Sponsored by..

Saturday 27 April 2013

Is CB3ROB a champion of free speech? Or a spammer?

The alleged arrest of Sven Olaf Kamphuis (aka CB3ROB) of CyberBunker and the eponymous CB3ROB Ltd has thrown Anonymous into a tizzy, with a #freecb3rob campaign running on Twitter.

The arrest was made because of a suspicion that Kamphius might be behind a massive DDoS attack on Spamhaus that also impacted Cloudflare. I don't have any evidence that CB3ROB or any of his business associates are behind the DDoS attack, but there's a well-known public spat between Spamhaus (who accuse Cyberbunker of being spammers) and Cyberbunker (who accuse Spamhaus of being vigilantes who want to stifle free speech).

It's hard to see why Anon is pro-CB3ROB and so anti-Spamhaus. Yes, it has been reported that CyberBunker has helped to host the Pirate Bay and Wikileaks in the past, both favourites of Anon and not necessarily bad things in themselves. And Spamhaus doesn't actually block anything - it provides a reputation scoring system that others can use to see if they want to accept or reject email, but Spamhaus's very assertive actions against CyberBunker seem to have been the trigger.

But perhaps the critical question is this - what does CyberBunker (and CB3ROB Ltd) actually host?

I identified 866 websites in the large 84.22.96.0/19 block (84.22.96.0 - 84.22.127.255) allocated to both CyberBunker and CB3ROB, although this list is probably not comprehensive. This is what I discovered:
  • 74% of them are flagged as spam domains by multi.surbl.org
  • 39% are flagged as spam on more than one blacklist
  • 0.9% of them are flagged as malware domains by Google
  • 78% of them have a poor WOT reputation
You can download the complete set of results from here [csv]. This data includes the domain name, IP, decimalised IP (good for sorting in Excel), WOT rankings, Google Safe Browsing diagnostic and SURBL prognosis.


Given the high level of domains flagged for spam, the obvious conclusion is that CyberBunker has a serious spam problem and a less serious malware problem mostly centered on 84.22.104.244 and also 84.22.104.246 (more info here) Perhaps there are some legitimate sites in this list who have been caught up in the crossfire, although nothing seems to stand out. I'd love to know who is using CyberBunker for anything other than spam and malware.

You can look at the evidence yourself and decide if CB3ROB is a champion of free speech or someone who supports spammers. I know what my conclusion is though.

4 comments:

Bunny said...

I'm enjoying the show.
The whole problem with Anonymous is they are anonymous. Anyone can (and it appears frequently do) claim to be Anonymous.

Witness this drek:

http://www.youtube.com/watch?v=_dATuvMkD9A

The voice synthesis, excess drama and horrible music just add to the complete lack of facts.

Nutjob or nutjob, you choose.

Unknown said...

"websites" are not "spam". websites use 'http' email uses 'smtp'. The inherent problems of your antique and obsolete mail protocol which despite the fact that it would only take half an hour to implement, still lacks a friends list or other opt-in mechanisms after more than 50 years of being around, are none of our concern, as we don't use it nor haven't offered it as a product or service since 2004. As for your allegations regarding 'free speech', We never actually claimed this war would be about 'free speech' in the first place, this war was about taking out one of our enemies (spamhaus), an enemy that we btw shared with some other nation-state actors, that was, at that moment, blackmailing our (and their) transit carriers illegally into breach of contract, as despite the fact that -we- don't use that antique 'email' stuff, their sales departments still did. IP carriers, such as our front operations operating under various names, are not 'responsible' for actions of clients whatsoever, and basically, we don't give a rats ass what they do with your antique mail protocol, even if they would be the spammers from hell that would still be none of our concern. we do not get paid to protect your silly antique protocol against it's own lack of a friends list. and yet, despite all the slander, nobody has ever been able to point out any 'massive' 'spam' having been sent out from ip addresses obtained through us.
furthermore all references you cite are the same party (spamhaus = sorbs) with whom we do not negotiate. funny how you fail to mention that out of their 109 competitors -none- ever listed us except for 1, ran by some kid from his mums basement, that did a manual listing when the war escalated ;) provider immunity also includes the right not to have to waste manhours on random idiots, which, for all matters and purposes, is all spamhaus really is. a bunch of random fucktards blackmailing isps. their terrorist tactics involve creating a slanderous listing, involving deliberate computer sabotage, and then blackmailing the transit carrier in question to waste manhours in contacting them, which we have always refused to do, at which point they simply add more listings. we'll just killed the problem in our own way after several reports to the police appropriate for spamhaus, failed to result in prosecution of spamhaus. and we did, and we will do so again should the need arise.

Unknown said...

as for 'malware', if your operting system is affected by that, i suggest you go get your money back at your supplier as then your operating system itself is simply 'malware'. we also don't get paid to clean up the crap caused by microsofts incompetence, so, they can go screw themselves too.

our clients pay us, and that is the only party to which we have any obligations. period.

microsoft doesn't pay us to 'remove malware' (and as we rent out ip space and servers, doing so would be hacking into rented out equipment, therefore not ours to touch in the first place, as well as breach of contract)

spamhaus doesn't pay us to even -talk to them-

and so, they can basically, both go to hell. fix your own crap. if they're so concerned about unsollicted email hire some fucking developers and bring out a new rfc with a friends list mechanism. their antique protocol is not the problem of isps and carriers, none of which even need to know what it once was anymore, as it's firmly -dead- and has been ever since skype came around.

Unknown said...

also the so-called 'malware' they spread slander about mainly involved some download program to download free versions of stuff like adobe acrobat viewer, but on a subscription basis. if adobe has any problems regarding so-called 'trademarks' they can sort that out with the client, not with us, as for spamhaus, i have no idea what the hell they're poking their dirty nose into in the first place. that GDRP thing is gonna come in handy to impose a 20 million euro fine on them for each individual listing. lol.