?

Log in

No account? Create an account

Previous Entry | Next Entry

Welcome to Earthlink LiveChat. Your chat session will begin in approximately 1 minutes. Feel free to begin typing your question.
'Michael' says: Thank you for contacting EarthLink LiveChat, how may I help you today?


Me: You have been hosting a "phish" page that is intended to steal sensitive financial information from people for more than two months.

Me: Repeated emails to your support and abuse addresses have been ignored.

Me: Months later, the phish site is still active on your network.

Me: Who do I need to call to get you to take responsibility and clean up your network?

Michael: What phishing site are you referring to?

Me: http://aolqr.com/_cqr/login/?Login=&Lis=10&LigertID=1993745&us=1

Me: Went live on June 18, first notified abuse about it on June 20, have since sent a number of emails to support and abuse addresses.

Michael: Have you tried to contact 1-800-955-0186?

Me: I have not. Is this standard accepted practice for notifying Earthlink of phish sites?

Me: Can you explain why your abuse and support email addresses don't appear to be read?

Michael: What abuse address are you sending the reports to?

Me: abuse@earthlink.net, support@earthlink.net

Me: These are the abuse addresses defined in the ARIN Whois information and at abuse.net

Michael: I am not sure why our Abuse department has not responded, but it is best you contact the number I gave you

Me: OK, I will give them a call. Let me say, though, that I am extremely disappointed by Earthlink's lack of responsiveness and willingness to permit this kind of flagrant network abuse.

Chat session has been ended by the agent.

Welcome to Earthlink LiveChat. Your chat session will begin in approximately 2 minutes. Feel free to begin typing your question.
Please hold for an agent. While you are waiting, please feel free to begin typing your issue in the box below. Try to be as descriptive as possible. Once an agent is assigned to the chat, click SEND to transmit what you have typed.
'Michael' says: Thank you for contacting EarthLink LiveChat, how may I help you today?


Me: I just spoke to you about the phish site you were hosting. The 800 number you gave me to call directed me to a recording telling me to use the support chat, and disconnected.

Me: So, your abuse email doesn't work and neither does the phone number. Any other ideas?

Michael: Can you please try again

Me: Try the phone number again?

Michael: i am not sure why you cannot connect to the number I gave you, as we have persons right now ready to take your call

Michael: yes

Me: I'm calling right now, ending up in a voicemail system. I am not an existing customer, I have not recently placed an order.

Michael: What is the system asking you for?

Me: The phone number associated with my account.

Michael: Just provide your phone number

Me: I say "none," and I hear a recording about "We are experiencing high call volumes. Please call back later or use our online support at support.earthlink.net"

Michael: Try 1-888-3278454

Me: Ah, now someone is on the phone.

Michael: great

Michael: Thank you for using EarthLink LiveChat. Should you need further assistance, please contact us again.

Chat session has been ended by the agent.

(A long and frustrating conversation ensues, in which I try to explain to a person whose native language is not English what a "phish" site is and what the Web domain in question is)

Guy on phone: I do not see anything on that Web site.

Me: The top level of aolqr.com doesn't give you anything but a 403 Forbidden. You have to go to http://aolqr.com/_cqr/login/?Login=&Lis=10&LigertID=1993745&us=1 to see the phish.

Guy on phone: Please hold.

Bad hold music plays...

Guy on phone: What company are you working for?

Me: Huh?

Guy on phone: I have been instructed to ask, what company are you working for? What is the name of your company?

Me: I'm not working for any company. I'm trying to tell you about a phish site on your servers.

Guy on phone: Please hold.

More bad hold music plays...

Guy on phone: I have spoken to our engineering team. They have inactivated the Web site.

Me: *does a little dance*




Seriously? This is abysmal. A (quasi-)reputable Web hosting firm that allows phish sites to remain active for months on its network, doesn't pay attention to abuse reports, and makes people call on the phone to report phish pages? Now that estdomains.com is no longer the bad guys' go-to for one-stop Internet fraud, it's nice to see a domestic company like Earthlink stepping in to fill the gap.

I suppose I shouldn't attribute to malice what can adequately be explained by stunning, jaw-dropping, jesus-christ-you-have-got-to-be-kidding-me incompetence, but still. Past a certain point, any sufficiently advanced incompetence is indistinguishable from malice.


Comments

( 17 comments — Leave a comment )
edm
Aug. 14th, 2011 10:07 pm (UTC)
Incompetence
[A]ny sufficiently advanced incompetence is indistinguishable from malice

It seems to me that ought to be printed on T-shirts and sold (at least to sysadmins/netadmins!). (Perhaps with suitable reference to the original, which is also appropriate for most sysadmin/netadmin work....)

Sadly I've pretty much given up trying to report such things due to the general disinterest around in fixing them. So I very much admire your persistence in reporting it (including a complex URL via phone!) and getting it taken down (at last).

Ewen

gesundyke
Aug. 14th, 2011 10:48 pm (UTC)
Re: Incompetence
Make the shirt, I'll buy seven. :)
labelleizzy
Aug. 15th, 2011 05:12 am (UTC)
Re: Incompetence
fuck, I'll even buy one for a friend who's sysadmin at a struggling church nonprofit.
whitefox77
Aug. 15th, 2011 03:01 pm (UTC)
Re: Incompetence
Oh yes, my entire department needs these shirts.
greenquotebook
Aug. 14th, 2011 10:36 pm (UTC)
any sufficiently advanced incompetence is indistinguishable from malice.

Beautiful. Just beautiful.
addiejd
Aug. 14th, 2011 11:07 pm (UTC)
But I don't think it really is incompetence; I think it's negligence and laziness. I have seen this type of behavior over and over again in several different forms in different types of institutions. It's not that the people are incapable of doing what you want, it's that they hope that the more hoops you have to jump through the more likely you'll just drop it and then they won't have to do any work.
peristaltor
Aug. 15th, 2011 03:36 am (UTC)
I join in the last sentence love. I wear an extra-large.

Just finishing Michael Shermer's The Mind of the Market. In the chapter "Do No Evil", he points out that the structure of the organization can lead to that organization's evil, be it by pitting departments against each other with sufficient stakes ("encouraging competition"), or by dividing the task responsibilities enough to prevent any manner of transparency. Sounds like Earthlink might be victim of the latter.
tacit
Aug. 15th, 2011 07:28 pm (UTC)
Ooh, I'll have to check that one out. I love Michael Shermer (I trust you've read "Why People Believe Weird Things" and "The Science of Good and Evil"?).
peristaltor
Aug. 15th, 2011 08:11 pm (UTC)
Yes, on Weird, not yet on Evil. I also enjoyed Why Darwin Matters.

Weird Things should be required reading in high school.
pingback_bot
Aug. 15th, 2011 07:25 pm (UTC)
I'm Not Alone in Wanting This On a T-Shirt
User peristaltor referenced to your post from I'm Not Alone in Wanting This On a T-Shirt saying: [...] From [...]
pingback_bot
Aug. 15th, 2011 09:01 pm (UTC)
No title
User interactiveleaf referenced to your post from No title saying: [...] Past a certain point, any sufficiently advanced incompetence is indistinguishable from malice. [...]
interactiveleaf
Aug. 15th, 2011 09:03 pm (UTC)
Past a certain point, any sufficiently advanced incompetence is indistinguishable from malice.

Yeah, you've just explained several arguments I've had over various Presidential administrations in a single sentence. Thanks.
(Deleted comment)
virtualmel
Aug. 15th, 2011 11:09 pm (UTC)
As someone that kind of works in the fraud/abuse field (more fraud than abuse, really), and formerly working for Earthlink... Last I heard I could count the number of employees in the fraud/abuse group on one hand.

In general, it is extremely frustrating to try and get large companies upper management to even be interested in such things. Security costs money, but doesn't bring any in. Worst case, security can actually bring down the bottom line. Never you mind that customers generally appreciate and potentially will do more business with companies that have better security. *shrug* It's a pervasive mind-set, unfortunately.
whitefox77
Aug. 16th, 2011 06:07 am (UTC)
And a dangerous one. The laws at this point clearly state that if a company knows they have a maliciousness site on the servers, and they do nothing, they can be held liable for the damage done. A class action suite by everyone screwed over by a phishing site could cost them a lot more than the price of decent security.
xaotica
Aug. 17th, 2011 11:27 pm (UTC)

i spent 3 hours trying to get AT&T to change my account from discounted for university of wisconsin to discounted for university of washington. i was only ultimately able to succeed by stalking them on twitter.

so my new method of handling situations where i get bounced around on the phone / online chat and no one knows what i'm talking about is to find them on twitter and complain there... but it really irritates me. my mom isn't gonna track people down on twitter. and it sucks that they don't want to handle customer service / tech support well unless it's a situation where it could result in bad publicity if they don't.
dreamsinanime
Aug. 21st, 2011 03:01 am (UTC)
"any sufficiently advanced incompetence is indistinguishable from malice."

Beautiful words! My gods, how many times I've tried to tell people this but not been able to find the words for the concept and ended up with awkward ranting around the bush. I'm quoting this from now on. ^_^
( 17 comments — Leave a comment )