Blue is Back

Blue Security is back online today after switching to an Anti-DDoS solution provider, Prolexic.

Blue also revealed that the Spammer known as “PharmaMaster” was behind the attack, and was quoted as saying: “If I can’t send Spam, there will be no Internet.” This spammer has exhibited power over huge botnets to launch DDoS attacks and he uses his cash and influences to bribe tier 1 ISP’s to illegally blackhole companies.

From Blue Security’s Website here:

Internet under Attack by Renegade Spammer; Blue Security Responds; Blue Security Identifies “PharmaMaster” as the Illegal Spammer Who is Threatening the Internet to Keep His Spam Business Running

MENLO PARK, Calif.–(BUSINESS WIRE)–May 4, 2006–Blue Security, Inc., developers of the Do Not Intrude Registry(TM) solution to eliminate unsolicited e-mail spam, responded today to the latest attempts from a renegade spammer who is trying to stop Internet users from opting out of receiving his spam. “PharmaMaster”, one of the world’s leading spammers, is the culprit who is holding the entire Internet hostage to stop the Blue Community and keep his spam business running.

Eran Reshef, CEO of Blue Security, said, “Six out of the top 10 spammers worldwide have stopped sending spam to the Blue community recently; as such, PharmaMaster is determined to prevent this change in the spam economy. After a barrage of threatening letters this week that only made the Blue community stronger, PharmaMaster resorted to sophisticated attacks on Blue Security.”

Reshef continued, “The attacks started with a strike on the Internet backbone itself, causing the Blue Web site to become inaccessible to visitors outside Israel, while remaining available for Israeli visitors. How exactly this attack was carried out is still unresolved, but what is clear is that PharmaMaster boasted that it was he who was able to make a top-tier ISP’s staff member to block Blue Security’s former IP address (194.90.8.20) at the backbone routers.”

In PharmaMaster’s words (taken from ICQ sessions where PharmaMaster contacted Blue Security): ‘Support (top-tier ISP’s name withheld) says: Yes wont be a problem, I’ll make sure to block all traffic to this domain very soon just get me reports, mate.’

Reshef continued, “Thirty minutes after Blue closed its Israeli site and posted a note on its blog site, PharmaMaster ruthlessly ordered a massive, sophisticated DDoS attack against any site associated with Blue. This attack caused five top-tier hosting providers in the U.S. and Canada, a major DNS provider and a popular blog site to go down for several hours.”

PharmaMaster summarized the situation (excerpt from ICQ session): “you know Ii feel sorry for you and all the world 9000 servers (which) are down :-)”

According to Reshef, PharmaMaster also told Blue Security that if he can’t send spam, there will be no Internet. He also said that he will do whatever it takes to continue his fight but acknowledged the power of the Blue Community.

PharmaMaster (excerpt from ICQ session): “Blue found the right solution to stop spam, and I can’t let this continue.”

Blue Security is working hard to restore its community-based anti-spam service to its members, and has already started contacting the relevant authorities. Blue Security is working closely with its service providers and partners to help resolve the problems and mitigate risk.

For those that do not realize it, the Internet is not controlled by ISP’s. The Internet is controlled by a core group of individuals that have the root passwords to backbone routers. Most of those people work for the ISP’s for an honest salary. Others are shady, sometimes engaged in petty quarrels or pissing contests with other router operators. Some are full blown criminals, who appear on the internet long enough to launch viruses, DDoS attacks, or BGP poisoning to blackhole domains for a fee, fun or vengeance, and then disappear off of the wire.

This is a perfect example why the Department of Homeland Security created a Cyber division to deal with the threats to the Internet. If this spammer could do this to BlueSecurity, he could do it to any American enterprise, and that would be really bad if it were part of the critical infratstructure. The Feds are certainly involved now, given his threats to damage the Internet.