Saturday, 27 April 2013

Is CB3ROB a champion of free speech? Or a spammer?

The alleged arrest of Sven Olaf Kamphuis (aka CB3ROB) of CyberBunker and the eponymous CB3ROB Ltd has thrown Anonymous into a tizzy, with a #freecb3rob campaign running on Twitter.

The arrest was made because of a suspicion that Kamphius might be behind a massive DDoS attack on Spamhaus that also impacted Cloudflare. I don't have any evidence that CB3ROB or any of his business associates are behind the DDoS attack, but there's a well-known public spat between Spamhaus (who accuse Cyberbunker of being spammers) and Cyberbunker (who accuse Spamhaus of being vigilantes who want to stifle free speech).

It's hard to see why Anon is pro-CB3ROB and so anti-Spamhaus. Yes, it has been reported that CyberBunker has helped to host the Pirate Bay and Wikileaks in the past, both favourites of Anon and not necessarily bad things in themselves. And Spamhaus doesn't actually block anything - it provides a reputation scoring system that others can use to see if they want to accept or reject email, but Spamhaus's very assertive actions against CyberBunker seem to have been the trigger.

But perhaps the critical question is this - what does CyberBunker (and CB3ROB Ltd) actually host?

I identified 866 websites in the large 84.22.96.0/19 block (84.22.96.0 - 84.22.127.255) allocated to both CyberBunker and CB3ROB, although this list is probably not comprehensive. This is what I discovered:
  • 74% of them are flagged as spam domains by multi.surbl.org
  • 39% are flagged as spam on more than one blacklist
  • 0.9% of them are flagged as malware domains by Google
  • 78% of them have a poor WOT reputation
You can download the complete set of results from here [csv]. This data includes the domain name, IP, decimalised IP (good for sorting in Excel), WOT rankings, Google Safe Browsing diagnostic and SURBL prognosis.


Given the high level of domains flagged for spam, the obvious conclusion is that CyberBunker has a serious spam problem and a less serious malware problem mostly centered on 84.22.104.244 and also 84.22.104.246 (more info here) Perhaps there are some legitimate sites in this list who have been caught up in the crossfire, although nothing seems to stand out. I'd love to know who is using CyberBunker for anything other than spam and malware.

You can look at the evidence yourself and decide if CB3ROB is a champion of free speech or someone who supports spammers. I know what my conclusion is though.

1 comment:

Bunny said...

I'm enjoying the show.
The whole problem with Anonymous is they are anonymous. Anyone can (and it appears frequently do) claim to be Anonymous.

Witness this drek:

http://www.youtube.com/watch?v=_dATuvMkD9A

The voice synthesis, excess drama and horrible music just add to the complete lack of facts.

Nutjob or nutjob, you choose.