Verizon allegedly aided cybercriminals by routing 4 million stolen IP addresses for them

An international non-profit organisation devoted to fighting spam has accused US telecommunications provider Verizon of aiding cybercriminals by routing millions of IP addresses through its servers without properly checking the identities of those who wanted to set up the route.

The Spamhaus Project is an international organisation based in London and Geneva that maintains a real-time blocklist of the internet's worst spammers and works with internet service providers (ISP) and law enforcement to identify them and get them to stop.

But now the Spamhaus Project's Barry Branagh is specifically pointing the finger at Verizon, the second largest broadband provider in the US, because there are currently more than four million stolen IP addresses being used by cybercriminals that are being routed through Verizon's network.

Every time your device tries to access the internet, it is assigned an IP address. When the internet was first invented in the 1970s, the Internet Protocol Version 4 (IPv4) was established and allowed space for a total of more than four billion addresses. Today, we have so many more devices than predicted that IPV4 addresses are close to running out, so the internet is having to move over to IPv6, which will enable many more hosts to be connected and a lot more data traffic to be transmitted.

Spammers buying large blocks of stolen IP addresses

Spammers are not easily able to obtain new IP addresses legally in order to spam people with, so they would typically want blocks of IP addresses that are dormant. And if they do not want to steal the addresses themselves, there is a bustling black market where cybercriminals steal these large blocks of IP addresses and then sell them off for thousands of dollars per month.

But once the spammers have the IP addresses they need, they still need to route them to the rest of the internet in order for their spam campaigns to work, so they need to sign up as an autonomous system with an ISP by presenting forged authorisation documents. Once authenticated as an autonomous system, the cybercriminal then receives an autonomous system number and the routes to their stolen IP addresses are announced.

The problem, Branagh said, is that Verizon is not properly checking the autonomous system registration system, so even though the routing requests often look highly suspicious, no red flags are raised and the spammers are in business. And of course, all of the cybercriminals' activities are illegal under US law.

Is Verizon turning a blind eye to suspicious routing requests?

Spamhaus Project has ranked Verizon as seventh on its list of "The World's Worst Spam Support ISPs". The stolen IP addresses primarily come from countries such as China, Korea, Hong Kong and the US, and until 2013, many of the IP addresses had not been used at all for at least a decade.

"It seems very strange that a large US-based ISP can be so easily convinced by abusers to route huge IP address blocks assigned to entities in the Asian-Pacific area. Such blocks are not something that can go unnoticed in the noise of everyday activity. They are very anomalous, and should call for an immediate accurate verification of the customer. Internal vetting processes at large ISPs should easily catch situations so far from normality," Branagh wrote in a blog post.

"Furthermore, since July 2015, Spamhaus has repeatedly informed Verizon about this problem, approaching every single contact known to us. In addition to contacts within Verizon Abuse and Security, we have also approached people in Verizon management. Various Verizon staff have promised to look into the situation, but the announcements continue and the spam and cybercrime keeps flowing."

Verizon spokesperson David Samberg told IBTimes UK: "I can't discuss the specific claims made in the Spamhaus post. What I will say, however, is that we do have a strong commitment to combating internet abuse. We have a program that involves education and notification for our end users and provide tools making reporting internet abuse to us easy. We also have a dedicated abuse team ensuring compliance with our Acceptable Use Policy."