by break-ins. The ThreatMetrix™ Cybercrime Defender Platform helps companies protect customer data and secure transactions against fraud, malware, data breaches, as well as man-in-the browser (MitB) and Trojan attacks. The Platform consists of advanced cybersecurity technologies, including TrustDefender™ ID, which is cloud-based, real-time device identification, as well as malware protection with TrustDefender™ Cloud and TrustDefender™ Client. The company serves a rapidly growing global customer base across a variety of industries, including financial services, e-commerce, payments,social networks, government, and healthcare.

PrECISE (Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness) is the cybersecurity bill introduced by members of the House Homeland Security Committee.  PrECISE establishes a quasi-governmental entity to oversee information-sharing with the private sector.

Wouldn’t you like to have sat in on the meeting where they decided on the acronym, PrECISE?  (Probably more like multiple meetings with emails flying back and forth for months):

Staffers: “How about Cybersecurity Information Sharing (CIS)?”

Committee: “CIS?  Too close to CIA, which is supposed to gather information, not spread it. Leaves the wrong impression.”

Staffers: “How about Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness (PECISE)?”

Committee:  “That’d be pronounced Pea-size. Does Pea-size sound like the taxpayers are getting any bang for their buck?”

Staffers:  “How about we put in an “R” for Research? “Promoting Research and Enhancing Cybersecurity and Information Sharing Effectiveness.” Then we’ve got PRECISE. “

Committee: “PRECISE.  Like it.  But we’re not doing Research. That makes PRECISE imprecise.”

Staffers:  “Okay, we can take the “R” from “Promoting” to make it “PRECISE.” And to differentiate it from the rest of the acronym, we can make the “R” an “r”.

Committee:  “But what do we do about the “a”s in the “ands” in “Promoting Research and Enhancing Cybersecurity and Information Sharing Effectiveness?”

Staffers:  “Lower case ands are always silent.” 

Committee:  “Precisely.”

However the PrECISE Act got its name, The Hill’s “Hillicon Valley Technology Blog” reports that it’s designed to encourage “private firms to share information on cyber threats [stopping] short of mandating new security standards for sectors deemed critical to national security” following other cybersecurity bills offered by House Republicans.

The bill lays out the Department of Homeland Security’s cybersecurity functions which would require DHS to evaluate cybersecurity risks for critical infrastructure firms and determine the best way to mitigate the risks.

“Cybersecurity is truly a team sport, and this bill gives DHS needed authorities to play its part in the federal government’s cybersecurity mission and enables the private sector to play its part by giving them the information and access to technical support they need to protect critical infrastructure,” said House Cybersecurity subcommittee Chairman Dan Lungren (R-Calif.).

Hillicon Valley Technology Blog observes, “By authorizing DHS to oversee civilian cybersecurity, the legislation aligns with proposals from both the Senate and the White House, but it is unclear how much authority DHS would have to enforce its security standards. Democrats have argued DHS needs some enforcement authority to ensure firms beef up their network protections.”

While there hasn’t been a whole lot of bi-partisan support for any measure recently, this bill appears to come close. Bennie Thompson (D-Miss.) said, “Introduction of this legislation represents a solid and significant step forward in the effort to secure our nation’s cyber infrastructure. While I am not prepared to give my full support to the bill at this time, there’s a lot to like in this bill. I am pleased that it gives DHS the authority and resources it needs to fulfill its cybersecurity mission instead of creating a whole new bureaucracy or complicated regulatory framework.”

Offers Cybersecurity sub-panel ranking member Yvette Clarke (D-N.Y.), “While we continue to review this legislation, I look forward to working with my colleagues in a more collaborative way to strengthen this bill.”

You may have to wait for Congress to work out the precise language of PrECISE before it’s enacted.  But, you don’t have to wait to achieve the most effective protection for your online assets.  That protection is available today from ThreatMetrix™.

The first perimeter and the most effective element in a multi-layered defense against cybercriminals is device identification.  Offering transaction security from hidden proxies, scripted attacks and cookie and browser manipulation, the ThreatMetrix™ Cloud-Based Fraud Prevention Platform  lets companies authenticate payments, new accounts and returning customers in real time. And it doesn’t matter what device is being used from smartphones to PCs to tablets. Combined with aggregated fraud intelligence in the cloud, ThreatMetrix device identification offers companies maximum protection without the need to collect Social Security numbers, email addresses or bank account information.

Legitimate app or a real killer designed to upload malware and snag users’ personal information and money? Perhaps the only thing growing as fast as the mobile market is malware to steal from that market.

Gerry Smith in a Huffington Post post reported that “malware jumped 22 percent in the first half of this year compared with the same period last year. Google’s Android operating system was the most popular target for mobile malware developers during the second quarter….

“Hackers are setting their sights on Android…by disguising malware as legitimate apps. For example, a fake update of the popular game Angry Birds sends sensitive information about the user to the hacker who gains access to the user’s phone and downloads more malicious software….”

According to the Smith’s post, “after several malicious apps were published to the Android Market, Google said it was taking measures to help prevent additional malicious applications from being distributed and working to fix the underlying security issues. It said the malware did not affect Android versions 2.2.2 or higher.”

But, Smith said that a Symantec white paper claims “Google allows attackers to anonymously create and distribute malware in the Android market and relies on Android users to make important security decisions they are often not capable of making….”  Super news with more Americans opting for Google Android operating systems over Apple’s iOS.

A McAfee report found “an increase in fake anti-virus software for Mac operating systems, suggesting that such malware could start appearing on other Apple products, including iPhones and iPads.”

So if both Apple iOS and Google Android OS are becoming at risk of being compromised, where does an online business turn for protection? ThreatMetrix.

Offering transaction security from hidden proxies, scripted attacks and cookie and browser manipulation, the ThreatMetrix™ Cloud-Based Fraud Prevention Platform lets companies authenticate payments, new accounts and returning customers in real-time. And it doesn’t matter what device is being used from smartphones to PCs to tablets. Combined with aggregated fraud intelligence in the cloud, ThreatMetrix device identification offers companies maximum protection without the need to collect social security numbers, email addresses or bank account information.

Last spring it was revealed hackers had attacked RSA. The attack showed that RSA tokens requiring users to enter a unique number generated by the token each time they connected to their networks, had been compromised. Well, not so much compromised as they left a security hole you could drive a tank through and still have room for a fleet of BMWs, two ox carts and a Yugo.

Now, it’s been learned that a raft of companies that had relied on RSA tokens for protection had also been compromised. These included Google, Facebook, Amazon, Abbot Laboratories, Charles Schwab, Microsoft (see below for a full listing) — In all 20% or one fifth (whichever is smaller) of the Fortune 100 had been hacked.

The names of the companies whose security was breached were discovered after researchers traced back the corporate networks that were communicating with the server that attacked RSA. Security expert Brian Krebs said the first victims started “phoning home” as early as November 2010.

Often the victims of attacks don’t even know they’ve been attacked until years later. Dave Jevans, chairman of Ironkey, maker of a security-focused Web browser notes, “I’m sure 90% of these companies are just finding out they’ve been hacked.”

Krebs said 300 command and control networks were used in the attacks. Two-hundred-ninety-nine were located in or around Beijing, China. Following is a full list of the companies Krebs reported were hit:

302-DIRECT-MEDIA-ASN
8e6 Technologies, Inc.
AAPT AAPT Limited
ABBOTT Abbot Labs
ABOVENET-CUSTOMER – Abovenet Communications, Inc
ACCNETWORKS – Advanced Computer Connections
ACEDATACENTERS-AS-1 – Ace Data Centers, Inc.
ACSEAST – ACS Inc.
ACS-INTERNET – Affiliated Computer Services
ACS-INTERNET – Armstrong Cable Services
ADELPHIA-AS – Road Runner HoldCo LLC
Administracion Nacional de Telecomunicaciones
AERO-NET – The Aerospace Corporation
AHP – WYETH-AYERST/AMERICAN HOME PRODUCTS
AIRLOGIC – Digital Magicians, Inc.
AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services
AIS-WEST – American Internet Services, LLC.
AKADO-STOLITSA-AS _AKADO-Stolitsa_ JSC
ALCANET Corporate ALCANET Access
ALCANET-DE-AS Alcanet International Deutschland GmbH
ALCATEL-NA – Alcanet International NA
ALCHEMYNET – Alchemy Communications, Inc.
Alestra, S. de R.L. de C.V.
ALLIANCE-GATEWAY-AS-AP Alliance Broadband Services Pvt. Ltd.,Alliance Gateway AS,Broadband Services Provider,Kolkata,India
ALMAZAYA Almazaya gateway L.L.C
AMAZON-AES – Amazon.com, Inc.
AMERITECH-AS – AT&T Services, Inc.
AMNET-AU-AP Amnet IT Services Pty Ltd
ANITEX-AS Anitex Autonomus System
AOL-ATDN – AOL Transit Data Network
API-DIGITAL – API Digital Communications Group, LLC
APOLLO-AS LATTELEKOM-APOLLO
APOLLO-GROUP-INC – University of Phoenix
APT-AP AS
ARLINGTONVA – Arlington County Government
ARMENTEL Armenia Telephone Company
AS INFONET
AS3215 France Telecom – Orange
AS3602-RTI – Rogers Cable Communications Inc.
AS4196 – Wells Fargo & Company
AS702 Verizon Business EMEA – Commercial IP service provider in Europe
ASATTCA AT&T Global Network Services – AP
ASC-NET – Alabama Supercomputer Network
ASDANIS DANIS SRL
ASGARR GARR Italian academic and research network
ASIAINFO-AS-AP ASIA INFONET Co.,Ltd./ TRUE INTERNET Co.,Ltd.
ASIANDEVBANK – Asian Development Bank
ASN852 – Telus Advanced Communications
AS-NLAYER – nLayer Communications, Inc.
ASTOUND-CABLE – Wave Broadband, LLC
AT&T Global Network Services – EMEA
AT&T US
ATMAN ATMAN Autonomous System
ATOMNET ATOM SA
ATOS-AS ATOS Origin Infogerance Autonomous System
ATT-INTERNET4 – AT&T Services, Inc.
AUGERE-AS-AP Augere Wireless Broadband Bangladesh Limited
AVAYA AVAYA
AVENUE-AS Physical person-businessman Kuprienko Victor Victorovich
AXAUTSYS ARAX I.S.P.
BACOM – Bell Canada
BAHNHOF Bahnhof AB
BALTKOM-AS SIA _Baltkom TV SIA_
BANGLALINK-AS an Orascom Telecom Company, providing GSM service in Bangladesh
BANGLALION-WIMAX-BD Silver Tower (16 & 18th Floor)
BANKINFORM-AS Ukraine
BASEFARM-ASN Basefarm AS. Oslo – Norway
BBIL-AP BHARTI Airtel Ltd.
BBN Bredbaand Nord I/S
BC-CLOUD-SERVICES
BEAMTELE-AS-AP Beam Telecom Pvt Ltd
BEE-AS JSC _VimpelCom_
BELINFONET Belinfonet Autonomus System, Minsk, Belarus
BELLSOUTH-NET-BLK – BellSouth.net Inc.
BELPAK-AS BELPAK
BELWUE Landeshochschulnetz Baden-Wuerttemberg (BelWue)
BENCHMARK-ELECTRONICS – Benchmark Electronics Inc.
BEND-BROADBAND – Bend Cable Communications, LLC
BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone
BIGNET-AS-ID Elka Prakarsa Utama, PT
BLUEWIN-AS Swisscom (Schweiz) AG
BM-AS-ID PT. Broadband Multimedia, Tbk
BN-AS Business network j.v.
BNSF-AS – Burlington Northern Sante Fe Railway Corp
BNT-NETWORK-ACCESS – Biz Net Technologies
BORNET Boras Energi Nat AB
BREEZE-NETWORK TOV TRK _Briz_
BSC-CORP – Boston Scientific Corporation
BSKYB-BROADBAND-AS BSkyB Broadband
BSNL-NIB National Internet Backbone
BT BT European Backbone
BT-ITALIA BT Italia S.p.A.
BTN-ASN – Beyond The Network America, Inc.
BTTB-AS-AP Telecom Operator & Internet Service Provider as well
BT-UK-AS BTnet UK Regional network
CABLECOM Cablecom GmbH
CABLE-NET-1 – Cablevision Systems Corp.
CABLEONE – CABLE ONE, INC.
CABLEVISION S.A.
CACHEFLOW-AS – Bluecoat Systems, Inc.
CANET-ASN-4 – Bell Aliant Regional Communications, Inc.
CANTV Servicios, Venezuela
CAPEQUILOG – CapEquiLog
CARAVAN CJSC Caravan-Telecom
CARRIER-NET – Carrier Net
CATCHCOM Ventelo
CCCH-3 – Comcast Cable Communications Holdings, Inc
CDAGOVN – Government Telecommunications and Informatics Services
CDS-AS Cifrovye Dispetcherskie Sistemy
CDT-AS CD-Telematika a.s.
CE-BGPAC – Covenant Eyes, Inc.
CELLCO-PART – Cellco Partnership DBA Verizon Wireless
CENSUSBUREAU – U. S. Bureau of the Census
CERNET-ASN-BLOCK – California Education and Research Federation Network
CERT – Computer Emergency Response Team (CERT) – Coordination Center
CGINET-01 – CGI Inc
CHARLES-SCHWAB – Charles Schwab & Co., Inc.
CHARTER-NET-HKY-NC – Charter Communications
CHINA169-BACKBONE CNCGROUP China169 Backbone
CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network
CHINA169-GZ China Unicom IP network China169 Guangdong province
CHINANET-BACKBONE No.31,Jin-rong Street
CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation
CHINANET-SH-AP China Telecom (Group)
CIPHERKEY – Cipherkey Exchange Corp.
CISCO-EU-109 Cisco Systems Global ASN – ARIN Assigned
CITEC-AU-AP QLD Government Business (IT)
CITelecom-AS
CITYNET – CityNet
CLARANET-AS ClaraNET
CLIX-NZ TelstraClear Ltd
CMCS – Comcast Cable Communications, Inc.
CMNET-BEIJING-AP China Mobile Communicaitons Corporation
CMNET-GD Guangdong Mobile Communication Co.Ltd.
CMNET-V4SHANDONG-AS-AP Shandong Mobile Communication Company Limited
CNCGROUP-GZ CNCGROUP IP network of GuangZhou region MAN network
CNCGROUP-SH China Unicom Shanghai network
CNIX-AP China Networks Inter-Exchange
CNNIC-DSNET-AP Shanghai Data Solution Co., Ltd.
CNNIC-WASU-AP WASU TV & Communication Holding Co.,Ltd.
CO-2COM-AS 2COM Co ltd.
COGECOWAVE – Cogeco Cable
COGENT Cogent/PSI
COLO4 – Colo4Dallas LP
COLOMBIA TELECOMUNICACIONES S.A. ESP
COLT COLT Technology Services Group Limited
COLUMBUS-NETWORKS – Columbus Networks USA, Inc.
COMCAST-33490 – Comcast Cable Communications, Inc.
COMCAST-33491 – Comcast Cable Communications, Inc.
COMCAST-36732 – Comcast Cable Communications, Inc.
COMCAST-7015 – Comcast Cable Communications Holdings, Inc
COMCAST-7725 – Comcast Cable Communications Holdings, Inc
COMCAST-HOUSTON – Comcast – Houston
COMHEM-SWEDEN Com Hem Sweden
COMNET-TH KSC Commercial Internet Co. Ltd.
Completel Autonomous System in France
COMSAT COLOMBIA
COMSTAR COMSTAR-Direct global network
CORBINA-AS Corbina Telecom
COVAD – Covad Communications Co.
CPMBLUE-AS-BD CPM BLUE ONLINE LTD.Transit AS Internet Service Provider, Dhaka
CRRSTV – CRRS-TV
CSC Computer Management and CSC Denmark
CSC-IGN-AUNZ-AP Computer Sciences Corporation
CSC-IGN-EMEA – Computer Sciences Corporation
CSC-IGN-FTW – Computer Sciences Corporation
CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED
CSP-AS CSP
CSUNET-NW – California State University Network
CSXT-AS-1 – CSX Technology
CTIHK-AS-AP City Telecom (H.K.) Ltd.
CTS-MD I.S. Centrul de Telecomunicatii Speciale
CXA-ALL-CCI-22773-RDC – Cox Communications Inc.
CYBERVERSE – Cyberverse, Inc.
CYPRESS-SEMICONDUCTOR – Cypress Semiconductor
CYTA-NETWORK Cyprus Telecommunications Authority
DARLICS-AS Darlics ltd. provides IP transport and Internet
DATAGRUPA SIA _Datagrupa.lv_ Marijas 7 – 412a Riga, LV-1050, LATVIA
DCI-AS DCI Autonomous System
DECHO – Decho Corporation
DFINET DFi Service SA
DHL-AS DHL Systems Inc.
DHSINETNOC – DEPARTMENT OF HOMELAND SECURITY
DIGCOMM Digital communications, LTD
DIGITAL-TELEPORT – Digital Teleport Inc.
DIL-AP DIRECT INTERNET LTD.
DIN-AS TOMSKTELECOM AS
DINAS-AS PE Kuznetsova Viktoria Viktorovna
DINET-AS Digital Network JSC
Diveo do Brasil Telecomunicacoes Ltda
DK-ESS-AS Syd Energi Bredbaand A/S
DMSLABNET – DoD Network Information Center
DNC-AS IM Data Network Communication SRL
DNEO-OSP7 – Comcast Cable Communications, Inc.
DNIC-ASBLK-00721-00726 – DoD Network Information Center
DNIC-ASBLK-27032-27159 – DoD Network Information Center
DOGAN-ONLINE Dogan Iletisim Elektronik Servis Hizmetleri
DOMAINFACTORY domainfactory GmbH
DOMAINTOOLS – DomainTools, LLC
DONTELE-AS Telenet LLC
DOPC-AS
DOPC-AS-NGN
DOPC-AS-US
DREAMHOST-AS – New Dream Network, LLC
DREAMX-AS DREAMLINE CO.
DRWEB-AS Doctor Web Ltd
DSE-VIC-GOV-AS Department of Sustainability & Environment,
DSIJSC-AS DSI Autonomous system
DSLEXTREME – DSL Extreme
DTAG Deutsche Telekom AG
DWL-AS-IN Dishnet Wireless Limited. Broadband Wireless
DYNDNS – Dynamic Network Services, Inc.
EASYDNS EasyDNS Technologies, Inc.
EASYNET Easynet Global Services
EBAY – eBay, Inc
ECI-TELECOM-LTD ECI Telecom-Ltd.
EDGECAST – EdgeCast Networks, Inc.
EIRCOM Eircom
ELISA-AS Elisa Oyj
EMBARQ-WNPK – Embarq Corporation
EMBIT-AS BURTILA & Co. ELECTRON M.BIT SRL
EMC-AS12257 – EMC Corporation
EMCATEL
EMIRATES-INTERNET Emirates Internet
EMOBILE eMobile Ltd.
ENTEL CHILE S.A.
EPM Telecomunicaciones S.A. E.S.P.
EQUANT-ASIA Equant AS for Asian Region covering Japan
EQUINIX-EDMA-ASH-ASN – Equinix, Inc.
ERICSSON-APAC-MY-AS Ericsson Global Services. BUGS N&V APAC
ERX-SINGNET SingNet
ESRI – Environmental Systems Research Institute
ESS-PR-WEBMASTERS – ESS/PR WebMasters
EthioNet-AS
ETISALAT-MISR
ETPI-IDS-AS-AP Eastern Telecoms Phils., Inc.
ETSI Autonomous System
EURONET Online Breedband B.V. Global AS
European Space Agency
EUSKALTEL Euskaltel S.A.
EXCELL-AS Excellmedia
EXIM – Export Import Bank of the U.S
FACEBOOK – Facebook, Inc.
FANNIEMAE – Fannie Mae
FasoNet-AS
FASTMETRICS – Fastmetrics, LLC
FAST-TELCO Fast Telecommunications Company W.L.L.
FASTWEB Fastweb SpA
FAWRI-AS
FDA – Parklawn Computer Center / DIMES HQ
FIBREONE-AS fibre one networks GmbH, Duesseldorf
FITC-AS – FITC – FedEx International Transmission Corporation
FMAC-I-BILLING – Freddie Mac
FMI-NET-AS – Freeport-McMoran Inc.
FORATEC-AS Foratec Communication AS at Sverdlovsk, Tyumen, Perm regions
FORTINET-CANADA – Fortinet Inc.
FPT-AS-AP The Corporation for Financing & Promoting Technology
FRONTIER-AND-CITIZENS – Frontier Communications of America, Inc.
FRONTIER-FRTR – Frontier Communications of America, Inc.
FR-RENATER Reseau National de telecommunications pour la Technologie
FULLRATE Fullrate A/S
FX-PRIMARY-AS FX Networks Limited
GBLX Global Crossing Ltd.
GET-NO GET Norway
GHANATEL-AS
GIGAINFRA Softbank BB Corp.
GLOBAL-SPLK – Sprint International
GLOBE-TELECOM-AS Globe Telecoms
GOLDENLINES-ASN 012 Smile Communications Main Autonomous System
GOLDENTELECOM-UKRAINE Golden Telecom
GOOGLE – Google Inc.
GRAMEENPHONE-AS-AP GrameenPhone Ltd.
GSA-GOV – General Services Administration
GT-BELL – Bell Canada
Gtd Internet S.A.
GYRON ====
H3G-AS H3G S.p.A.
H3GUKNIE Hutchison 3G UK and Ireland Core AS
HANARO-AS Hanaro Telecom Inc.
HATHWAY-NET-AP Hathway IP Over Cable Internet
HETZNER-AS Hetzner Online AG RZ
HHES – HAMILTON HYDRO ELECTRIC SYSTEM
HINET Data Communication Business Group
HKNET-AP HKNet Co. Ltd
HKTIMS-AP PCCW Limited
HNS-DIRECPC – Hughes Network Systems
HOPONE-GLOBAL – HopOne Internet Corporation
HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
HP-INTERNET-AS Hewlett-Packard Company
HTCL-IAS-HK-AP Hutchison Telephone Company Limited
HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd
HURRICANE – Hurricane Electric, Inc.
HUTCHISON-AS-AP Hutchison Global Communications
HUTCHVAS-AS Vodafone Essar Ltd., Telecommunication – Value Added Services,
IADB-NETWORKS – The Inter-American Development Bank
IAM-AS
IBM E-business Hosting Delivery
IBMCCH-RTP – IBM
IBMCCH-SBY – IBM
IBMDES-AS – IBM Dallas Engineering & Scientific
IBSNAZ Telecom Italia S.p.a.
IBURST-GH
ICONNECT-BD Planners Tower
IDK-NETWORK CJSC Interdnestrcom AS
IEUNET BT Ireland Backbone
IFX-NW – IFX Communication Ventures, Inc.
IHNET – IHNetworks, LLC
IINET iiNet Limited
IJ-NET – Internet Junction Corp.
ILX-ASN – THOMSON FINANCIAL
IN2CABLE-AP AS Number of In2cable.com (India) Ltd.
INDONET-AS-AP INDO Internet, PT
INDOSATM2-ID INDOSATM2 ASN
INEA-AS INEA S.A.
INET-AS-ID PT. Inet Global Indo
INETCOMM-AS INET LTD
I-NETPARTNER-AS I-NetPartner GmbH ASN
INETTEHNO Inet Tehno
INFINEON-AS Infineon AG
INFINEON-SG 8 Kallang Sector
INFLOW19294 – Inflow Inc.
INFOSPHERE NTT PC Communications, Inc.
INFOSTRADA Infostrada S.p.A.
INIT7 Init7 Global Backbone
INS-AS – AT&T Data Communications Services
Instituto Costarricense de Electricidad y Telecom.
Instituto Tecnol??gico y de Estudios Superiores de Monterrey
INTEGRATELECOM – Integra Telecom, Inc.
INTELSAT Intelsat Global BGP Routing Policy
INTEL-SC-AS – Intel Corporation
INTERNAP-2BLK – Internap Network Services Corporation
INTERNAP-BLK – Internap Network Services Corporation
INTERNAP-BLK – Internap Network Services Corporation
INTERNAP-BLK3 – Internap Network Services Corporation
INTERNAP-BLOCK-4 – Internap Network Services Corporation
INTERNETIA-AS Netia SA
INTERNET-PATH – Internet Path, Inc.
INTERNET-PRO-AS Internet-Pro Ltd
INTEROUTE Interoute Communications Ltd
INTERPHONE-AS Interphone Ltd.
INTERTELECOM Intertelecom
IPASAULE-AS _Interneta Pasaule_ SIA
IPG-AS-AP Philippine Long Distance Telephone Company
IPGOMA – THE INTERPUBLIC GROUP OF COMPANIES, INC.
IPNXng
IPO-EU IP-Only Telecommunication Networks AB
IQUEST-AS – IQuest Internet
IRONPORT-SYSTEMS-INC – Cisco Systems Ironport Division
IRS – Internal Revenue Service
IS
ISC-AS1280 Internet Systems Consortium, Inc.
ISKON ISKON INTERNET d.d. za informatiku i telekomunikacije
ISKRATELECOM-AS ISKRATELECOM ZAO
ISP-KIM-NET Kalush Information Network LTD
ISSC-AS – ISSC
ISW – Internet Specialties West Inc.
ITNS ITNS. NET SRL
ITSCOM its communications Inc.
JAWWAL Jawwal will be multihoming with us AS15975 and AS12975
JAZZNET Jazz Telecom S.A.
Jordan Data Communications Company LLC
JUNIPER-NETWORKS – Juniper Networks, Inc.
KABELBW-ASN Kabel Baden-Wuerttemberg GmbH & Co. KG
KAISER-NCAL – Kaiser Foundation Health Plan
KAMOPOWER – KAMO Electric Cooperative, Inc.
KAZTELECOM-AS JSC Kazakhtelecom
KHERSON-TS Kherson Telecommunication Systems Ltd.
KIXS-AS-KR Korea Telecom
K-OPTICOM K-Opticom Corporation
KSNET KSNet
KSNET-AS Kyivstar GSM
KVH KVH Co.,Ltd
LANTELECOM-AS Lan-Telecom AS Number
LATISYS-ASHBURN – Latisys-Ashburn, LLC
LATNETSERVISS-AS LATNET ISP
LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
LEASEWEB LEASEWEB AS
LEVEL3 Level 3 Communications
LGCNS-AS – LG CNS America Inc.
LGDACOM LG DACOM Corporation
LGH-AS-KR LGHitachi
LGNET-AS-KR LG CNS
LINKdotNET-AS
LINKLINE – LinkLINE Communications, Inc.
LINKNET-ID-AP Linknet ASN
LOQAL-AS Loqal AS
LUCENT-CIO – Lucent Technologies Inc.
LUGANET-AS ARTA Ltd
LVBALTICOM-AS _Balticom_ JSC
LVLT594-598 – Level 3 Communications, Inc.
LYSE-AS Altibox AS
MAGNUS-AS TOV _Magnus Limited_
MANGOTELESERVICE-AS-BD Only private Owned IIG in Bangladesh
MAP Moscow Network Access Point
MASERGY-US Masergy US Autonomous System
MASSCOM – Massillon Cable Communications
MAXIS-AS1-AP Binariang Berhad
MBL-AS-AP Micronet Broadband (Pvt) Ltd.
MCAFEE – McAfee, Inc.
MCAFEE-COM – McAfee, Inc.
MCC OJSC _Moscow Cellular Communications_,
MCI-ASN – MCI
MCT-SYDNEY Macquarie Telecom
MDITNET-AS ITNET (ITPAY SRL)
MEDIASERV-AS Mediaserv
Mega Cable, S.A. de C.V.
MEGAPATH2-US – MegaPath Networks Inc.
METROTEL REDES S.A.
MF-KAVKAZ-AS Caucasus Branch of OJSC MegaFon AS
MF-NWGSM-AS North-West Branch of OJSC MegaFon Network
MFNX MFN – Metromedia Fiber Network
MICRON21-AS-AU-AP Micron21 Melbourne Australia Datacentre. Co-Location Dedicated Servers Web Hosting
MICROSOFT-CORP-AS – Microsoft Corp
MICROSOFT-CORP—MSN-AS-BLOCK – Microsoft Corp
MISD-NET – Macomb Intermediate School District
MIT-GATEWAYS – Massachusetts Institute of Technology
MOLDCELL_AS Moldcell SA Autonomous System
MOLDDATA-AS Administrator of the top level domain .MD,
MOLDTELECOM-AS Moldtelecom Autonomous System
MORENET – University of Missouri – dba the Missouri Research and Education Network (MOREnet)
MOTOROLA – Motorola, Inc.
MOTOROLA-PHX – Motorola, Inc.
MP-ELEKTRONIKA-AS MP ELEKTRONIKA Autonomous System
MPX-AS Microplex PTY LTD
MTNL-AP Mahanagar Telephone Nigam Ltd.
MTS-INDIA-IN 334,Udyog Vihar
MTSNET OJSC _Mobile TeleSystems_ Autonomous System
N9E7X5E3N1I2N4C – Nexen Inc.
NAWALA-AS-ID Asosiasi Warung Internet Indonesia (AWARI)
NAWRAS-AS Omani Qatari Telecommunications Company SAOC
NBLNETWORKS-AS Nebula Oy Autonomous System
NC-FUNB-AS – WACHOVIA CORP
NCNET-AS National Cable Networks
NEOLINK CJSC _ER-Telecom Holding_ Izhevsk branch
NERIM Nerim SAS
NET-ACCESS-CORP – Net Access Corporation
NET-AIG – American International Group (AIG) Data Center, Inc.
NETCOM-AS NetCom as Autonomous system
NETELLIGENT – Netelligent Hosting Services Inc.
NEWCOM-AS NEWCOM mirror object from ARIN
NEWCOM-ASN New Com Telecomunicatii SA
NEWEDGENETS – New Edge Networks
NEWSKIES-NETWORKS SES WORLD SKIES ARIN AS, for routing RIPE space.
NEWTT-IP-AP Wharf T&T Ltd.
NEXTGENTEL NEXTGENTEL Autonomous System
NEXTTELL-VRN-AS LLC NextTell-Voronezh AS Number
NG-AS NextGen Communications SRL
NIANET-AS nianet is a Danish carrier and Internet Service Provider
NO_NAME
NOC – Network Operations Center Inc.
NOKIA Nokia Internet
NOKIA-AS NOKIANET APAC Data Centre network
NOKIANET_DALLAS NOKIANET Dallas office
Nominum Global NameServer network
NOMINUM-SKYE1 – SKYE
NORDLINKS-AS S.C. _NordLinks_ S.R.L.
NORMA-PLUS-AS TOV Norma Plus
NORTHROP-GRUMMAN – Northrop Grumman
NOVELL – Novell, Inc.
NTL Virgin Media Limited
NTT do Brasil Telecomunicaoes Ltda
NTT-COMMUNICATIONS-2914 – NTT America, Inc.
NUMERICABLE NUMERICABLE is a cable network operator in France, offering TV,VOICE and Internet services
NUVOX – NuVox Communications, Inc.
NV-ASN 013 NetVision Ltd.
NYFX-RTR – NYFIX, INC
O1COMM – O1 COMMUNICATIONS
OCN NTT Communications Corporation
OFIDEN – OppenheimerFunds, Inc.
OMD-FNO Orange Moldova Fix Network Autonomous System
OMNITURE ====
OPENDNS – OpenDNS, LLC
ORANGE-BUSINESS-SERVICES-SOUTHEUR Equant Inc.
ORANGE-BUSINESS-SERVICES-UK Orange Business Services (formerly Equant) AS for UK
OSIS-PACOM – Joint Intelligence Center Pacific
OVH OVH
P4NET P4 Sp. z o.o.
PACIFIC-INTERNET-INDIA-ASN Pacific Internet India Pvt. Ltd.
PACIFIC-INTERNET-IX Pacific Internet Ltd
PACNET Pacnet Global Ltd
PAH-INC – GoDaddy.com, Inc.
PAIR-NETWORKS – pair Networks
PALTEL-AS PALTEL Autonomous System
PARTNER-AS Partner Communications Ltd.
PBTL-BD-AS-AP Pacific Bangladesh Telecom Limited.
PDX – PORTLAND INTERNETWORKS
PEER1 – Peer 1 Network Inc.
Pegaso PCS, S.A. de C.V.
PERSNET Korea Telecom Freetel
PI-AU Pacific Internet (Australia) Pty Ltd
PI-HK Pacnet Internet (Hong Kong) Limited
PIXNET-AS – Providers Internet Exchange
PKTELECOM-AS-PK Pakistan Telecom Company Limited
PLUSSERVER-AS PlusServer AG, Germany
POLYCOM – Polycom, Inc.
POWEREDCOM KDDI CORPORATION
Prima S.A.
PRIMORYE-AS Open Joint Stock Company _Far East Telecommunications Company_
PRINCETON-AS – Princeton University
PROBENETWORKS-AS Probe Networks
PRONET_LV SIA _PRONETS_
PROXAD Free SAS
PS-NETPLEX-AS – Perot Systems
PT KPN Internet Solutions
PTK-CENTERTEL-DSL-AS PTK Centertel Sp. z o.o.
PTLP-CORE – People_s Tel Limited Partnership
PTPRIMENET PT PRIME – Solucoes Empresariais de Telecomunicacoes e Sistemas S.A.
PUBNET1-AS KT
PUSAN-AS-KR Pusan National University
PWC-AS – PriceWaterhouseCoopers, LLP
Q9-AS – Q9 Networks Inc.
Q9-AS-BRAM – Q9 Networks Inc.
QNETCZ QNET CZ s.r.o.
QSC-1 QSC AG
QUALCOMM – Qualcomm, Inc.
QUALCOMM-BLR-AS-AP Qualcomm Inc. Bangalore AS, Developer of CDMA Technology India
QWEST – Qwest Communications Company, LLC
RACKSPACE – Rackspace Hosting
RADIOGRAFICA COSTARRICENSE
RAPID-LINK-AS RAPID LINK SRL
RAYA-AS
RCN-AS – RCN Corporation
RDSNET RCS & RDS S.A.
Rede Nacional de Ensino e Pesquisa
REEDLAN-AS ISP REEDLAN
RELARN RELARN-MSK
RELIANCE-COMMUNICATIONS-IN Reliance Communications Ltd.DAKC MUMBAI
RELIANCEGLOBALCOM – Reliance Globalcom Services, Inc
RENAM RENAM Association
RIML-CORP-AS-3 – Research In Motion Limited
RIPE-NCC-AS RIPE Network Coordination Centre
RISC-SYSTEM – Rockwell Scientific Company
RMH-14 – Rackspace Hosting
RMIFL RM Education PLC – Internet for Learning
ROGERS-CABLE – Rogers Cable Communications Inc.
ROSTELECOM-AS JSC Rostelecom
ROSTOV-TELEGRAF-AS Rostovelectrosviaz_ of Public Joint Stock Company
RTCOMM-AS OJSC RTComm.RU
RTD ROMTELECOM S.A
RUSTAVI2ONLINEAS Caucasus Online LLC
RU-SURNET Uralsvyazinform, Chelyabinsk branch
RWT – RagingWire Telecommunications
SAFELINES The network of ISP Safelines,includes POPs in various cities
SAFENZ-TRANSIT-AS-NZ SafeNZ Networks LTD
SAITIS-NETWORK Saitis Network, N.Desir
SAMSUNGNETWORKS-AS-KR Samsung Networks Inc.
SAN-JUAN-CABLE – San Juan Cable, LLC
SASUSA SunGard Availability Services USA
SAVVIS – Savvis
SBIS-AS – AT&T Internet Services
SCARTEL-AS Scartel Ltd.
SCOTTS-AS – CITY OF SCOTTSBURG
SCRR-10796 – Road Runner HoldCo LLC
SCRR-11426 – Road Runner HoldCo LLC
SCRR-12271 – Road Runner HoldCo LLC
SCV-AS-AP SCV Broadband Access Provider
SDL-20-AS – Smithville Digital, LLC
SEAGATE-USA-MN-1 – Seagate Technology
SEEDNET Digital United Inc.
SELECTNET-AS – SelectNet Internet Services
SERBIA-BROADBAND-AS Serbia BroadBand-Srpske Kablovske mreze d.o.o.
SERVICENET-AP Internet service provision to Western
SGNET-AS-AP Singapore Government Network AS
SHAW – Shaw Communications Inc.
SIBNETWORKS-AS Siberian Networks
SIFY-AS-IN Sify Limited
SIGMANET-NIC LU MII AS
SIKA-AS Sika Informationssysteme AG
SITA SITA
sixtelecoms-as
SKTELECOM-NET-AS SK Telecom., Ltd.
SKYNET-SPB-AS SkyNet Ltd.
SKYVISION SkyVision Network Services
SLTINT-AS-AP Sri Lanka Telecom Internet
SOFTLAYER – SoftLayer Technologies Inc.
SOFTNET-AS-AP Software Technology Parks of India – Bangalore
SOLNET BSE Software GmbH
SONICDUO-AS AS for MegaFon-Moscow
SONOMA – Sonoma Interconnect
SONY-APAC-AP Sony – ASN for Asia Pacific
SOVAM-AS OJSC _Vimpelcom_
SPBMTS-AS Mobile TeleSystems, OJSC, MR North-West
SPCS – Sprint Personal Communications Systems
SPEAKEASY – Speakeasy, Inc.
SPECTRANET FIRST FIBRE BROADBAND NETWORK IN NEW DELHI, INDIA
Sprint US
SPRINTLINK – Sprint
SPRINTLINK-HOSTING – SPRINT, Business Serices Group
SS-NOC-AS – Straitshot Communications, Inc.
STARHUBINTERNET-AS StarHub Internet Exchange
STARNET-AS StarNet Moldova
STATEL-AS Stavropol branch of Southern Telecommunications Company
STEADFAST – Steadfast Networks
STOMI – State of Michigan, DMB-CNOC
STSN-SLC-UT-US – STSN GENERAL HOLDINGS, INC.
SUDDENLINK-COMMUNICATIONS – Suddenlink Communications
SUMTEL-AS-RIPE Summa Telecom
SUNCOMMUNICATIONS-AS JV _Sun Communications_ Autonomous System
SUNRISE Sunrise Communications AG
SUPERNET-PAKISTAN-AS-AP Supernet Limited Transit Autonomous System Number
SURFCONTROL-US-ASN Websense Hosted Security Network
SURFNET-NL SURFnet, The Netherlands
SWEETNET-AS Private entrepreneur Bliznichenko Vitalij Volodumirovich
SWISSCOM Swisscom (Switzerland) Ltd
SWITCH SWITCH, Swiss Education and Research Network
SWKO – SOUTHWEST KANSAS ONLINE
TACHYON-AS-ID PT Remala Abadi
TATA-AS TATA ISP
TATACOMM-AS TATA Communications formerly VSNL is Leading ISP
TATTELECOM-AS Tattelecom.ru/Tattelecom Autonomous System
TC Radio Systems Autonomous System
TCH – TCH Network Services
TDC TDC Data Networks
TDDE-ASN1 Telefonica o2 Germany Autonomous System
TDN Tikona Digital Networks Pvt Ltd.
TEAM-CYMRU – Team Cymru Inc.
TE-AS TE-AS
TELCOMNET TelCom Ltd.
TELCOM-UA-AS _Telecomunikatsiina Companiya_ Ltd
TELE2
Telecom Argentina S.A.
TELECOMMD-AS ICS Networks Solutions SRL
Telecomunicacoes da Bahia S.A.
TELEFONICA CHILE S.A.
Telefonica de Argentina
Telefonica Empresas SA
TELEFONICA-DATA-ESPANA Internet Access Network of TDE
TELEKOM-AS TELEKOM SRBIJA a.d.
TELENERGO EXATEL S.A. Autonomous System
TELENET-AS Autonomous System of Teleset-Servis Ltd.
TELENET-AS Telenet N.V.
TELENOR-NEXTEL Telenor Norge AS
TELESC – Telecomunicacoes de Santa Catarina SA
TELESWEET-AS Telesweet ISP Autonomous System
TELETECH – TeleTech Holdings, Inc
Television Internacional, S.A. de C.V.
TELEZUG WWZ Telekom AG
TELIANET-DENMARK TeliaNet Denmark
TELIANET-SWEDEN TeliaNet Sweden
TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
TELKOMSEL-ASN-ID PT. Telekomunikasi Selular
TELLCOM-AS Tellcom Iletisim Hizmetleri
Telmex Chile Internet S.A.
Telmex Colombia S.A.
TELSTRA Telstra Pty Ltd
TEOLTAB TEO LT AB Autonomous System
TERREMARK Terremark
TFN-TW Taiwan Fixed Network, Telco and Network Service Provider.
TFO-BOSTON – THOMSON FINANCIAL
THEPLANET-AS – ThePlanet.com Internet Services, Inc.
T-HT T-Com Croatia Internet network
TINET-BACKBONE Tinet SpA
TISCALI-UK Tiscali UK
TISNL-BACKBONE Telfort B.V.
TKPSA-AS TKP S.A. is 3S.pl network operator.
TKT-AS JSC TKT
TMIB-BD-AS-AP TM International Bangladesh Ltd. ISP, Gulshan-1,Dhaka-1212
TMN-AS TMN Autonomous System
TMNET-AS-AP TM Net, Internet Service Provider
TM-NETSYS-ASH – TicketMaster
TOMLINE Tomsk telecommunication company Ltd
TOTNET-TH-AS-AP TOT Public Company Limited
TPG-INTERNET-AP TPG Internet Pty Ltd
TPNET Telekomunikacja Polska S.A.
TRANSTEL S.A.
TRAVELERS – Travelers Property Casualty Corp.
TRENDMICRO Global IDC and Backbone of Trend Micro Inc.
TRENDMICRO Trend Micro Inc.
TRUENORTHCOMM – True North Communications
TSF-IP-CORE TeliaSonera Finland IP Network
TSU-SM – Texas State University – San Marcos
TTCLDATA
TTNET Turk Telekomunikasyon Anonim Sirketi
TTSL-MEISISP Tata Teleservices ISP AS
TULIP Tulip Telecom Ltd.
TURKCELL-AS TURKCELL ILETISIM HIZMETLERI A.S.
TVCABO-AS TVCABO Autonomous System
TWTC – tw telecom holdings, inc.
UAEXPRESS EXPRESS Radio Network
UARNET-AS Ukrainian Academic and Research Network
UA-SEECH Seech-Infocom NCC
UA-SMART-AS Broadcasting company _Smart_ Ltd
UCOM UCOM Corp.
UCSB-NET-AS – University of California, Santa Barbara
UCSC – University of California, Santa Cruz
UDMVT-AS OJSC VolgaTelecom branch in Udmurtia Republic AS Number
UECOMM-AU Uecomm Ltd
UKRBIT-NET-AS SPD Bilopol Roman Leonidovich
UKRTELNET JSC UKRTELECOM,
ULTRADNS – Centergate Research, LLC.
UMANITOBA – University of Manitoba
UMC-AS UMC Autonomous System
UMICH-AS-5 – University of Michigan
UMN Ural-TransTeleCom Autonomous System
UNI2-AS France Telecom Espana SA
Uninet S.A. de C.V.
UNINETT UNINETT, The Norwegian University & Research Network
UNISYS-6072 For routing issues, email hostmaster@unisys.com
UNISYS-AP-UI-AS-AP Unisys AsiaPac Intranet Access to Internet
UNISYS-AS-E – Unisys Corporation
Universidad Nacional de Colombia
University de Los Andes
UNL-AS – University of Nebraska-Lincoln
UNSPECIFIED
UPC UPC Broadband
UPITT-AS – University of Pittsburgh
URAN URAN Autonomous system
USAA – USAA
USI Uralsviazinform
UUNET – MCI Communications Services, Inc. d/b/a Verizon Business
UUNET-INT – MCI Communications Services, Inc. d/b/a Verizon Business
VEGA-OD-UA DCS Ltd.
VERISIGN-CORP – VeriSign Infrastructure & Operations
VERSATEL AS for the Trans-European Tele2 IP Transport backbone
VIA-NET-WORKS-AS PSINet Europe / VIA NET.WORKS international AS
VIAPASS-FR VIAPASS SAS
VIDEOTRON – Videotron Telecom Ltee
VIETEL-AS-AP Vietel Corporation
VINAKOM – VINAKOM COMMUNICATIONS
VINS – ViaWest
VIRGINIA-AS – University of Virginia
VITSSEN-SUWON-AS-KR Tbroad Suwon Broadcating Corporati
VMWARENET-1 – VMWare, Inc.
VNET-AS VNET ISP Bratislava, Slovakia, SK
VNPT-AS-VN Vietnam Posts and Telecommunications (VNPT)
VODAFONE_ICELAND Backbone Autonomous System
VODAFONE-IT-ASN Vodafone N.V.
VODANET International IP-Backbone of Vodafone
VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC
VOLKSWAGEN Volkswagen AG, Wolfsburg 1
VRIS-AS-BLOCK – Verizon Online LLC
VSI-AS VSI AS
VTX-NETWORK VTX Services SA
VZB-AU-AS Verizon Australia PTY Limited
VZGNI-TRANSIT – Verizon Online LLC
WATEEN-IMS-PK-AS-AP National WiMAX/IMS environment
WAYPORT – AT&T Wi-Fi Services
Webex Communications, Inc.
WEBSENSE Websense, Inc.
WELLSFARGO – Wells Fargo & Company
WESTHOST – WestHost, Inc.
WESTNET-AS-AP Westnet Internet Services
WESTPUB-A – West Publishing Corporation
WICAM-AS WiCAM ISP Cambodia Peering AS
WIDEXS ion-ip B.V.
WINDSTREAM – Windstream Communications Inc
WIRELESSNET-ID-AP WIRELESSNET AS
WITCOM- Wiesbadener Informations – und Telekommunikations GmbH
WN-AS Private enterprise Gorbunov A.A.
WORLDBANK-AS – WORLD BANK
WORLDCALL-AS-LHR Worldcall Broadband Limited
WORLDNET-AS World Net & Services Co., Ltd.
WOW-INTERNET – WideOpenWest Finance LLC
WXC-AS-NZ WorldxChange Communications LTD
WYOMING – wyoming.com
XO-AS15 – XO Communications
XS4ALL-NL XS4ALL
XTRA-AS Telecom XTRA, Auckland, NZ
YAHOO-BANGALORE-AS-AP Yahoo Bangalore Network Monitoring Center
YAHOO-US – Yahoo
ZIGGO Ziggo – tv, internet, telefoon
ZIPNETBD-DKB-AS-AP Zipnet Limited DKB AS number

Krebs got the list of affected companies from a breached “command and control” server, the name for a machine that hackers use to direct the fleets of compromised PCs that they have gained control over.

He also offered clarification about who were on the list. “First, many of the network owners listed are Internet service providers, and are likely included because some of their subscribers were hit. Second, it is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims. Finally, some of these organizations (there are several antivirus firms mentioned…) may be represented because they  intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks.”

Two lessons come out of these attacks. One lesson is when you build a better mousetrap, somebody out there is already working on building a better mouse. The other is that you can count on ThreatMetrix to protect your customers, so that even in the event of a breach, their personal information is always secure.

That’s because the ThreatMetrix™ Cloud-Based Fraud Prevention Platform device identification solutions recognize returning visitors without cookies and also recognizes them even when their device fingerprints change. Protecting against bad scripts and fraudulent account logons, payments and transactions, ThreatMetrix solutions are designed to interdict attacks of fraud in real time, while passively and transparently profiling users — without collecting extraneous personal identity information, such as Social Security numbers, and mother’s maiden names.

Anonymous took more than 600 MB of data from the International Association of Chiefs of Police and took down the IACP’s Website for good measure. Then Anonymous released data which included internal documents, membership rosters, home addresses, passwords, Social Security numbers, etc.

Now, if you agree with Occupy Wall Street, you may feel the hacker group Anonymous has its heart in the right place. But, wherever Anonymous’s heart is, the rest of its geography seems a bit skewed.

As everybody who’s ever lost money in the market knows, Wall Street’s in New York. But Anonymous revealed 1000 names and passwords from the Boston Police Patrolmen’s Association; 1000 names, ranks, social security numbers, addresses and phone numbers from Alabama law enforcement systems; and the full contact database from Arlington Virginia’s Matrix Group, a web development agency serving government Websites.

Attacking police in Boston and Alabama to support a protest in New York? Some observers might be tempted to draw a parallel between these Anonymous attacks and the invasion of Iraq as retribution for 911 which was carried out by Bin Laden from Afghanistan.

Anyway…

According to Meghan Kelly in VentureBeat.com, the Anonymous rationale for the attacks wasn’t supposed to be along geographic lines. “Anonymous said it wanted to attack the police directly because they act as a protector of ‘the one percent,’ or what OWS protesters describe as the fortunate few who hold the majority of the wealth that would otherwise benefit the remaining ‘99 percent.’”

Anonymous has attacked police in the past in an effort to “expose corruption and brutality.” In Anonymous’s own words, ““We have no problem targeting police and releasing their information even if it puts them at risk because we want them to experience just a taste of the brutality and misery they serve us on an everyday basis.”  Spoken like somebody who was caught in a speed trap. Or had his/her vehicle ticketed and towed when the meter was busted. Or got cited for jay walking at 3 in the morning on a deserted side street in a hurricane. Sort of sounds like that.

In an odd twist, Kelly points out that a call to the Baldwin County, Alabama Sheriff’s office via Skype came from a man with a British accent, who claimed he hacked the Sheriff’s website because he was bored.  Kelly’s conclusion – the man was calling from the U.K. and this was an example of how Anonymous is “disjointed.”

No matter how anybody feels about Anonymous’s goals, its tactics, which disclose personal identifying information, are either regrettable or reprehensible. No matter which, there’s one solution designed to thwart an Anonymous attack. And that solution comes from ThreatMetrix™. ThreatMetrix doesn’t rely on passwords, user names or any other personal identifying information to protect its clients. Instead the ThreatMetrix™ Cloud-Based Fraud Prevention Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to stop the bad guys and let the good guys go.

A long time ago, online retailers caught onto cybercriminals using stolen credit card accounts to buy expensive consumer products online, then turning around and reselling them in Eastern Europe, North Africa or Russia. The retailers’ answer was to stop shipping goods to these places.

But, reports security expert Brian Krebs in his blog, KrebsonSecurity, “these restrictions have created a burgeoning underground market for reshipping scams, which rely on willing or unwitting residents in the United States and Europe to receive and relay high-dollar stolen goods to crooks living in the embargoed areas.”

Krebs points out, “There are dozens of businesses in the criminal underground engaged in merchandise laundering, known as ‘Drops for stuff’ on cybercrime forums.”

The people “hired” to do the reshipping are variously known as reshippers, mules or drops. “The ‘drops,’” says Krebs, “are people who have responded to work-at-home package reshipping jobs advertised on craigslist.com and job search sites. Most reshipping scams promise employees a monthly salary and cash bonuses. But the crooks almost always sever communications with drops just before the first payday, usually about a month after the drop ships their first package.

“A typical drop will receive and reship between two and four packages per day. The packages arrive with prepaid shipping labels that are paid for with stolen credit card numbers, or with hijacked online accounts at FedEx and the U.S. Postal Service. Drops are responsible for inspecting and verifying the contents of shipments, attaching the correct shipping label to each package, and sending them off via the appropriate shipping company.”

Dropforrent.com is a kind of cyberspace fence operation that offers “clients” (cybercrooks) and “managers” (people who do recruitment scams) a percentage of what they steal. Krebs explains that Dropforrent pays managers and clients 30 percent of the value of laptops from ACER, HP, Toshiba, Dell, Compaq and Samsung, for example, and more than 40 percent of the retail price for Apple, Sony, VAIO, Canon and Nikon products. Incidentally, if you do a search for Dropforrent online, you’ll get a score of websites warning you to stay away, that the jobs the site offers are a  scam.

In addition to electronics, Krebs says, “Drops also can be used to reship virtually anything else that the client or manager would like to use or consume themselves, such as clothes, jewelry, and candy. For this service, clients and managers pay a flat rate of 50 percent of the value of the goods to have the items reshipped abroad.

Reproduced here without editing KrebsonSecurity.com at http://krebsonsecurity.com/wp-content/uploads/2011/10/applestore-directinstructions.html gives an example of a standard operating procedure of rules for mules:

Use your applestore-direct.com Account to:

- Check a shedule about package deliveries
- Send messages to your manager
- Edit Your Default address and shipping address
- Upload your resume and documents for an approvement
- To check total scores and money you earn

IMPORTANT INFORMATION ABOUT SCORE AND PAYMENT SYSTEM:
YOU WILL RECEIVE APPROXIMATE 40 PACKAGES FOR MONTH
YOUR SALARY BASED ON THE 2000$ MONTHLY PAYMENT, STARTING FROM THE SHIPPING FIRST PACKAGE
AND THERE IS A BONUS SCORE SYSTEM
FOR EVERY SHIPPED PACKAGE YOU GET A SCORE
10-SCORES IF YOU SHIPPED A PACKAGE ON THE SAME DAY BEFORE THE NEXT DAY NOON
5-SCORES IF YOU SHIPPED A PACKAGE ON THE NEXT DAY
0-SCORES IF YOU DELAYED PACKAGEs SHIPPING FOR 3 DAYS AND MORE

ON YOUR PAYDAY THE SCORES WILL BE CHANGED TO MONEY AND ADDED TO YOUR TOTAL INCOME IN RATE OF
10 SCORES-50$
5 SCORES-25$
3 PENALTIES- MINUS 100$

PENALTIES CAN BE USED BECAUSE OF ANY SHIPPING DELAYS, NOT CONTACTING YOUR REGIONAL MANGER IN TIME, NOT COMPLETED

ORDERS,
MISSED PACKAGES TO YOUR ADDRESS WITHOUT ANY REASONS

Krebs observes, “Well-run reshipping schemes can launder huge volumes of stolen goods in a relatively short time. The minimum order dropforrent.net accepts is $300. Records at dropforrent.net show that since the beginning of this year, drops hired through one front site have shipped more than 800 orders — at least a quarter million dollars worth of stolen goods.”

And, the best part about the scam from the cybercriminals’ point of view?  If anything happens, the drop or reshipper or mule is the person the long arm of the law will snag.

For online businesses to avoid being victims of reshipping, the answer is ThreatMetrix.  Device identification is the first and most effective layer in a multi-layered defense against cyber criminals. Offering transaction security from hidden proxies, scripted attacks and cookie and browser manipulation, the ThreatMetrix™ Cloud-Based Fraud Prevention Platform lets companies authenticate payments, new accounts and returning customers in real time. And it doesn’t matter what device is being used from smartphones to PCs to tablets. Combined with aggregated fraud intelligence in the cloud, ThreatMetrix device identification offers companies maximum protection without the need to collect social security numbers, email addresses or bank account information.

Okay, so maybe Sony can’t say it didn’t happen…again.  It did. But, there is one bright spot from the latest hacking. The company learned something from previous break-ins.

As reported in Wired.com, hackers broke into more than 93,000 Sony customer accounts. Sony believed those customers used the same Sony login credentials to log on to other sites and that the other sites were hacked, providing access to the customers’ PII (personally identifiable information).

Phil Reitinger, Sony’s new chief information security officer, announced the break-in. Hired last month as part of Sony’s efforts to improve security after two previous break-ins, Reitinger had been Deputy Under Secretary of the National Protection and Programs Directorate and Director of the National Cyber Security Center at the Department of Homeland Security. Prior to that, he was Microsoft’s chief trustworthy infrastructure strategist.

What Sony learned from previous breaches was to get the bad news out as fast as possible. Last time it took Sony a week to tell customers hackers had stolen 75-million of its customers’ personal information. And, there was no hurry to admit breaches had taken place at Sony Pictures, Sony BMG and Sony Online Entertainment. The last resulting in an additional 25 million customers’ information compromised.

This time it took Sony just two working days to fess up. The quick response may have been a reaction to a class-action lawsuit accusing Sony of failing to adequately secure data, depriving customers of the use of the network for an extended period of time (an almost Biblical 40 days) and failing to notify customers of the breach in a timely manner.

Reitinger explained hackers had tested a “massive set of sign-in IDs and passwords” at websites for several of its properties — Sony Entertainment Network (SEN), PlayStation Network (PSN) and Sony Online Entertainment (SOE). Most of the login credentials failed to gain the intruders access, but about 60,000 credentials matched those used by SEN and PSN users, and another 33,000 matched credentials for SOE accounts.

Observed Reitinger, “[G]iven that the data tested against our network consisted of sign-in ID-password pairs, and that the overwhelming majority of the pairs resulted in failed matching attempts, it is likely the data came from another source and not from our Networks.”

He noted that a “small fraction” of the accounts showed activity after they were breached, but that the intruders couldn’t access credit card account information. Sony had since locked all of the accounts accessed through the attack until customers could be notified to change their passwords.

Reitinger promised to “work with any users whom we confirm have had unauthorized purchases made to restore amounts in the PSN/SEN or SOE wallet.”

Including expenses for shoring up its network against future attacks, Sony estimated the breaches last spring would cost it more than $170 million.

If users don’t have to create a profile with personal information, such as birth dates, maiden names and Social Security numbers, to log on to a website, hackers can never have access to that information. Because the ThreatMetrix Cloud-Based Fraud Prevention Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction, ThreatMetrix avoids the pitfalls of PII as an authentication method.

Customer confidentiality is respected at the same time online fraud is being detected.

Of course Americans would be cheering. Cybersecurity is one of the few things the President and Congress can agree on. Even the most ardent and partisan Republican Tea Partier would have to concede that when it comes to matters of the Internet and cybersecurity, the president has been all ears from the time he took office. As the President pointed this out in the proclamation, “Early in my administration we began updating our nation’s cybersecurity programs and policies. We developed a comprehensive plan that ensures a coordinated national response to major disruptive cyber events.”

Noting that the Internet is a “strategic national asset,” the President maintained that protecting it was a “shared responsibility” and called for partnering with other nations and the public and private sectors to “ensure coordinated and planned responses to cyber incidents,” the same way resources are brought to bear to fight a natural disaster.

In the proclamation, the President called for expanded broadband access and smarter electric grids. He also referenced the “National Strategy for Trusted Identities in Cyberspace” with its “Stop. Think. Connect” campaign telling consumers to…well…stop and think before connecting.  Will this slogan take its place with “Stop, look and listen” and “Only you can prevent forest fires?” in the pantheon of memorable bon mots?  Or will it become like the Reagan administration’s “Just say no to drugs” or the Ford administration’s “WIN” (Whip Inflation Now), a monologue starter for Leno, Letterman et al.  Only time will tell.

Likening the creation of the Internet to putting a man on the moon as a great American achievement, President Obama declared:

“Now, therefore, I, Barack Obama, president of the United States of America, by virtue of the authority vested in me by the Constitution and the laws of the United States, do hereby proclaim October 2011 as National Cybersecurity Awareness Month. I call upon the people of the United States to recognize the importance of cybersecurity and to observe this month with activities, events, and trainings that will enhance our national security and resilience.”

If your company needs more than “Stop. Think. Connect” to keep your customers from becoming victims of cybercrime, ThreatMetrix has the solution. The ThreatMetrix Cloud-Based Fraud Prevention Platform, which incorporates the ThreatMetrix™ SmartID cookieless device identification, provides online businesses with the ability to protect themselves and their customers by verifying new accounts, authorizing payments and transactions and authenticating user logins in real-time — without relying on personally identifiable information (PII). So, even in a worst case scenario where a breach has occurred, the cyber criminals never have access to personal information such as birth dates, maiden names and Social Security numbers.

Unidentified cyber criminals filched customer records belonging to 7,520 Toshiba customers when a Web server run by its U.S. sales subsidiary, Toshiba America Information Systems, Inc. was hacked. While the company reported that credit card details were not compromised, email addresses, telephone numbers and passwords of hundreds of customers had been.

Said a Toshiba spokesperson, “We will continue the investigation and intend to thoroughly protect customers’ information and manage [related computer] systems to prevent a recurrence.” Customers potentially affected by the hack were reported to have been notified of the breach by Toshiba.

If Toshiba had been using ThreatMetrix solutions, would the outcome have been different? Decidedly different. That’s because ThreatMetrix fraud prevention solutions do not require the use of personally identifiable information (PII). The ThreatMetrix Cloud-Based Fraud Prevention Platform, incorporating ThreatMetrix SmartID™ cookieless device identification, provides online businesses with the ability to protect themselves and their customers by verifying new accounts, authorizing payments and transactions and authenticating user logins in real-time — without relying on personally identifiable information (PII). So, even in a worst case scenario where a breach has occurred, the cyber criminals never have access to personal information such as birth dates, maiden names and Social Security numbers.