[anti-abuse-wg] Another dubious UAE company with RIPE-issued resources
Ronald F. Guilmette rfg at tristatelogic.com
Tue Jul 19 20:43:17 CEST 2016
Recently, I've posted here about Host Sailor, Ltd., which claims to be incorporated in the United Arab Emirates, and which has a boatload of IP addresses, most of which were given to it by RIPE. As I've demonstrated, quite a lot of those IP addresses are associated with domains that themselves are rather clearly associated with the so-caller Angler Exploit Kit. Switching gears, I want to make you all aware of a new story that Brian Krebs has just put up on his blog today. This story rather clearly connects a certain Russian gentleman to both the so-called "Carbanak" strain of banking malware, and also to another unrelated company which also claims to be incorporated in U.A.E, i.e. a company called "CubeHost, Ltd." which also has its own RIPE-issued /24 block, from whence all manner of nefarious and criminal activities have emmanated, over time: http://krebsonsecurity.com/2016/07/carbanak-gang-tied-to-russian-security-firm/ For those of you not already familiar with the Emirate of Ras al Khaimah, one of the several largely automonous emirates comprising the United Arab Emirates, you may find the following short clarification illuminating: http://rijock.blogspot.com/2015/02/rak-emerging-as-new-money-laundering.html Regards, rfg P.S. If Ras al Khaimah really is "the Cayman Islands of the Gulf", then it would be equally true, I think, to say that RIPE is effectively the Cayman Islands of the Internet. Whether this is what it should be or not is, of course, a matter of debate.