Archive for the ‘Botnets’ Category

“It” refers to data. Data Privacy Day, scheduled for January 28, is about keeping data to yourself and out of the hands of cybercriminals.  This annual international celebration is designed to promote awareness about privacy and education about privacy best practices. Official sponsors for Data Privacy Day are EBay and Intel, who are joined by a host of partners including Microsoft, Intuit, Comcast, MasterCard, AT&T, Facebook, Google, the International Association of Privacy Professionals, the State of West Virginia and….

Did we leave anybody out? Probably. But it’s a long list because Data Privacy Day is an excellent cause. Without it, literally the financial, social and political structure of society is at risk. HOLD ON. Just remembered somebody we left out —ThreatMetrix™.  ThreatMetrix strongly supports Data Privacy Day.

“We have entered a world of unprecedented identity theft and surveillance for monetary gain,” said Alisdair Faulkner, chief products officer, ThreatMetrix. “Every site we visit, everything we search for, to everything we now do, buy and share online is tracked by a growing number of powerful players. Unfortunately the evidence suggests that no data is unreachable or un-exploitable by adversaries or advertisers. Whether it be due to data breaches, phishing attacks or over-sharing, the implication is that identity can no longer be relied-on to authenticate a customer online. The distribution of our identities across the net not only threatens our privacy but also makes us all preposterously easy to impersonate.”

We  should all be concerned about data security being at risk in today’s cybercrime infested environment. And the list of companies and institutions that have had data compromised continues to grow at an alarming rate. From the criminals’ perspective, it just makes good sense. Why try knocking over a bank with a gun and a good chance of getting caught or killed when you can sit back on a beach six time zones away and with your trusty laptop steal more money in one day than bank robbers Willie Sutton, John Dillinger and Baby Face Nelson and Bonnie and Clyde did in their whole lives?
Just a cursory glance at the number and types of recent breaches that compromised personal data from finance to health records and employment histories underscores the importance of calling attention to this Pandora’s Box.

• Facebook (Social Networks): A computer worm stole 45,000 login credentials from Facebook accounts in the UK and France.

• Yale University (Academic Institutions): 43,000 Yale University faculty, staff, students and alumni names and Social Security numbers were made public via Google because a File Transfer Protocol (FTP) where data was stored became searchable.

• Cyworld (Online Gaming): 35-million records including phone numbers, email addresses, names and encrypted information about the sites’ members were taken from South Korea’s largest social networking site, Cyworld.

• PBS (Communities): Thousands of user names and passwords were compromised when a PBS Website was hacked.

• Patco Construction (Online Banking): $300,000 was stolen from Patco Construction Company’s online bank account when hackers gained access to the company’s account credentials by sending employees email with Zeus, a password stealing trojan, that infected the company’s computers.

• Citbank (Financial Services): 360,000 Citibank customers (originally Citibank said it was 210,000 customers) had their account numbers and contact information stolen by hackers.

• Pittsford, N.Y. (Government): $139,000 was stolen from the hamlet of Pittsford, a town of 25,000 near Rochester, N.Y. when cyberthieves logged onto the town’s online commercial bank account. Initiating a small batch of automated clearing house (ACH) transfers, the thieves covering their tracks by sending the transfers to “money mules” around the country.

• Comerica Bank (Banking): $560,000 of Experi-Metal Inc. (EMI) hard-earned cash slipped away when Comerica Bank let fraudsters waltz away with it.

• Sony PlayStation (Online Gaming): 70-million Sony customers were put at risk when hackers broke into Sony’s PlayStation Network (PSN) and stole credit card details. The security breech caused Sony to take down the network for “maintenance.” Subsequently, 93,000 Sony customer accounts were hacked in a separate incident. Sony believed those customers used the same Sony login credentials to logon to other sites and that the other sites were hacked, providing access to the customers’ PII (personally identifiable information).

• Sega (Online Gaming): 1.3 million users had personal information put at risk by a Sega online network breach causing the company to temporarily shut down its online network.

• Washington Post (Media): Either 1.27 million, 1.3 million or 1.6 million user IDs and email addresses were ripped off from the Washington Post’s job section.

• Pentagon (Government): 24,000 military files were stolen from a defense contractor doing business with the Pentagon in a cyberattack. On a side note, the Pentagon is now consider cyberattacks as an act of war.

• Zappos (E-Commerce): 24 million customers’ personal information was put at risk when Zappos, the online shoe outlet owned by Amazon, was hacked.

• Toshiba (Computer Manufacturing): 7,520 Toshiba customers’ email addresses, telephone numbers and passwords were stolen by cybercriminals.

• NATO (Government/Military): A Gigabyte of NATO data was stolen by Anonymous which had accessed NATO servers.

• FTC (Government): More than 18,000 cases of child identity theft were reported to the Federal Trade Commission. Children’s identities provide the kind of clean backgrounds that make it possible for thieves to create entire fictional credit histories. Often the theft is not found until the person turns 18 and starts college or looks for a job.

• Credit Card Fraud: Restaurant workers, bank tellers and other service employees skimmed, swiped and scammed millions of dollars worth of personal credit information from thousands of American and European consumers. The cost to victims, financial institutions and retail business?  More than $13 million over a 16-month period.

• RSA (Security): After a junior employee at security firm RSA fell prey to a run-of-the-mill phishing attack, hackers were able to make their way into the company’s network and hack into its SecurID servers. The attack compromised RSA tokens requiring users to enter a unique number generated by the token each time they connected to their networks. Facebook, Amazon, Abbot Laboratories, Charles Schwab, Microsoft — In all 20% of the Fortune 100 had been compromised.

• Online Advertising: An East European cybergang hijacked at least four million computers in over 100 countries. Included in the half-million hijacked computers in the United States were some at NASA.  Using these computers, the gang stole $14 million in four years with a PPC and ad scheme based on redirecting traffic and replacing genuine ads with their own.

• Steam (Online Video Game Distribution): In a major hack, 35 million user accounts at Steam, one of the world’s largest distribution networks for online video games, may have been compromised exposing credit card details and billing addresses.

• Stratfor Global Intelligence Service (Security): Stratfor Global Intelligence Service, a company which helps clients with security and is famous for its secrecy and its top-secret client list was hacked resulting in names, emails, credit card details, passwords and home addresses for some 4,000 people being compromised. Additionally, this information was used to have clients involuntarily donate to charity to the tune of a million bucks.  The hackers also said they had details for more than 90,000 credit card accounts.

• San Francisco City College (Education): For more than a decade San Francisco City College servers have been stealing personal banking information and other data from thousands, or even tens of thousands, of students, faculty and administrators in what the San Francisco Chronicle refers to as “an infestation” of computer viruses with origins in criminal networks in Russia, China et al.

• South Africa’s Postbank (Government): $6.7 million was stolen from South Africa’s Postbank when cyberthieves accessed a computer from a remote location and hacked into Postbank’s server system using stolen login details for a Postbank teller and a call-center agent.

• Epsilon (Email Marketing Services): Epsilon, a large email marketing services company, reported a data breach that could affect the email addresses of thousands of customers of major banks, retail and hotel chains. This impacted financial services institutions such as Capital One, US Bank, JPMorgan Chase, Citi and Barclays Bank of Delaware. However, the only Barclays Bank of Delaware customers affected were the ones who have an LL Bean VISA card. In addition to the banks, other impacted companies included hotel brands Ritz-Carlton Rewards and Marriott Rewards, and retail heavyweights Home Shopping Network, Walgreens, Brookstone, New York & Company and Kroger. TiVo is also included in this list.

• WordPress.com (Blogs): WordPress.com, which hosts more than 19 million blogs, had its servers compromised and sensitive data taken.

• The State of Texas (Government): 3.5 million Texans had their names and Social Security numbers (and in some cases their dates of birth and driver’s license numbers publicly posted in a data breach at the Texas state comptroller’s office.

• International Monetary Fund (Banking/Government): Damage still not assessed or admitted to by the International Monetary Fund which fell victim to a large and sophisticated cyberattack that led the IMF to cut the link that allowed it and the World Bank to share confidential information.

Keep it to yourself. Protect your data with ThreatMetrix solutions. Without relying on passwords, user names and cookies to protect its clients, the ThreatMetrix™ Cybercrime Defender Platform uses anonymous data from the computer, its connection to the Internet and contextual data from a transaction to sniff out cybercriminals. The ThreatMetrix Cybercrime Defender Platform is the first industry solution that integrates sophisticated malware detection and advanced device identification technologies in a single, unified platform. This unified approach to cybersecurity is a game changer. By integrating malware detection and device identification with shared, centralized intelligence, ThreatMetrix delivers the unique ability to protect the integrity of entire online transactions.

The world is a big place with close to seven billion people. And, according to professional researcher Moya K. Mason, something like 50-million new firms are started each year. So when you think about ThreatMetrix making Red Herring’s top 100 leading private companies in all of North America, Europe, and Asia, it’s quite an honor – especially when put in the context of other companies that have made the Top 100 in past years: Google, Skype, Baidu, Salesforce.com, YouTube and eBay. (The full list of winners in 2011 can be found here: http://www.herring100.com/RHG/2011/top100.html)

Red Herring’s editorial staff evaluated the companies on both quantitative and qualitative criteria, such as financial performance, technology innovation, management quality, strategy, and market penetration. This assessment of potential was complemented by a review of the track record and standing of start-ups relative to their sector peers.

Alex Vieux, Chairman of Red Herring, observed, “Choosing the best [companies from] the previous two years was by no means a small feat. After rigorous contemplation and discussion, we narrowed down our list from 1,100 potential companies to 100 winners.  It was an extremely difficult process [and the] competition for the Top 100 was fierce.  [The] Top 100 Global are truly the best of the best.”

“We’re extremely proud to be recognized by Red Herring as among the best technology companies globally,” said Reed Taussig, president and CEO, ThreatMetrix. “Winning the Red Herring Global award further validates ThreatMetrix’s value proposition in the marketplace as a leading provider of online fraud prevention and cybersecurity solutions.”

Many companies have already come to the conclusion that ThreatMetrix is the “right decision” when it comes to protecting their online assets. Offering transaction security from hidden proxies, scripted attacks and cookie and browser manipulation, the ThreatMetrix™ Cloud-Based Fraud Prevention Platform lets companies authenticate payments, new accounts and returning customers in real time. And it doesn’t matter what device is being used from smartphones to PCs to tablets. Combined with aggregated fraud intelligence in the cloud, ThreatMetrix device identification offers companies maximum protection without the need to collect Social Security numbers, email addresses or bank account information.

Does Richard Clarke’s assessment that U.S. Defense Networks are “as porous as a colander” hold water?  For you kitchen-challenged individuals, please be advised a colander is the thing you put spaghetti into, then pour water into over the spaghetti to drain off excess starch. Also works for rigatoni, vermicelli, fusilli, ziti, et al.

Anyway…Clarke comes with some pretty heavy credentials. He worked for every president from Reagan to Bush Two (George W.). George H.W. Bush appointed him to chair the Counter-Terrorism Security Group and to a seat on the National Security Council. Clinton kept Clarke on promoting him to chief counter-terrorism adviser on the National Security Council. And under G.W., he was appointed Special Advisor to the President on Cybersecurity.

As reported in the Boston Globe and New York Daily News, Richard Clarke joined a number of U.S. civilian and military experts cautioning that America’s critical networks are poorly protected against cyberattacks and warning against attacking other countries. Specifically mentioned were China, North Korea, Iran and Russia, which could destroy power grids, banking networks and transportation systems.

According to MSNBC.com, Clarke maintained that a good national security adviser would tell the president that the U.S. might be able to blow up a nuclear plant somewhere, or a terrorist training center somewhere, but a number of countries could strike back with a cyber attack and “the entire U.S. economic system could be crashed in retaliation … because we can’t defend it today.”

“I really don’t know to what extent the weapons systems that have been developed over the last 10 years have been penetrated, to what extent the chips are compromised, to what extent the code is compromised,” said Clarke.  “I can’t assure you that as you go to war with a cybersecurity-conscious, cybersecurity-capable enemy that any of our stuff is going to work.”

National security officials disclosed that in 2009 Russian and Chinese agents had penetrated the U.S. electric grid and left behind software to help map the systems.

Clarke, who claimed his warnings to the Bush administration about Al Qaeda prior to 911 fell on deaf ears, issued these new warnings as tensions escalate between the U.S., Israel and their shared adversary Iran.

So what can someone, who’s charged with safeguarding his/her company’s website and online business, take away from these dire predictions? It’s time to “haul out” the heavy protection. In other words, it’s time for ThreatMetrix.

The ThreatMetrix™ Cloud-Based Fraud Prevention Platform does not rely on passwords, user names and other data to identify returning visitors, so spies are immediately denied one benefit of an attack – gathering personal information about the users themselves. By drawing upon hundreds of anonymous characteristics from every transaction and analyzing them in real-time, ThreatMetrix solutions provide security from hidden proxies, scripted attacks and browser manipulation.

Ericka Chickowski, a contributing editor at Darkreading.com, did a piece titled “Tales of De-Crypt 2011.” Considering it was scheduled to run sometime around Halloween, the title was “scary clever” while the subject matter was just plain scary. Chickowski observes that 2011 has been “a banner year for authentication and Identity and Access Management (IAM) failures, with embarrassments of epic proportions hitting the headlines nearly every month…. [There have been] targeted authentication tokens, sophisticated password-stealing Trojans, rogue certificates, stolen passwords and misappropriated accounts.”

Compiled by Ms. Chickowski is a list of the top ten worst “hacks, vulnerabilities and screw-ups to hit the headlines in 2011.” The upside is that the top-ten list only has seven entries.  It also has some lessons to be learned.

1. The RSA Tokens That Took a Lot of People for a Ride. “After a junior employee at security heavyweight RSA fell prey to a run-of-the-mill phishing attack, hackers were able to make their way into the company’s network and hack into its SecurID servers. RSA confirmed that some ‘information related to the RSA SecurID product had been extracted.’” Extracted is another way of saying ripped off.

So what was learned? Don’t put all your eggs in one basket and leave the basket where anybody can trip over it. Or as Darkreading.com put it, “Security experts were aghast that the token seeds were resident in a place on the network where a hacker could even find them. The incident illustrates that network segmentation is a key best practice to mitigate the risk of a company’s most critical assets.”

2. The Death of DigiNotar.  A hacker with the moniker, ComodoHacker created fraudulent Comodo SSL certificates in March, then, later, hacked CA DigiNotar to issue 500 more certificates. The actions of ComodoHacker, who claimed to have hacked other certificate authorities, ultimately led to the demise of the company.

So what was learned? A stitch in time saves nine?  A penny saved is a penny earned? A wet bird never flies at night?  No, what was learned was, “DigiNotar knew about the fake certs long before the news went public and did nothing to get the word out. The situation is a good reminder at how important communication is in high-impact breach situations. It also illustrates that the fundamental basis of trust for Internet authentication still needs work.”

3. HBGary Federal’s “federal case” Over Anonymous Backfires.  After the company’s CEO said he was about to release information about Anonymous, the group infiltrated HGGary’s network through SQL injection, stole stored passwords and got control of the company’s email, internal accounts and its executives’ social media accounts.

So what was learned? As they used to say in the U.S. Infantry (and probably still do) in not such genteel terms, “Don’t let your alligator mouth overload your hummingbird ass.” Darkreading.com put it this way, “Hubris is not becoming of security executives who run companies that store passwords on insecure servers. Even the humble should learn to keep passwords better protected from multi-stage attacks that start with SQL injection. Anonymous was able to use Rainbow tables to crack the passwords’ encryption because the firm used weak MD5 hashes to protect them.”

4. Beware the LulzSec. After breaking into networks, LulzSec members distributed unencrypted passwords and other sensitive information, such as emails that impacted everyone from Sony to the U.S. Senate and compromised millions of accounts.

So what was learned? The bigger they come, the harder they fall. That could be one of the things learned.  But, Darkreading.com pulled out some other lessons like, “a lack of input validation or database monitoring [allow LulzSec] to commit SQL injection attacks at will. And …organizations [have a tendency] to store login information unencrypted and unprotected within network systems.”

5. Don’t Count on Citi Account Numbers. Darkreading.com says, “Hackers were able to game Citgroup’s online account site by manipulating the account number that appeared in the Web address browser bar to randomly guess other account numbers and gain access to random customers’ accounts. The trick gave them access to customer names, account numbers, and transaction information.”

So what was learned? Money is the root of all evil?  Or rather lack of money is the root of all evil?  No.  Actually it’s that, “web applications providing access into sensitive information, financial or otherwise, must be tested not only for vulnerabilities but also for business logic flaws such as the one that allowed hackers to circumvent Citi’s online banking authentication engine.”

6. Bank of America Rogue Employee Was a Rogue. A Bank of America employee leaked information to an identity-theft ring.  Fake accounts were created under victims’ names and $10-million was stolen before the thieves were nailed.

So what was learned? One rotten apple can spoil the whole barrel. He/she can also steal $10-million. The other thing that was learned is frequent reviews of access controls might have prevented this type of theft.

7.Duqu Worms Its Way Into the World. “A refinement on the code foundation laid down originally by Stuxnet… this password- and data-stealing Trojan features a rogue certificate [now revoked. However,] it’s able to fly under the detection radar by injecting itself into running processes.”

So what was learned? “[This was] another instance of hackers manipulating the certificate authority ecosystem…”

Perhaps the most important lesson to be taken from the seven disasters described above is many could have been averted by using ThreatMetrix solutions. The first perimeter and the most effective element in a multi-layered defense against cyber criminals is device identification. Offering transaction security from hidden proxies, scripted attacks and cookie and browser manipulation, the ThreatMetrix™ Cloud-Based Fraud Prevention Platform lets companies authenticate payments, new accounts and returning customers in real time. And it doesn’t matter what device is being used from smartphones to PCs to tablets. Combined with aggregated fraud intelligence in the cloud, ThreatMetrix device identification offers companies maximum protection without the need to collect Social Security numbers, email addresses or bank account information.

Last spring it was revealed hackers had attacked RSA. The attack showed that RSA tokens requiring users to enter a unique number generated by the token each time they connected to their networks, had been compromised. Well, not so much compromised as they left a security hole you could drive a tank through and still have room for a fleet of BMWs, two ox carts and a Yugo.

Now, it’s been learned that a raft of companies that had relied on RSA tokens for protection had also been compromised. These included Google, Facebook, Amazon, Abbot Laboratories, Charles Schwab, Microsoft (see below for a full listing) — In all 20% or one fifth (whichever is smaller) of the Fortune 100 had been hacked.

The names of the companies whose security was breached were discovered after researchers traced back the corporate networks that were communicating with the server that attacked RSA. Security expert Brian Krebs said the first victims started “phoning home” as early as November 2010.

Often the victims of attacks don’t even know they’ve been attacked until years later. Dave Jevans, chairman of Ironkey, maker of a security-focused Web browser notes, “I’m sure 90% of these companies are just finding out they’ve been hacked.”

Krebs said 300 command and control networks were used in the attacks. Two-hundred-ninety-nine were located in or around Beijing, China. Following is a full list of the companies Krebs reported were hit:

302-DIRECT-MEDIA-ASN
8e6 Technologies, Inc.
AAPT AAPT Limited
ABBOTT Abbot Labs
ABOVENET-CUSTOMER – Abovenet Communications, Inc
ACCNETWORKS – Advanced Computer Connections
ACEDATACENTERS-AS-1 – Ace Data Centers, Inc.
ACSEAST – ACS Inc.
ACS-INTERNET – Affiliated Computer Services
ACS-INTERNET – Armstrong Cable Services
ADELPHIA-AS – Road Runner HoldCo LLC
Administracion Nacional de Telecomunicaciones
AERO-NET – The Aerospace Corporation
AHP – WYETH-AYERST/AMERICAN HOME PRODUCTS
AIRLOGIC – Digital Magicians, Inc.
AIRTELBROADBAND-AS-AP Bharti Airtel Ltd., Telemedia Services
AIS-WEST – American Internet Services, LLC.
AKADO-STOLITSA-AS _AKADO-Stolitsa_ JSC
ALCANET Corporate ALCANET Access
ALCANET-DE-AS Alcanet International Deutschland GmbH
ALCATEL-NA – Alcanet International NA
ALCHEMYNET – Alchemy Communications, Inc.
Alestra, S. de R.L. de C.V.
ALLIANCE-GATEWAY-AS-AP Alliance Broadband Services Pvt. Ltd.,Alliance Gateway AS,Broadband Services Provider,Kolkata,India
ALMAZAYA Almazaya gateway L.L.C
AMAZON-AES – Amazon.com, Inc.
AMERITECH-AS – AT&T Services, Inc.
AMNET-AU-AP Amnet IT Services Pty Ltd
ANITEX-AS Anitex Autonomus System
AOL-ATDN – AOL Transit Data Network
API-DIGITAL – API Digital Communications Group, LLC
APOLLO-AS LATTELEKOM-APOLLO
APOLLO-GROUP-INC – University of Phoenix
APT-AP AS
ARLINGTONVA – Arlington County Government
ARMENTEL Armenia Telephone Company
AS INFONET
AS3215 France Telecom – Orange
AS3602-RTI – Rogers Cable Communications Inc.
AS4196 – Wells Fargo & Company
AS702 Verizon Business EMEA – Commercial IP service provider in Europe
ASATTCA AT&T Global Network Services – AP
ASC-NET – Alabama Supercomputer Network
ASDANIS DANIS SRL
ASGARR GARR Italian academic and research network
ASIAINFO-AS-AP ASIA INFONET Co.,Ltd./ TRUE INTERNET Co.,Ltd.
ASIANDEVBANK – Asian Development Bank
ASN852 – Telus Advanced Communications
AS-NLAYER – nLayer Communications, Inc.
ASTOUND-CABLE – Wave Broadband, LLC
AT&T Global Network Services – EMEA
AT&T US
ATMAN ATMAN Autonomous System
ATOMNET ATOM SA
ATOS-AS ATOS Origin Infogerance Autonomous System
ATT-INTERNET4 – AT&T Services, Inc.
AUGERE-AS-AP Augere Wireless Broadband Bangladesh Limited
AVAYA AVAYA
AVENUE-AS Physical person-businessman Kuprienko Victor Victorovich
AXAUTSYS ARAX I.S.P.
BACOM – Bell Canada
BAHNHOF Bahnhof AB
BALTKOM-AS SIA _Baltkom TV SIA_
BANGLALINK-AS an Orascom Telecom Company, providing GSM service in Bangladesh
BANGLALION-WIMAX-BD Silver Tower (16 & 18th Floor)
BANKINFORM-AS Ukraine
BASEFARM-ASN Basefarm AS. Oslo – Norway
BBIL-AP BHARTI Airtel Ltd.
BBN Bredbaand Nord I/S
BC-CLOUD-SERVICES
BEAMTELE-AS-AP Beam Telecom Pvt Ltd
BEE-AS JSC _VimpelCom_
BELINFONET Belinfonet Autonomus System, Minsk, Belarus
BELLSOUTH-NET-BLK – BellSouth.net Inc.
BELPAK-AS BELPAK
BELWUE Landeshochschulnetz Baden-Wuerttemberg (BelWue)
BENCHMARK-ELECTRONICS – Benchmark Electronics Inc.
BEND-BROADBAND – Bend Cable Communications, LLC
BEZEQ-INTERNATIONAL-AS Bezeqint Internet Backbone
BIGNET-AS-ID Elka Prakarsa Utama, PT
BLUEWIN-AS Swisscom (Schweiz) AG
BM-AS-ID PT. Broadband Multimedia, Tbk
BN-AS Business network j.v.
BNSF-AS – Burlington Northern Sante Fe Railway Corp
BNT-NETWORK-ACCESS – Biz Net Technologies
BORNET Boras Energi Nat AB
BREEZE-NETWORK TOV TRK _Briz_
BSC-CORP – Boston Scientific Corporation
BSKYB-BROADBAND-AS BSkyB Broadband
BSNL-NIB National Internet Backbone
BT BT European Backbone
BT-ITALIA BT Italia S.p.A.
BTN-ASN – Beyond The Network America, Inc.
BTTB-AS-AP Telecom Operator & Internet Service Provider as well
BT-UK-AS BTnet UK Regional network
CABLECOM Cablecom GmbH
CABLE-NET-1 – Cablevision Systems Corp.
CABLEONE – CABLE ONE, INC.
CABLEVISION S.A.
CACHEFLOW-AS – Bluecoat Systems, Inc.
CANET-ASN-4 – Bell Aliant Regional Communications, Inc.
CANTV Servicios, Venezuela
CAPEQUILOG – CapEquiLog
CARAVAN CJSC Caravan-Telecom
CARRIER-NET – Carrier Net
CATCHCOM Ventelo
CCCH-3 – Comcast Cable Communications Holdings, Inc
CDAGOVN – Government Telecommunications and Informatics Services
CDS-AS Cifrovye Dispetcherskie Sistemy
CDT-AS CD-Telematika a.s.
CE-BGPAC – Covenant Eyes, Inc.
CELLCO-PART – Cellco Partnership DBA Verizon Wireless
CENSUSBUREAU – U. S. Bureau of the Census
CERNET-ASN-BLOCK – California Education and Research Federation Network
CERT – Computer Emergency Response Team (CERT) – Coordination Center
CGINET-01 – CGI Inc
CHARLES-SCHWAB – Charles Schwab & Co., Inc.
CHARTER-NET-HKY-NC – Charter Communications
CHINA169-BACKBONE CNCGROUP China169 Backbone
CHINA169-BJ CNCGROUP IP network China169 Beijing Province Network
CHINA169-GZ China Unicom IP network China169 Guangdong province
CHINANET-BACKBONE No.31,Jin-rong Street
CHINANET-IDC-BJ-AP IDC, China Telecommunications Corporation
CHINANET-SH-AP China Telecom (Group)
CIPHERKEY – Cipherkey Exchange Corp.
CISCO-EU-109 Cisco Systems Global ASN – ARIN Assigned
CITEC-AU-AP QLD Government Business (IT)
CITelecom-AS
CITYNET – CityNet
CLARANET-AS ClaraNET
CLIX-NZ TelstraClear Ltd
CMCS – Comcast Cable Communications, Inc.
CMNET-BEIJING-AP China Mobile Communicaitons Corporation
CMNET-GD Guangdong Mobile Communication Co.Ltd.
CMNET-V4SHANDONG-AS-AP Shandong Mobile Communication Company Limited
CNCGROUP-GZ CNCGROUP IP network of GuangZhou region MAN network
CNCGROUP-SH China Unicom Shanghai network
CNIX-AP China Networks Inter-Exchange
CNNIC-DSNET-AP Shanghai Data Solution Co., Ltd.
CNNIC-WASU-AP WASU TV & Communication Holding Co.,Ltd.
CO-2COM-AS 2COM Co ltd.
COGECOWAVE – Cogeco Cable
COGENT Cogent/PSI
COLO4 – Colo4Dallas LP
COLOMBIA TELECOMUNICACIONES S.A. ESP
COLT COLT Technology Services Group Limited
COLUMBUS-NETWORKS – Columbus Networks USA, Inc.
COMCAST-33490 – Comcast Cable Communications, Inc.
COMCAST-33491 – Comcast Cable Communications, Inc.
COMCAST-36732 – Comcast Cable Communications, Inc.
COMCAST-7015 – Comcast Cable Communications Holdings, Inc
COMCAST-7725 – Comcast Cable Communications Holdings, Inc
COMCAST-HOUSTON – Comcast – Houston
COMHEM-SWEDEN Com Hem Sweden
COMNET-TH KSC Commercial Internet Co. Ltd.
Completel Autonomous System in France
COMSAT COLOMBIA
COMSTAR COMSTAR-Direct global network
CORBINA-AS Corbina Telecom
COVAD – Covad Communications Co.
CPMBLUE-AS-BD CPM BLUE ONLINE LTD.Transit AS Internet Service Provider, Dhaka
CRRSTV – CRRS-TV
CSC Computer Management and CSC Denmark
CSC-IGN-AUNZ-AP Computer Sciences Corporation
CSC-IGN-EMEA – Computer Sciences Corporation
CSC-IGN-FTW – Computer Sciences Corporation
CSLOXINFO-AS-AP CS LOXINFO PUBLIC COMPANY LIMITED
CSP-AS CSP
CSUNET-NW – California State University Network
CSXT-AS-1 – CSX Technology
CTIHK-AS-AP City Telecom (H.K.) Ltd.
CTS-MD I.S. Centrul de Telecomunicatii Speciale
CXA-ALL-CCI-22773-RDC – Cox Communications Inc.
CYBERVERSE – Cyberverse, Inc.
CYPRESS-SEMICONDUCTOR – Cypress Semiconductor
CYTA-NETWORK Cyprus Telecommunications Authority
DARLICS-AS Darlics ltd. provides IP transport and Internet
DATAGRUPA SIA _Datagrupa.lv_ Marijas 7 – 412a Riga, LV-1050, LATVIA
DCI-AS DCI Autonomous System
DECHO – Decho Corporation
DFINET DFi Service SA
DHL-AS DHL Systems Inc.
DHSINETNOC – DEPARTMENT OF HOMELAND SECURITY
DIGCOMM Digital communications, LTD
DIGITAL-TELEPORT – Digital Teleport Inc.
DIL-AP DIRECT INTERNET LTD.
DIN-AS TOMSKTELECOM AS
DINAS-AS PE Kuznetsova Viktoria Viktorovna
DINET-AS Digital Network JSC
Diveo do Brasil Telecomunicacoes Ltda
DK-ESS-AS Syd Energi Bredbaand A/S
DMSLABNET – DoD Network Information Center
DNC-AS IM Data Network Communication SRL
DNEO-OSP7 – Comcast Cable Communications, Inc.
DNIC-ASBLK-00721-00726 – DoD Network Information Center
DNIC-ASBLK-27032-27159 – DoD Network Information Center
DOGAN-ONLINE Dogan Iletisim Elektronik Servis Hizmetleri
DOMAINFACTORY domainfactory GmbH
DOMAINTOOLS – DomainTools, LLC
DONTELE-AS Telenet LLC
DOPC-AS
DOPC-AS-NGN
DOPC-AS-US
DREAMHOST-AS – New Dream Network, LLC
DREAMX-AS DREAMLINE CO.
DRWEB-AS Doctor Web Ltd
DSE-VIC-GOV-AS Department of Sustainability & Environment,
DSIJSC-AS DSI Autonomous system
DSLEXTREME – DSL Extreme
DTAG Deutsche Telekom AG
DWL-AS-IN Dishnet Wireless Limited. Broadband Wireless
DYNDNS – Dynamic Network Services, Inc.
EASYDNS EasyDNS Technologies, Inc.
EASYNET Easynet Global Services
EBAY – eBay, Inc
ECI-TELECOM-LTD ECI Telecom-Ltd.
EDGECAST – EdgeCast Networks, Inc.
EIRCOM Eircom
ELISA-AS Elisa Oyj
EMBARQ-WNPK – Embarq Corporation
EMBIT-AS BURTILA & Co. ELECTRON M.BIT SRL
EMC-AS12257 – EMC Corporation
EMCATEL
EMIRATES-INTERNET Emirates Internet
EMOBILE eMobile Ltd.
ENTEL CHILE S.A.
EPM Telecomunicaciones S.A. E.S.P.
EQUANT-ASIA Equant AS for Asian Region covering Japan
EQUINIX-EDMA-ASH-ASN – Equinix, Inc.
ERICSSON-APAC-MY-AS Ericsson Global Services. BUGS N&V APAC
ERX-SINGNET SingNet
ESRI – Environmental Systems Research Institute
ESS-PR-WEBMASTERS – ESS/PR WebMasters
EthioNet-AS
ETISALAT-MISR
ETPI-IDS-AS-AP Eastern Telecoms Phils., Inc.
ETSI Autonomous System
EURONET Online Breedband B.V. Global AS
European Space Agency
EUSKALTEL Euskaltel S.A.
EXCELL-AS Excellmedia
EXIM – Export Import Bank of the U.S
FACEBOOK – Facebook, Inc.
FANNIEMAE – Fannie Mae
FasoNet-AS
FASTMETRICS – Fastmetrics, LLC
FAST-TELCO Fast Telecommunications Company W.L.L.
FASTWEB Fastweb SpA
FAWRI-AS
FDA – Parklawn Computer Center / DIMES HQ
FIBREONE-AS fibre one networks GmbH, Duesseldorf
FITC-AS – FITC – FedEx International Transmission Corporation
FMAC-I-BILLING – Freddie Mac
FMI-NET-AS – Freeport-McMoran Inc.
FORATEC-AS Foratec Communication AS at Sverdlovsk, Tyumen, Perm regions
FORTINET-CANADA – Fortinet Inc.
FPT-AS-AP The Corporation for Financing & Promoting Technology
FRONTIER-AND-CITIZENS – Frontier Communications of America, Inc.
FRONTIER-FRTR – Frontier Communications of America, Inc.
FR-RENATER Reseau National de telecommunications pour la Technologie
FULLRATE Fullrate A/S
FX-PRIMARY-AS FX Networks Limited
GBLX Global Crossing Ltd.
GET-NO GET Norway
GHANATEL-AS
GIGAINFRA Softbank BB Corp.
GLOBAL-SPLK – Sprint International
GLOBE-TELECOM-AS Globe Telecoms
GOLDENLINES-ASN 012 Smile Communications Main Autonomous System
GOLDENTELECOM-UKRAINE Golden Telecom
GOOGLE – Google Inc.
GRAMEENPHONE-AS-AP GrameenPhone Ltd.
GSA-GOV – General Services Administration
GT-BELL – Bell Canada
Gtd Internet S.A.
GYRON ====
H3G-AS H3G S.p.A.
H3GUKNIE Hutchison 3G UK and Ireland Core AS
HANARO-AS Hanaro Telecom Inc.
HATHWAY-NET-AP Hathway IP Over Cable Internet
HETZNER-AS Hetzner Online AG RZ
HHES – HAMILTON HYDRO ELECTRIC SYSTEM
HINET Data Communication Business Group
HKNET-AP HKNet Co. Ltd
HKTIMS-AP PCCW Limited
HNS-DIRECPC – Hughes Network Systems
HOPONE-GLOBAL – HopOne Internet Corporation
HOSTEUROPE-AS AS of Hosteurope Germany / Cologne
HP-INTERNET-AS Hewlett-Packard Company
HTCL-IAS-HK-AP Hutchison Telephone Company Limited
HTIL-TTML-IN-AP Tata Teleservices Maharashtra Ltd
HURRICANE – Hurricane Electric, Inc.
HUTCHISON-AS-AP Hutchison Global Communications
HUTCHVAS-AS Vodafone Essar Ltd., Telecommunication – Value Added Services,
IADB-NETWORKS – The Inter-American Development Bank
IAM-AS
IBM E-business Hosting Delivery
IBMCCH-RTP – IBM
IBMCCH-SBY – IBM
IBMDES-AS – IBM Dallas Engineering & Scientific
IBSNAZ Telecom Italia S.p.a.
IBURST-GH
ICONNECT-BD Planners Tower
IDK-NETWORK CJSC Interdnestrcom AS
IEUNET BT Ireland Backbone
IFX-NW – IFX Communication Ventures, Inc.
IHNET – IHNetworks, LLC
IINET iiNet Limited
IJ-NET – Internet Junction Corp.
ILX-ASN – THOMSON FINANCIAL
IN2CABLE-AP AS Number of In2cable.com (India) Ltd.
INDONET-AS-AP INDO Internet, PT
INDOSATM2-ID INDOSATM2 ASN
INEA-AS INEA S.A.
INET-AS-ID PT. Inet Global Indo
INETCOMM-AS INET LTD
I-NETPARTNER-AS I-NetPartner GmbH ASN
INETTEHNO Inet Tehno
INFINEON-AS Infineon AG
INFINEON-SG 8 Kallang Sector
INFLOW19294 – Inflow Inc.
INFOSPHERE NTT PC Communications, Inc.
INFOSTRADA Infostrada S.p.A.
INIT7 Init7 Global Backbone
INS-AS – AT&T Data Communications Services
Instituto Costarricense de Electricidad y Telecom.
Instituto Tecnol??gico y de Estudios Superiores de Monterrey
INTEGRATELECOM – Integra Telecom, Inc.
INTELSAT Intelsat Global BGP Routing Policy
INTEL-SC-AS – Intel Corporation
INTERNAP-2BLK – Internap Network Services Corporation
INTERNAP-BLK – Internap Network Services Corporation
INTERNAP-BLK – Internap Network Services Corporation
INTERNAP-BLK3 – Internap Network Services Corporation
INTERNAP-BLOCK-4 – Internap Network Services Corporation
INTERNETIA-AS Netia SA
INTERNET-PATH – Internet Path, Inc.
INTERNET-PRO-AS Internet-Pro Ltd
INTEROUTE Interoute Communications Ltd
INTERPHONE-AS Interphone Ltd.
INTERTELECOM Intertelecom
IPASAULE-AS _Interneta Pasaule_ SIA
IPG-AS-AP Philippine Long Distance Telephone Company
IPGOMA – THE INTERPUBLIC GROUP OF COMPANIES, INC.
IPNXng
IPO-EU IP-Only Telecommunication Networks AB
IQUEST-AS – IQuest Internet
IRONPORT-SYSTEMS-INC – Cisco Systems Ironport Division
IRS – Internal Revenue Service
IS
ISC-AS1280 Internet Systems Consortium, Inc.
ISKON ISKON INTERNET d.d. za informatiku i telekomunikacije
ISKRATELECOM-AS ISKRATELECOM ZAO
ISP-KIM-NET Kalush Information Network LTD
ISSC-AS – ISSC
ISW – Internet Specialties West Inc.
ITNS ITNS. NET SRL
ITSCOM its communications Inc.
JAWWAL Jawwal will be multihoming with us AS15975 and AS12975
JAZZNET Jazz Telecom S.A.
Jordan Data Communications Company LLC
JUNIPER-NETWORKS – Juniper Networks, Inc.
KABELBW-ASN Kabel Baden-Wuerttemberg GmbH & Co. KG
KAISER-NCAL – Kaiser Foundation Health Plan
KAMOPOWER – KAMO Electric Cooperative, Inc.
KAZTELECOM-AS JSC Kazakhtelecom
KHERSON-TS Kherson Telecommunication Systems Ltd.
KIXS-AS-KR Korea Telecom
K-OPTICOM K-Opticom Corporation
KSNET KSNet
KSNET-AS Kyivstar GSM
KVH KVH Co.,Ltd
LANTELECOM-AS Lan-Telecom AS Number
LATISYS-ASHBURN – Latisys-Ashburn, LLC
LATNETSERVISS-AS LATNET ISP
LDCOMNET NEUF CEGETEL (formerly LDCOM NETWORKS)
LEASEWEB LEASEWEB AS
LEVEL3 Level 3 Communications
LGCNS-AS – LG CNS America Inc.
LGDACOM LG DACOM Corporation
LGH-AS-KR LGHitachi
LGNET-AS-KR LG CNS
LINKdotNET-AS
LINKLINE – LinkLINE Communications, Inc.
LINKNET-ID-AP Linknet ASN
LOQAL-AS Loqal AS
LUCENT-CIO – Lucent Technologies Inc.
LUGANET-AS ARTA Ltd
LVBALTICOM-AS _Balticom_ JSC
LVLT594-598 – Level 3 Communications, Inc.
LYSE-AS Altibox AS
MAGNUS-AS TOV _Magnus Limited_
MANGOTELESERVICE-AS-BD Only private Owned IIG in Bangladesh
MAP Moscow Network Access Point
MASERGY-US Masergy US Autonomous System
MASSCOM – Massillon Cable Communications
MAXIS-AS1-AP Binariang Berhad
MBL-AS-AP Micronet Broadband (Pvt) Ltd.
MCAFEE – McAfee, Inc.
MCAFEE-COM – McAfee, Inc.
MCC OJSC _Moscow Cellular Communications_,
MCI-ASN – MCI
MCT-SYDNEY Macquarie Telecom
MDITNET-AS ITNET (ITPAY SRL)
MEDIASERV-AS Mediaserv
Mega Cable, S.A. de C.V.
MEGAPATH2-US – MegaPath Networks Inc.
METROTEL REDES S.A.
MF-KAVKAZ-AS Caucasus Branch of OJSC MegaFon AS
MF-NWGSM-AS North-West Branch of OJSC MegaFon Network
MFNX MFN – Metromedia Fiber Network
MICRON21-AS-AU-AP Micron21 Melbourne Australia Datacentre. Co-Location Dedicated Servers Web Hosting
MICROSOFT-CORP-AS – Microsoft Corp
MICROSOFT-CORP—MSN-AS-BLOCK – Microsoft Corp
MISD-NET – Macomb Intermediate School District
MIT-GATEWAYS – Massachusetts Institute of Technology
MOLDCELL_AS Moldcell SA Autonomous System
MOLDDATA-AS Administrator of the top level domain .MD,
MOLDTELECOM-AS Moldtelecom Autonomous System
MORENET – University of Missouri – dba the Missouri Research and Education Network (MOREnet)
MOTOROLA – Motorola, Inc.
MOTOROLA-PHX – Motorola, Inc.
MP-ELEKTRONIKA-AS MP ELEKTRONIKA Autonomous System
MPX-AS Microplex PTY LTD
MTNL-AP Mahanagar Telephone Nigam Ltd.
MTS-INDIA-IN 334,Udyog Vihar
MTSNET OJSC _Mobile TeleSystems_ Autonomous System
N9E7X5E3N1I2N4C – Nexen Inc.
NAWALA-AS-ID Asosiasi Warung Internet Indonesia (AWARI)
NAWRAS-AS Omani Qatari Telecommunications Company SAOC
NBLNETWORKS-AS Nebula Oy Autonomous System
NC-FUNB-AS – WACHOVIA CORP
NCNET-AS National Cable Networks
NEOLINK CJSC _ER-Telecom Holding_ Izhevsk branch
NERIM Nerim SAS
NET-ACCESS-CORP – Net Access Corporation
NET-AIG – American International Group (AIG) Data Center, Inc.
NETCOM-AS NetCom as Autonomous system
NETELLIGENT – Netelligent Hosting Services Inc.
NEWCOM-AS NEWCOM mirror object from ARIN
NEWCOM-ASN New Com Telecomunicatii SA
NEWEDGENETS – New Edge Networks
NEWSKIES-NETWORKS SES WORLD SKIES ARIN AS, for routing RIPE space.
NEWTT-IP-AP Wharf T&T Ltd.
NEXTGENTEL NEXTGENTEL Autonomous System
NEXTTELL-VRN-AS LLC NextTell-Voronezh AS Number
NG-AS NextGen Communications SRL
NIANET-AS nianet is a Danish carrier and Internet Service Provider
NO_NAME
NOC – Network Operations Center Inc.
NOKIA Nokia Internet
NOKIA-AS NOKIANET APAC Data Centre network
NOKIANET_DALLAS NOKIANET Dallas office
Nominum Global NameServer network
NOMINUM-SKYE1 – SKYE
NORDLINKS-AS S.C. _NordLinks_ S.R.L.
NORMA-PLUS-AS TOV Norma Plus
NORTHROP-GRUMMAN – Northrop Grumman
NOVELL – Novell, Inc.
NTL Virgin Media Limited
NTT do Brasil Telecomunicaoes Ltda
NTT-COMMUNICATIONS-2914 – NTT America, Inc.
NUMERICABLE NUMERICABLE is a cable network operator in France, offering TV,VOICE and Internet services
NUVOX – NuVox Communications, Inc.
NV-ASN 013 NetVision Ltd.
NYFX-RTR – NYFIX, INC
O1COMM – O1 COMMUNICATIONS
OCN NTT Communications Corporation
OFIDEN – OppenheimerFunds, Inc.
OMD-FNO Orange Moldova Fix Network Autonomous System
OMNITURE ====
OPENDNS – OpenDNS, LLC
ORANGE-BUSINESS-SERVICES-SOUTHEUR Equant Inc.
ORANGE-BUSINESS-SERVICES-UK Orange Business Services (formerly Equant) AS for UK
OSIS-PACOM – Joint Intelligence Center Pacific
OVH OVH
P4NET P4 Sp. z o.o.
PACIFIC-INTERNET-INDIA-ASN Pacific Internet India Pvt. Ltd.
PACIFIC-INTERNET-IX Pacific Internet Ltd
PACNET Pacnet Global Ltd
PAH-INC – GoDaddy.com, Inc.
PAIR-NETWORKS – pair Networks
PALTEL-AS PALTEL Autonomous System
PARTNER-AS Partner Communications Ltd.
PBTL-BD-AS-AP Pacific Bangladesh Telecom Limited.
PDX – PORTLAND INTERNETWORKS
PEER1 – Peer 1 Network Inc.
Pegaso PCS, S.A. de C.V.
PERSNET Korea Telecom Freetel
PI-AU Pacific Internet (Australia) Pty Ltd
PI-HK Pacnet Internet (Hong Kong) Limited
PIXNET-AS – Providers Internet Exchange
PKTELECOM-AS-PK Pakistan Telecom Company Limited
PLUSSERVER-AS PlusServer AG, Germany
POLYCOM – Polycom, Inc.
POWEREDCOM KDDI CORPORATION
Prima S.A.
PRIMORYE-AS Open Joint Stock Company _Far East Telecommunications Company_
PRINCETON-AS – Princeton University
PROBENETWORKS-AS Probe Networks
PRONET_LV SIA _PRONETS_
PROXAD Free SAS
PS-NETPLEX-AS – Perot Systems
PT KPN Internet Solutions
PTK-CENTERTEL-DSL-AS PTK Centertel Sp. z o.o.
PTLP-CORE – People_s Tel Limited Partnership
PTPRIMENET PT PRIME – Solucoes Empresariais de Telecomunicacoes e Sistemas S.A.
PUBNET1-AS KT
PUSAN-AS-KR Pusan National University
PWC-AS – PriceWaterhouseCoopers, LLP
Q9-AS – Q9 Networks Inc.
Q9-AS-BRAM – Q9 Networks Inc.
QNETCZ QNET CZ s.r.o.
QSC-1 QSC AG
QUALCOMM – Qualcomm, Inc.
QUALCOMM-BLR-AS-AP Qualcomm Inc. Bangalore AS, Developer of CDMA Technology India
QWEST – Qwest Communications Company, LLC
RACKSPACE – Rackspace Hosting
RADIOGRAFICA COSTARRICENSE
RAPID-LINK-AS RAPID LINK SRL
RAYA-AS
RCN-AS – RCN Corporation
RDSNET RCS & RDS S.A.
Rede Nacional de Ensino e Pesquisa
REEDLAN-AS ISP REEDLAN
RELARN RELARN-MSK
RELIANCE-COMMUNICATIONS-IN Reliance Communications Ltd.DAKC MUMBAI
RELIANCEGLOBALCOM – Reliance Globalcom Services, Inc
RENAM RENAM Association
RIML-CORP-AS-3 – Research In Motion Limited
RIPE-NCC-AS RIPE Network Coordination Centre
RISC-SYSTEM – Rockwell Scientific Company
RMH-14 – Rackspace Hosting
RMIFL RM Education PLC – Internet for Learning
ROGERS-CABLE – Rogers Cable Communications Inc.
ROSTELECOM-AS JSC Rostelecom
ROSTOV-TELEGRAF-AS Rostovelectrosviaz_ of Public Joint Stock Company
RTCOMM-AS OJSC RTComm.RU
RTD ROMTELECOM S.A
RUSTAVI2ONLINEAS Caucasus Online LLC
RU-SURNET Uralsvyazinform, Chelyabinsk branch
RWT – RagingWire Telecommunications
SAFELINES The network of ISP Safelines,includes POPs in various cities
SAFENZ-TRANSIT-AS-NZ SafeNZ Networks LTD
SAITIS-NETWORK Saitis Network, N.Desir
SAMSUNGNETWORKS-AS-KR Samsung Networks Inc.
SAN-JUAN-CABLE – San Juan Cable, LLC
SASUSA SunGard Availability Services USA
SAVVIS – Savvis
SBIS-AS – AT&T Internet Services
SCARTEL-AS Scartel Ltd.
SCOTTS-AS – CITY OF SCOTTSBURG
SCRR-10796 – Road Runner HoldCo LLC
SCRR-11426 – Road Runner HoldCo LLC
SCRR-12271 – Road Runner HoldCo LLC
SCV-AS-AP SCV Broadband Access Provider
SDL-20-AS – Smithville Digital, LLC
SEAGATE-USA-MN-1 – Seagate Technology
SEEDNET Digital United Inc.
SELECTNET-AS – SelectNet Internet Services
SERBIA-BROADBAND-AS Serbia BroadBand-Srpske Kablovske mreze d.o.o.
SERVICENET-AP Internet service provision to Western
SGNET-AS-AP Singapore Government Network AS
SHAW – Shaw Communications Inc.
SIBNETWORKS-AS Siberian Networks
SIFY-AS-IN Sify Limited
SIGMANET-NIC LU MII AS
SIKA-AS Sika Informationssysteme AG
SITA SITA
sixtelecoms-as
SKTELECOM-NET-AS SK Telecom., Ltd.
SKYNET-SPB-AS SkyNet Ltd.
SKYVISION SkyVision Network Services
SLTINT-AS-AP Sri Lanka Telecom Internet
SOFTLAYER – SoftLayer Technologies Inc.
SOFTNET-AS-AP Software Technology Parks of India – Bangalore
SOLNET BSE Software GmbH
SONICDUO-AS AS for MegaFon-Moscow
SONOMA – Sonoma Interconnect
SONY-APAC-AP Sony – ASN for Asia Pacific
SOVAM-AS OJSC _Vimpelcom_
SPBMTS-AS Mobile TeleSystems, OJSC, MR North-West
SPCS – Sprint Personal Communications Systems
SPEAKEASY – Speakeasy, Inc.
SPECTRANET FIRST FIBRE BROADBAND NETWORK IN NEW DELHI, INDIA
Sprint US
SPRINTLINK – Sprint
SPRINTLINK-HOSTING – SPRINT, Business Serices Group
SS-NOC-AS – Straitshot Communications, Inc.
STARHUBINTERNET-AS StarHub Internet Exchange
STARNET-AS StarNet Moldova
STATEL-AS Stavropol branch of Southern Telecommunications Company
STEADFAST – Steadfast Networks
STOMI – State of Michigan, DMB-CNOC
STSN-SLC-UT-US – STSN GENERAL HOLDINGS, INC.
SUDDENLINK-COMMUNICATIONS – Suddenlink Communications
SUMTEL-AS-RIPE Summa Telecom
SUNCOMMUNICATIONS-AS JV _Sun Communications_ Autonomous System
SUNRISE Sunrise Communications AG
SUPERNET-PAKISTAN-AS-AP Supernet Limited Transit Autonomous System Number
SURFCONTROL-US-ASN Websense Hosted Security Network
SURFNET-NL SURFnet, The Netherlands
SWEETNET-AS Private entrepreneur Bliznichenko Vitalij Volodumirovich
SWISSCOM Swisscom (Switzerland) Ltd
SWITCH SWITCH, Swiss Education and Research Network
SWKO – SOUTHWEST KANSAS ONLINE
TACHYON-AS-ID PT Remala Abadi
TATA-AS TATA ISP
TATACOMM-AS TATA Communications formerly VSNL is Leading ISP
TATTELECOM-AS Tattelecom.ru/Tattelecom Autonomous System
TC Radio Systems Autonomous System
TCH – TCH Network Services
TDC TDC Data Networks
TDDE-ASN1 Telefonica o2 Germany Autonomous System
TDN Tikona Digital Networks Pvt Ltd.
TEAM-CYMRU – Team Cymru Inc.
TE-AS TE-AS
TELCOMNET TelCom Ltd.
TELCOM-UA-AS _Telecomunikatsiina Companiya_ Ltd
TELE2
Telecom Argentina S.A.
TELECOMMD-AS ICS Networks Solutions SRL
Telecomunicacoes da Bahia S.A.
TELEFONICA CHILE S.A.
Telefonica de Argentina
Telefonica Empresas SA
TELEFONICA-DATA-ESPANA Internet Access Network of TDE
TELEKOM-AS TELEKOM SRBIJA a.d.
TELENERGO EXATEL S.A. Autonomous System
TELENET-AS Autonomous System of Teleset-Servis Ltd.
TELENET-AS Telenet N.V.
TELENOR-NEXTEL Telenor Norge AS
TELESC – Telecomunicacoes de Santa Catarina SA
TELESWEET-AS Telesweet ISP Autonomous System
TELETECH – TeleTech Holdings, Inc
Television Internacional, S.A. de C.V.
TELEZUG WWZ Telekom AG
TELIANET-DENMARK TeliaNet Denmark
TELIANET-SWEDEN TeliaNet Sweden
TELKOMNET-AS2-AP PT Telekomunikasi Indonesia
TELKOMSEL-ASN-ID PT. Telekomunikasi Selular
TELLCOM-AS Tellcom Iletisim Hizmetleri
Telmex Chile Internet S.A.
Telmex Colombia S.A.
TELSTRA Telstra Pty Ltd
TEOLTAB TEO LT AB Autonomous System
TERREMARK Terremark
TFN-TW Taiwan Fixed Network, Telco and Network Service Provider.
TFO-BOSTON – THOMSON FINANCIAL
THEPLANET-AS – ThePlanet.com Internet Services, Inc.
T-HT T-Com Croatia Internet network
TINET-BACKBONE Tinet SpA
TISCALI-UK Tiscali UK
TISNL-BACKBONE Telfort B.V.
TKPSA-AS TKP S.A. is 3S.pl network operator.
TKT-AS JSC TKT
TMIB-BD-AS-AP TM International Bangladesh Ltd. ISP, Gulshan-1,Dhaka-1212
TMN-AS TMN Autonomous System
TMNET-AS-AP TM Net, Internet Service Provider
TM-NETSYS-ASH – TicketMaster
TOMLINE Tomsk telecommunication company Ltd
TOTNET-TH-AS-AP TOT Public Company Limited
TPG-INTERNET-AP TPG Internet Pty Ltd
TPNET Telekomunikacja Polska S.A.
TRANSTEL S.A.
TRAVELERS – Travelers Property Casualty Corp.
TRENDMICRO Global IDC and Backbone of Trend Micro Inc.
TRENDMICRO Trend Micro Inc.
TRUENORTHCOMM – True North Communications
TSF-IP-CORE TeliaSonera Finland IP Network
TSU-SM – Texas State University – San Marcos
TTCLDATA
TTNET Turk Telekomunikasyon Anonim Sirketi
TTSL-MEISISP Tata Teleservices ISP AS
TULIP Tulip Telecom Ltd.
TURKCELL-AS TURKCELL ILETISIM HIZMETLERI A.S.
TVCABO-AS TVCABO Autonomous System
TWTC – tw telecom holdings, inc.
UAEXPRESS EXPRESS Radio Network
UARNET-AS Ukrainian Academic and Research Network
UA-SEECH Seech-Infocom NCC
UA-SMART-AS Broadcasting company _Smart_ Ltd
UCOM UCOM Corp.
UCSB-NET-AS – University of California, Santa Barbara
UCSC – University of California, Santa Cruz
UDMVT-AS OJSC VolgaTelecom branch in Udmurtia Republic AS Number
UECOMM-AU Uecomm Ltd
UKRBIT-NET-AS SPD Bilopol Roman Leonidovich
UKRTELNET JSC UKRTELECOM,
ULTRADNS – Centergate Research, LLC.
UMANITOBA – University of Manitoba
UMC-AS UMC Autonomous System
UMICH-AS-5 – University of Michigan
UMN Ural-TransTeleCom Autonomous System
UNI2-AS France Telecom Espana SA
Uninet S.A. de C.V.
UNINETT UNINETT, The Norwegian University & Research Network
UNISYS-6072 For routing issues, email hostmaster@unisys.com
UNISYS-AP-UI-AS-AP Unisys AsiaPac Intranet Access to Internet
UNISYS-AS-E – Unisys Corporation
Universidad Nacional de Colombia
University de Los Andes
UNL-AS – University of Nebraska-Lincoln
UNSPECIFIED
UPC UPC Broadband
UPITT-AS – University of Pittsburgh
URAN URAN Autonomous system
USAA – USAA
USI Uralsviazinform
UUNET – MCI Communications Services, Inc. d/b/a Verizon Business
UUNET-INT – MCI Communications Services, Inc. d/b/a Verizon Business
VEGA-OD-UA DCS Ltd.
VERISIGN-CORP – VeriSign Infrastructure & Operations
VERSATEL AS for the Trans-European Tele2 IP Transport backbone
VIA-NET-WORKS-AS PSINet Europe / VIA NET.WORKS international AS
VIAPASS-FR VIAPASS SAS
VIDEOTRON – Videotron Telecom Ltee
VIETEL-AS-AP Vietel Corporation
VINAKOM – VINAKOM COMMUNICATIONS
VINS – ViaWest
VIRGINIA-AS – University of Virginia
VITSSEN-SUWON-AS-KR Tbroad Suwon Broadcating Corporati
VMWARENET-1 – VMWare, Inc.
VNET-AS VNET ISP Bratislava, Slovakia, SK
VNPT-AS-VN Vietnam Posts and Telecommunications (VNPT)
VODAFONE_ICELAND Backbone Autonomous System
VODAFONE-IT-ASN Vodafone N.V.
VODANET International IP-Backbone of Vodafone
VOLIA-AS Kyivski Telekomunikatsiyni Merezhi LLC
VOLKSWAGEN Volkswagen AG, Wolfsburg 1
VRIS-AS-BLOCK – Verizon Online LLC
VSI-AS VSI AS
VTX-NETWORK VTX Services SA
VZB-AU-AS Verizon Australia PTY Limited
VZGNI-TRANSIT – Verizon Online LLC
WATEEN-IMS-PK-AS-AP National WiMAX/IMS environment
WAYPORT – AT&T Wi-Fi Services
Webex Communications, Inc.
WEBSENSE Websense, Inc.
WELLSFARGO – Wells Fargo & Company
WESTHOST – WestHost, Inc.
WESTNET-AS-AP Westnet Internet Services
WESTPUB-A – West Publishing Corporation
WICAM-AS WiCAM ISP Cambodia Peering AS
WIDEXS ion-ip B.V.
WINDSTREAM – Windstream Communications Inc
WIRELESSNET-ID-AP WIRELESSNET AS
WITCOM- Wiesbadener Informations – und Telekommunikations GmbH
WN-AS Private enterprise Gorbunov A.A.
WORLDBANK-AS – WORLD BANK
WORLDCALL-AS-LHR Worldcall Broadband Limited
WORLDNET-AS World Net & Services Co., Ltd.
WOW-INTERNET – WideOpenWest Finance LLC
WXC-AS-NZ WorldxChange Communications LTD
WYOMING – wyoming.com
XO-AS15 – XO Communications
XS4ALL-NL XS4ALL
XTRA-AS Telecom XTRA, Auckland, NZ
YAHOO-BANGALORE-AS-AP Yahoo Bangalore Network Monitoring Center
YAHOO-US – Yahoo
ZIGGO Ziggo – tv, internet, telefoon
ZIPNETBD-DKB-AS-AP Zipnet Limited DKB AS number

Krebs got the list of affected companies from a breached “command and control” server, the name for a machine that hackers use to direct the fleets of compromised PCs that they have gained control over.

He also offered clarification about who were on the list. “First, many of the network owners listed are Internet service providers, and are likely included because some of their subscribers were hit. Second, it is not clear how many systems in each of these companies or networks were compromised, for how long those intrusions persisted, or whether the attackers successfully stole sensitive information from all of the victims. Finally, some of these organizations (there are several antivirus firms mentioned…) may be represented because they  intentionally compromised internal systems in an effort to reverse engineer malware used in these attacks.”

Two lessons come out of these attacks. One lesson is when you build a better mousetrap, somebody out there is already working on building a better mouse. The other is that you can count on ThreatMetrix to protect your customers, so that even in the event of a breach, their personal information is always secure.

That’s because the ThreatMetrix™ Cloud-Based Fraud Prevention Platform device identification solutions recognize returning visitors without cookies and also recognizes them even when their device fingerprints change. Protecting against bad scripts and fraudulent account logons, payments and transactions, ThreatMetrix solutions are designed to interdict attacks of fraud in real time, while passively and transparently profiling users — without collecting extraneous personal identity information, such as Social Security numbers, and mother’s maiden names.

Cyberthieves have grown significantly more “professional” than they were in their “hit-or-miss” hacking past. Instead of using viruses and Trojans to search for logins or credit card details, cybercrooks are now beginning to specialize. They hack into corporate networks looking for intellectual property and business secrets their customers requested in advance. It’s like a gang of “upscale” car thieves who steal prestige and high-performance to fill an order.

Says Raj Samani, chief technology officer in Europe for McAfee in a BBCMobile.com report, “Cyber criminals are targeting this information based on what their clients are asking for.” In some cases,” adds Mr. Samani, “thieves were running campaigns to get at particular companies or certain types of information.”

The attacks have also grown more sophisticated. Hackers have turned to the Stuxnet virus to target industrial plant equipment, petrochemical firms, the London Stock Exchange, the European Commission and many others.

Another new wrinkle is the possibility of a “wolf-pack” attack.  According to BBCMobile.com there were cases in Germany, Brazil and Italy where trade secrets were either stolen by an insider or cyberthieves tried to get hold of the information through concerted attacks.

Several areas where corporations may be lax and should be paying more attention include:

• Who’s looking after corporate data when it’s moved into the cloud or sent to a third-party host center?

• Is the corporate culture or structure being revealed through innocent email, Twitter, Facebook, etc. messages that would make it possible for cybercriminals to pose as employees to penetrate the network?

• Is there an effort to watch casual and contract employees who may not have been vetted as closely as permanent staff?

• Is the corporation using behavioral analysis software to spot anomalous activity on the corporate network?

More difficulties arise from the fact that the theft of intellectual property or key documents could be hard to detect. “You may not even know [your property has been] stolen because [the thieves] just take a copy of it,” notes Mr. Samani.

In addition to the theft of trade secrets, marketing plans, R&D reports and source code, BBCMobile.com notes that cybercriminals are also making off with something less tangible, but just as important – the trust of customers.

The best way to maintain customers’ trust and avoid the damage cybercriminals can wreak on a company is with ThreatMetrix. Providing solutions, which can’t be compromised by break-ins, ThreatMetrix protects against bad scripts and fraudulent account logins, payments and transactions. With customized rules for each, ThreatMetrix solutions are designed to interdict attacks in real-time, while passively and transparently profiling users — without collecting extraneous personal identity information. ThreatMetrix offers universal, reliable fraud detection that puts an end to overreliance on identity authentication.

Explorer 9 and Firefox 4 upgrades permit users to prevent sites from using cookies to track their movements. But, to delete Adobe Flash local shared objects (LSOs) or cookies, users had to go to the Adobe Flash Website.

Now Google Chrome, which is bundled with Flash, makes clearing Flash cookies as easy as…well…pie. All it takes is a few clicks from within the browser and no LSOs. That may be great for user privacy, but it’s hell and dollars to pay for online merchants, banks and social networks, all of whom depend on cookies stopping fraudsters. In fact, today, banking on cookies detecting fraudsters has about as much chance of success as Osama Bin Laden’s relying on messengers.

So what do “smart cookies” do when cookies don’t work?  They turn to ThreatMetrix SmartID™ which detects fraudsters even if they’ve wiped their cookies. Without cookies or cookie equivalents, ThreatMetrix SmartID enables companies to stop online fraud, and, at the same time, protect customer privacy.

ThreatMetrix and the Ponemon Institute have announced the second set of findings from their recent survey around consumers’ reactions to online fraud today. This second round of data was gathered from survey questions around behavioral advertising specifically, on the heels of the recent McCain-Kerry privacy bill.

The study revealed the majority of consumers are comfortable with online behavioral tracking for fraud prevention purposes, but remain hesitant around advertising and promotional purposes. The results are outlined in a report, “Consumers’ Reaction to Online Fraud.”

Other highlights of the findings include:

• Seventy-four percent of consumers expressed some level of concern about online advertisers collecting and using their information for future promotional activity. Half of the respondents, however, feel it acceptable to use information about their online behavior as long as it’s to detect potential fraudsters.

• Twenty-four percent of consumers said they don’t think behavioral targeting in any form is appropriate, whereas 26% said it is okay for online businesses to use their information to either send them ads or monitor potential fraudsters.

• Only 16 % of consumers said that advance consent is necessary for each transaction, when asked about the extent of obtaining consent to use their online behavior information for fraud detection. One third said consent was not necessary at all, while the majority (36%) said consent only once in advance is sufficient.

• The majority of consumers (70%) reported that if they were assured their personal information was not collected when used for fraud detection purposes, they were comfortable with an online business authenticating their identity through a digital fingerprint. Another 22% said they were unsure.

The research also looked at consumer sentiment about fraud prevention across the banking, social media and Web 2.0 industries and mobile channel. For more information about the findings, download a copy of the report at http://info.threatmetrix.com/ConsumerSurveyOnlineFraud2011.html.

At the 2011 Merchant Risk Council Annual e-Commerce Payments & Risk Conference, ThreatMetrix will be announcing the availability of the ThreatMetrix™ Cloud-Based Fraud Prevention Platform, incorporating cookieless device identification and enhanced mobile authentication. This platform will make it easy for banks, merchants, online businesses, payment gateways and payment providers to detect and screen for fraud.

The Threatmetrix Cloud Based Fraud Prevention Platform represents the third-generation of device identification technology.  Threat Metrix device intelligence has evolved from IP address, to browser attributes, to packet fingerprinting intelligence to stay one step ahead of increasingly sophisticated fraud attacks and competitive vendors. ThreatMetrix goes beyond first generation device identification technologies that are limited to IP address and browser attributes with ThreatMetrix SmartID™, a key component of the ThreatMetrix Cloud-Based Fraud Prevention Platform.

ThreatMetrix SmartID, which incorporates unique TCP/IP packet fingerprint detection, cross correlates and scores device fingerprint attributes and behavior with session and browser cookies to more accurately establish and authenticate a device identity. Attributes collected from the IP address and browser are easy to manipulate. For example, common browser plugins allow fraudsters to change the apparent browser and version that the Web server sees with a click of a button.

ThreatMetrix SmartID device identification overcomes these limitations by adding packet fingerprinting intelligence for greater accuracy and spoof protection. Because the information is collected as part of the standard networking and browser security model, there is no possibility of leakage of personal information, no interruption to the customer’s online experience, and no additional software or browser plugins to download or accept.

Some of the new features include:

• Enterprise Risk Engine
• Global Network Intelligence
• Queue Management
• Customizable Alerting
• Online Portal and Dashboard for Transaction Monitoring and Link Analysis
• Bulletproof Security and Privacy Protection

“The ThreatMetrix Cloud-Based Fraud Prevention Platform provides companies with the ability to authenticate payments, new accounts and returning customers online regardless of the device involved – be it a smartphone, personal or tablet computer – without requiring a forklift install of hardware or software,” said Reed Taussig, president and CEO, ThreatMetrix. “A smarter approach to device identification combined with aggregated fraud intelligence in the cloud allows customers to benefit from proactive protection without needing to share personally identifiable information.”

For more details on the new features, check out our press release.

Findings from the recent AWPG report reveal that fraud remains a serious issue in the credit card/payments information category. This is often downplayed to account for rises in cases of smaller categories such as Classified Advertising and Banking. These categories, however, only account for less than 10% of all phishing cases. Statistics show that more than one-third of phishing attempts to steal credentials are directed at collecting credit card/payments information, making this the largest category affected by fraudsters.

One reason this issue may not seem as relevant might be the decrease in brand attacks since 2009. It is important to keep in mind, however, that while the number of brands hijacked by phishing attacks is down 22% from October 2009, fraudsters are finding unique ways to target specific brands through personalized phishing attempts that make these efforts more difficult to track.

According to ThreatMetrix Chief Product Officer Alisdair Faulkner in a recent Security Week article, the attacks on the credit card/payment information category may be decreasing, but continue to affect the largest number of people: “‘Unfortunately the pain is not just felt by the brands targeted by phishing attacks, it is every other online business that is then attacked with the stolen identity and credit card information,’” he said.

Within a period of 24 hours (from Feb. 1 – Feb. 2) ThreatMetrix detected 135,000 fraudulent transactions attempted against 350 of the top online companies, data we pulled for Security Week.

Stolen consumer information continues to be a serious issue. It is essential that innovative efforts continue to block fraudsters before they have the opportunity to cause significant damage. Statistics like those gathered from the AWPG report illustrate the rapid pace the fraud protection industry needs to move in order to maintain a solid approach to fraud prevention.