Franklin Veaux (tacit) wrote,
Franklin Veaux
tacit

Welcome to Earthlink, where security is something we...wait, what does that word mean again?

Welcome to Earthlink LiveChat. Your chat session will begin in approximately 1 minutes. Feel free to begin typing your question.
'Michael' says: Thank you for contacting EarthLink LiveChat, how may I help you today?


Me: You have been hosting a "phish" page that is intended to steal sensitive financial information from people for more than two months.

Me: Repeated emails to your support and abuse addresses have been ignored.

Me: Months later, the phish site is still active on your network.

Me: Who do I need to call to get you to take responsibility and clean up your network?

Michael: What phishing site are you referring to?

Me: http://aolqr.com/_cqr/login/?Login=&Lis=10&LigertID=1993745&us=1

Me: Went live on June 18, first notified abuse about it on June 20, have since sent a number of emails to support and abuse addresses.

Michael: Have you tried to contact 1-800-955-0186?

Me: I have not. Is this standard accepted practice for notifying Earthlink of phish sites?

Me: Can you explain why your abuse and support email addresses don't appear to be read?

Michael: What abuse address are you sending the reports to?

Me: abuse@earthlink.net, support@earthlink.net

Me: These are the abuse addresses defined in the ARIN Whois information and at abuse.net

Michael: I am not sure why our Abuse department has not responded, but it is best you contact the number I gave you

Me: OK, I will give them a call. Let me say, though, that I am extremely disappointed by Earthlink's lack of responsiveness and willingness to permit this kind of flagrant network abuse.

Chat session has been ended by the agent.

Welcome to Earthlink LiveChat. Your chat session will begin in approximately 2 minutes. Feel free to begin typing your question.
Please hold for an agent. While you are waiting, please feel free to begin typing your issue in the box below. Try to be as descriptive as possible. Once an agent is assigned to the chat, click SEND to transmit what you have typed.
'Michael' says: Thank you for contacting EarthLink LiveChat, how may I help you today?


Me: I just spoke to you about the phish site you were hosting. The 800 number you gave me to call directed me to a recording telling me to use the support chat, and disconnected.

Me: So, your abuse email doesn't work and neither does the phone number. Any other ideas?

Michael: Can you please try again

Me: Try the phone number again?

Michael: i am not sure why you cannot connect to the number I gave you, as we have persons right now ready to take your call

Michael: yes

Me: I'm calling right now, ending up in a voicemail system. I am not an existing customer, I have not recently placed an order.

Michael: What is the system asking you for?

Me: The phone number associated with my account.

Michael: Just provide your phone number

Me: I say "none," and I hear a recording about "We are experiencing high call volumes. Please call back later or use our online support at support.earthlink.net"

Michael: Try 1-888-3278454

Me: Ah, now someone is on the phone.

Michael: great

Michael: Thank you for using EarthLink LiveChat. Should you need further assistance, please contact us again.

Chat session has been ended by the agent.

(A long and frustrating conversation ensues, in which I try to explain to a person whose native language is not English what a "phish" site is and what the Web domain in question is)

Guy on phone: I do not see anything on that Web site.

Me: The top level of aolqr.com doesn't give you anything but a 403 Forbidden. You have to go to http://aolqr.com/_cqr/login/?Login=&Lis=10&LigertID=1993745&us=1 to see the phish.

Guy on phone: Please hold.

Bad hold music plays...

Guy on phone: What company are you working for?

Me: Huh?

Guy on phone: I have been instructed to ask, what company are you working for? What is the name of your company?

Me: I'm not working for any company. I'm trying to tell you about a phish site on your servers.

Guy on phone: Please hold.

More bad hold music plays...

Guy on phone: I have spoken to our engineering team. They have inactivated the Web site.

Me: *does a little dance*




Seriously? This is abysmal. A (quasi-)reputable Web hosting firm that allows phish sites to remain active for months on its network, doesn't pay attention to abuse reports, and makes people call on the phone to report phish pages? Now that estdomains.com is no longer the bad guys' go-to for one-stop Internet fraud, it's nice to see a domestic company like Earthlink stepping in to fill the gap.

I suppose I shouldn't attribute to malice what can adequately be explained by stunning, jaw-dropping, jesus-christ-you-have-got-to-be-kidding-me incompetence, but still. Past a certain point, any sufficiently advanced incompetence is indistinguishable from malice.
Tags: computer security, wtf
Subscribe
  • Post a new comment

    Error

    default userpic

    Your reply will be screened

    Your IP address will be recorded 

    When you submit the form an invisible reCAPTCHA check will be performed.
    You must follow the Privacy Policy and Google Terms of use.
  • 16 comments