Don’t have a gun? Here, use one of ours! Better yet, use Cloudflare!*
Every time a cyber criminal slips through the cracks by using Cloudflare’s service, I think about the guy giving guns to teenagers for a small fee. Proof that the cybercrime industry has been successful in legitimizing their techniques in today’s society … in all the history of organized crime, the mob never had it this good!
“We offer reverse proxy, pass-through security service and a content distribution network. We do not know this gun is a gun. We do not know what is in the gun. We don’t know what they’ll use the gun for. We are not a crime provider, so therefore we’re innocent and cannot be held accountable for what happens with this gun.”
Let’s ask some questions
- Is it illegal to give away guns? Rent guns or pipe bombs? Probably not.
- Is it illegal to deliver extortion letters to a million people? Probably not.
- Is it illegal to provide the easy, quick and safe means to commit thousands of crimes — all at the same time? Probably not.
- Is it possible that you can provide the vehicle and method for committing crimes then hide the identity of the criminals without at least being considered as an accomplice? No.
- Is it possible to openly aid and abet criminals in the commission of crimes, admit to complicity, yet claim you didn’t know they were committing crimes? No.
A black SUV swoops up to your neighbor’s house.
Two masked thugs jump out with automatic weapons, and race inside. Much shooting and commotion goes on inside the house, then all goes quiet! You dial 911.
When the police arrive, the driver of the SUV has fallen to sleep and the thugs are gone. The driver wakes up and asks what happened. He has no idea who those thugs were, he did not know they had automatic weapons, and not a clue why they took automatic weapons into this house, nor what all the shooting and commotion was all about. He was hired to bring them here.
The police ask : “Where did they come from? Where did you pick them up?”
The driver says “I do not know. You can go to our web site and fill out a complaint form, and we’ll get back to you.”
Imagine what happens if you tell a trooper, at the scene of a crime, to go to a web site and fill out a complaint and you’ll get back to him! LOL. Suddenly you’re in hand-cuffs.
You say: “but FedEX and UPS do that every day?”
They’re paid to deliver those boxes, and that’s that.
Let me see if I understand how this works. If FedEX delivers a pipe bomb, what happens? You’re right, FedEX is not arrested. However, FedEX cooperates. UPS and FedEX ship contraband and illegal substances every day. However, nobody knows about the content of those packages because the criminals have masked them. Additionally, they haven’t harmed anyone enough to get law enforcement attention — a clear indication that the recipient is willingly participating in the crime. Criminals shipping guns, drugs or alcohol to a fellow criminal happens and is difficult to stop. Cyber crime, on the other hand, is different. The recipient is the victim.
The difference between Federal Express and Cloudflare.com is Federal Express is not in the business of intentionally eluding law enforcement on behalf of its clients. FedEX does not want to do business with criminals, they make their revenue legitimately. FedEX is not making billions by enabling and masking the daily activities of crime cartels. Being associated with organized crime is bad for business— well, except internet businesses.
Now, let’s put this into perspective.
Imagine what would happen if Federal Express received 25,000,000 packages — to be shipped to different addresses, all at the same time, all at the same FedEX office, all paid for by the same client. When the first few packages arrive at their destination they are discovered to contain an improvised explosive device! Boom, they are immediately reported to authorities! What happens next? Do you think Federal Express will continue to deliver the rest of the packages? Do you think that would raise a few questions? Once exposed, do you think Federal Express would accept packages for shipping from the exact same client?
Stopping bad guys : here’s how it should work
Organizations like SpamCop and the reporting/blocking system in Firefox browsers, continuously monitor email and the web. When a cyber crime campaign launches, the criminals will be reported within the first wave of attacks. The offending site gets shut down or blocked. This doesn’t solve the crime, but serves to limit the cyber crime impact on its victims. Thousands of SpamCop agents immediately report the attack, and SpamCop immediately alerts the ISP hosting the criminals. That ISP is supposed to shut down the criminal arrival site. Early detection and ISP cooperation can shut down the attack while in progress!
Spamcop lists criminal IP addresses block-list to block future attacks, and is syndicated to ISPs all over the world. Your spam blocker protects you from cyber crime, in part, through the efforts of Spamcop agents.
Bad guys : cyber crime is good for bu$iness.
Today, cyber crime cartels, terrorists, sex traffickers, racial hate groups, online drug cartels and all manner of evil that used to be reserved in the Dark Web can buy a free pass from firms like Cloudflare. Cyber crime is very profitable. Companies like Cloudflare halt interception efforts by stepping in between the criminals and the enforcers. Cloudflare knows cyber criminals will pay a handsome fee to get away with their spam and malware campaigns. They gladly pay Cloudflare to delay detection long enough to be successful. An unsettling development is that Google and Amazon are also in this remarkably profitable enterprise.
What happens when Cloudflare protects the cyber criminal
When Spamcop reports the criminal attack to Cloudflare’s official “abuse” address. Instead of acting on it, the report is simply ignored. In order to actually file a complaint, a human has to go to Cloudflare’s own “reporting” form online. When the form is completed, you get a reply saying they received your report. In a few days, you get another email admitting to carrying the crime. They tell you who they were hiding, and disavow any wrongdoing. Unfortunately, by that time, the crooks are gone.
So, where were we? By now, the police have questioned the owner and driver of the SUV delivering thugs with automatic weapons three days in a row. After four days, the police get this response from the owner of the SUV :
We are unable to process your report for the following reason(s): We are not able to validate your claim of illegal activity. Please provide supporting information or specific URLs or screenshots that point to a phishing, malware or scam page so that we may investigate the matter further.
Although they have dead bodies and eye witnesses, they’re unable to validate a claim of illegal activity. Really? Seriously?
They think we don’t see what they’re doing
We know they are protecting the cyber crime cartels because all the clear and accurate information they request was provided in the FIRST crime report provided to Cloudflare. “Not able to validate your claim of illegal activity” is simply a lie that gullible people will believe. We know it’s a lie and would constitute perjury in a court of law.
Every time I report an attack to Cloudflare, they respond saying they don’t know who that is. Yet, I know that they know because I already reported them and they have acknowledged the report. They are being paid by the criminals to ignore these reports — all automated with canned responses. All they have to do to successfully fulfill their contract with the criminals is delay the pursuit long enough for the cyber crime cartel to make its profits from that campaign. Duh.
“Officer, just fill out this form and in a few days we’ll get back to you to ask more questions. In this case, we cannot validate that guns, or pipe bombs or identity theft, or PayPal spoof, or iTunes compromise, or ransomware or sextortion or bitcoin blackmail are illegal activities.”
A billion dollars worth of protection? Sure!
My curiosity leads me to ask how much of Cloudflare’s $1 BILLION dollar revenue comes from the cyber crime industry? They claim they’re protecting freedom of speech, and protecting the web’s net neutrality. Now, we’re seeing Google and Amazon practicing the same techniques — a sure-fire indication that it’s easy, care-free and profitable! With the European Union clamping down on “personal information” and ICANN allowing the identity of web owners to be masked — where are we going with our own personal safety, and who can even fathom what evils are yet to come. Is there anyone left who can actually recognize the difference between right and wrong?
I’d like to know how Cloudflare can get away with this?
Perhaps charging a fee to deliver hand guns and pipe bombs could be a highly profitable industry!
… and thanks for reading
PLEASE READ : Future Crimes: Inside the Digital Underground and the Battle for Our Connected World by Marc Goodman
The cyber crime industry has really caught on to Cloudflare. We’ve reported fraudsters who claim to restore blind vision in Italy, a DocuSign ransomware attack via malware from Vietnam, a miracle air conditioner fraudster from Germany, but mostly the Chinese with penny stock pump-n-dumps, all manner of health remedies and physical enhancements, save your marriage, become wealthy over night, grow hair on bald men, celebrity weight loss, and on and on.
This Nov. 24 attack leads us to two forged WhoIS entries intended to elude detection: domain ownership is masked by WhoisGuard, Inc. in Panama, and website location masked by Cloudflare. Both are direct violations of ICANN WhoIS regulations. All three cited offenses are violations of the Can-Spam Act. Note the Fecesz.icu domain is utilized as a redirect. Typical spam filters without investigation will see only this address and not the actual cyber crime address.
Here’s another example from just the other day:
Here’s the WhoIS from the alert above, clearly implicating Cloudflare’s complicity in a 6-billion dollar Chinese counterfeiting industry! They have been reported seven times by one officer alone, but they’re still in business.
Domain Name: moncler-stores.com
Registry Domain ID: whois protect
Registrar WHOIS Server: whois.west.cn
Registrar URL: www.west.cn
updated Date: 2018–10–29T07:36:39.0Z
Expiration Date: 2019–10–29T07:36:39.0Z
Registrar: Chengdu west dimension digital technology Co., LTD
Registrar IANA ID: 1556
Registry Registrant ID: Not Available From Registry
Registrant Name: REDACTED FOR PRIVACY
Registrant Organization: REDACTED FOR PRIVACY
Registrant Street: REDACTED FOR PRIVACY
Registrant City: Chengdu
Registrant State/Province: Sichuan
Registrant Country: CN
Registrant Phone: REDACTED FOR PRIVACY
Registrant Email: link at https://www.west.cn/web/whoisform?domain=moncler-stores.com
Registry Admin ID: Not Available From Registry
Admin Name: REDACTED FOR PRIVACY
Admin Organization: REDACTED FOR PRIVACY
Admin Street: REDACTED FOR PRIVACY
Admin City: Chengdu
Admin State/Province: Sichuan
Admin Postal Code: REDACTED FOR PRIVACY
Admin Country: CN
Admin Phone: REDACTED FOR PRIVACY
Name Server: aragorn.ns.cloudflare.com
Name Server: sandy.ns.cloudflare.com
Registrar Abuse Contact Email: firstname.lastname@example.org
Registrar Abuse Contact Phone: +86.28.62778877 ext 8359
URL of the ICANN WHOIS Data Problem Reporting System: http://wdprs.internic.net/
>>> Last update of WHOIS database: 2018–10–29T07:36:39.0Z <<<
Even ICANN, who is required to maintain accurate WhoIS information by their own charter, is protecting cyber criminals. Notice how they violate their own rules using “REDACTED FOR PRIVACY” because of the GDPR rules.
Notice also, how the domains were created and registered just two weeks ago. This cyber crime cartel has registered dozens of domains on that same day, and when one is reported by FireFox as “dangerous” they’ll drop it and relaunch under a new domain — also protected by Cloudflare.
I have personally reported 305 (Three Hundred and Five) abuses to Cloudflare this year, if you would like to see the forensic data, contact me privately.
OTHER ONLINE REFERENCES:
don’t take my word for it . . .
CrimeFlare : CloudFlare is a venture-funded startup that routes around Internet abuse by acting as a reverse proxy. They also encourage illegality by allowing hackers, DDoSers, cyberbullies, and copyright pirates to hide behind their servers. By 2015, CloudFlare was even protecting websites that recruited for ISIS.
CloudFlare Sex Trafficking? While sex trafficking is already a crime, regulators who championed FOSTA claimed that their new legislation would prevent pimps from prostituting women against their will by also holding any online service that they used to commit the crime liable.
Cloudflare racist hate groups is not an accident. Cloudflare has said it is not in the business of censoring websites and will not deny its services to even the most offensive purveyors of racial hate.
Cloudflare protects and optimizes the content of at least 48 hate websites dedicated to recruiting, organizing and spreading extremist ideologies. Hate group websites happily utilize Cloudflare’s services.
ALL THROUGH THIS ESSAY I have used the metaphor of real world criminal activity, to illustrate the similarities in crimes and cyber criminal activity. I do this to illustrate how strange it is for cyber crime to so closely parallel real world crime, yet be completely allowed. I DO NOT CLAIM OR SUGGEST that Cloudflare has anything to do with guns and pipe bombs or black SUVs or automatic weapons. I use those purely in metaphorical form as metaphor to the crimes Cloudflare does participate in.