Hello,
My name is Konstantin Poltev and I'm with Esthost. I'd like to ask
you to read through this email before hastily replying.
As you are probably aware, Esthost has been accused of pretty much every
mortal sin - from cybercrime to being KGB-sponsored part of Russian
Business Network involved in information warfare against Georgia [R1].
However, that's just one side of the story. I'd like to present our side,
in this email, and in person - I am right here at NANOG, ready to answer
your questions.
I've initially planned to make a short presentation during security BOF,
but decided against it - I believe tempers are still too hot to hear our
side of the story, also, my English is not quite as good to be able to
stand up before 1000 people.
However, I'll be around, in the hotel bar, should anyone want to ask me
any questions in person - or should any law enforcement officer wish to
arrest me :)
Now, on to the story:
First, few words on the "community police" that is accusing us of all the
misdeeds. The accusations initially were made by (anonymous) John Reid
from Spamhaus, then continued with anonymous rbnexploit blog, then by Jart
Armin from the "hostexploit". All of those are (to my knowledge) are very
much anonymous.
I'd love to debate the report and their accusations, in public, but,
regretfully, I don't see this happening anytime soon - while I'm very much
willing to travel to US and subject myself to US jurisdiction, my accuser
John Reid in Spamhaus is anonymous, and Spamhaus itself claims not to be
subject to any US laws, where it clearly does business. It begs the
question - how come the alleged "criminals" are so brazen, and alleged
"community police" so anonymous? One possible conclusion is that there's
no evidence of a crime, and "community police" is nothing short of a lynch
mob, that needs no evidence, heeds no laws, and acts as a judge, jury and
executioner. However, more on spamhaus later.
Finally, the last point was the publication of an article in Washington
Post by Brian Krebs. Brian, as it appears, has commissioned the
hostexploit report, and it makes a wonderful media story - you have
full-on thriller, with cybercriminals out of Estonia being aided by
corporations small and large in US - it doesn't get any better than that.
Unfortunately, said report is full of unsubstantiated allegations - in
fact, not just unsubstantiated, but clearly known to be false to anyone
who is actually in the industry (more on this later).
Brian has attempted to ask us for our side of the story. However, the
questions asked were "How many EstHost employees have graduated the KGB
military public information school?", "How often does KGB/GRU/FSB ask
Esthost to implement special measures against Western visitors", "Does
Esthost provide GRU/SVR with information about Western visitors", "What
percentage of Est's revenue is reinvested by FSB into Est's
infrastructure".
I'm dead serious - those were the questions - I can't make this up. You
can draw your own conclusions on Brian's bias and the desire of a
sensational story.
I'd like to point out that Esthost doesn't hide behind anonymity - names
of the owners of Esthost are well known, and we live in Estonia, which,
despite what you think, is as much of a Western-world country with rule of
law as, say, France or Germany - with criminal police, extradition
treaties, Interpol membership, etc.
What is the truth?
We have no affiliation with "Russian Business Network" (if there ever was
such a thing). We have no affiliation with Emil or Atrivo (other than
being an ex-customer). We have no affiliation with HostFresh. We don't
know what *they* do with their network, or their abuse complaints - we can
only speak for ourselves.
Onto the discussion of the "hostexploit report" itself: I am surprised
that it appears that nobody actually have taken time to read the report -
as inaccuracies are glaring enough to be immediately noticable. Report is
hardly "unbiased" - it is a very beautifully typeset piece whose purpose
is to smear our company (and our vendors' vendors' vendors, and our
customers, and just about anyone else, maybe short of the guys who deliver
pizza to our office).
As I point out flaws in the report, I'd like to again emphasize, we are
not atrivo. I believe Emil and Atrivo were unfairly smeared, and as much
as Esthost, they deserve fairness, although I can't speak for the rest of
Atrivo's customers, not affiliated with Esthost. Report itself is located
at: http://hostexploit.com/downloads/Atrivo%20white%20paper%20082808ac.pdf
First part of report is fluff - using spamhaus pages as evidence of
wrongdoing.
Let's start with obvious:
** Page 16 - the page with the actual data:
Google has 4 times more infections than Atrivo, and approximately same
infection rate. Are they also cyber-criminals? Chinanet-backbone - has 48
times number of Atrivo's