Verizon accused of ignoring spammers' IP address theft

United States telco Verizon has been accused by an antispam organisation of routing illictly obtained internet addresses for spammers, and ignoring complaints about the subsequent abusive activity.

Spamhaus, which is a not for profit organisation based in Switzerland and the UK and which maintains blocking lists and intelligence databases of spam and malware operations, accused Verizon of routing traffic for American cyber criminals over the weekend.

Due to the older Internet Protocol version 4 (IPv4) address ranges being exhausted throughout the world, Spamhaus said spammers cannot get hold of addresses through legitimate means.

Instead, spammers frequently steal addresses allocated to organisations that aren't using them for various reasons, Spamhaus said.

"There is a thriving black market in IP addresses; spammers don't care whether the source of their IP addresses is legitimate or even legal.

"A cybercriminal that can steal a large IP address block (for example, a/16 or 65,536 IP addresses) can generate thousands of dollars per month", Spamhaus said.

According to the organisation, over four million stolen IPv4 addresses are routed by Verizon currently. This makes Verizon the sixth worst spam support ISP in the world, Spamhaus said.

Spamhaus said it has contacted Verizon regularly about the spam and abuse since July last year. Verizon has told Spamhaus repeatedly it is looking into the problem, but the routing of the stolen IP addresses continues, the organisation said.

Rich Young of Verizon's communications department told iTnews that the provider is reviewing the alleged situation, but offered no further comment.

Most of the IPv4 blocks hijacked by spammers have been allocated to Chinese and Korean internet providers, and the Asia-Pacific Network Information Centre is aware of the situation.

Spokesperson Tony Smith said two Chinese and Hong Kong-based APNIC members have been contacted by the regional internet registry about the network abuse, so that they can contact Verizon and other providers who announce hijacked address routes to rectify the situation.

Other address blocks listed by Spamhaus as being hijacked by spammers were allocated by APNIC to the Chinese and Korean Network Information Centres (CNNIC and KRNIC respectively), Smith said.

CNNIC and KRNIC have been contacted by APNIC about the Spamhaus report, so that they can investigate, Smith said.

The providers whose internet addresses have been hijacked and routed through Verizon are not in breach of their APNIC agreements, according to Smith.

"We can't terminate the members' right to use those resources unless they have breached their agreement with APNIC, which is not the case right now," Smith said.

While APNIC has no powers to withdraw address registrations, investigative powers or ability to take action like a law enforcement agency, the RIR offers training to providers, and seeks to educate them about network abuse.