Saturday, December 11, 2010

Verizon purposely blocking “Operation Payback” IP’s

If this makes you angry, SPREAD THE WORD. It's the only way they wont get away with it!

Update: 2:26pm EST: Less than 12 hours after I broke this story, Verizon has unblocked 91.121.72.103. This is only one of the IP's they blocked that I was able to identify and confirm, however it seems to be the most widely used and noticed. Come on Verizon, make it quick with the others. I have updated the tracert logs in this post to reflect another IP address as to not to confuse the masses.

Many of you may have heard of “Operation Payback is a Bitch” and “Anonymous” by now. Anonymous has been in the news many times recently for their denial of service attacks that took down the corporate websites of Mastercard, Paypal, Visa, and the RIAA to name a few. “Anonymous” is a loosely organized group of hackers who gather on the popular forum site 4chan.  
“Operation Payback” was established several months back in an effort to combat anti-piracy groups and their supporters by taking down their websites and email systems in a forum of online protest. Anonymous coordinated this through a 10+ server IRC network and a modified version of a DDOS program called LOIC. Supporters simply open up LOIC and input a server name. Their computer then becomes part of a “voluntary botnet” attacking whatever the current target is until the website drops offline.  Recently with the Wikileaks scandal, Anonymous has shifted Operation Paybacks efforts to attacking any corporation that actively harms/opposes Wikileaks or Julian Assange.
Earlier this week when Mastercard.com was down for over7 hours followed shortly by Visa.com (both websites targeted due to their refusal to process donations to Wikileaks) many people woke up and realized just how powerful the masses could be. Twitter immediately banned the official Anon Operations account after a link to over 1000 supposedly valid MasterCard Credit card numbers was posted. This was soon followed by Facebook removing the Anonymous Operation Payback supporters group for service violations. Yes many websites and companies online were taking action to prevent Operation Payback from getting out of control. Most all of these were obvious and even quoted the specific section of their TOS they say Anonymous violated. The one company that took not so obvious action was Verizon Internet Services.
As most of you here in the USA know, Verizon offers among the fastest available residential internet connection. They also have a massive share in the business market. Verizon FiOS service now offers up to 35mbps upstream bandwidth. This is more than 10 times the average that cable modem users have.
Thursday evening Verizon pulled a dirty trick by silently blocking most all know IP addresses used by IRC, web and other server operated for Operation Payback. This move was made without notice to Verizon’s customers and without the ability to opt out of the blocking. It is unclear as to Verizon’s motivation for this censorship of the internet. One can speculate that they don’t want their FiOS service making the news as the straw that broke the camel’s back for the next web server to be hit by Anonymous. I suppose if you asked an executive they would spit out some BS about protecting the internet. Protecting us from what?!
Truth is, going to a website that encourages you to perform illegal activities such as Denial of Service attacks is not in any way itself illegal. Nor is connecting to an IRC server where people are discussing such activities. As an individual you are only wrong once you start to participate, which is a choice you would have to make and act upon after visiting an Operation Payback website or connecting to an IRC server.
So I know you all want proof and trust me I have no shortage of it. I have been researching this issue the better part of 3 days. As an IT security worker, I like to stay current on the most recent internet attacks, scams, viruses, etc. It’s my job to stay sharp and it’s what my customers expect from me. I was frequenting the Operation Payback is a Bitch website and connecting to IRC on my FiOS connection when I suddenly got disconnected. Considering this is a loosely organized group with a lot of enemies I simply thought the servers crashed again. However after seeing the Twitter messages continue about people in the IRC room I started to think something might be up. I used remote access software to connect to a machine at my parents house about 80 miles away that has a Comcast connection. I loaded up my IRC client and logged right it. At this point I thought it had to be my PC so I tried another. I looked at my firewall/router and found no problems. After 99 unsuccessful connection attempts to the approximately 10 IRC servers I began to realize something was up.
Below is a list of servers you cannot access if your on Verizon Fios in most areas. I have also found that this may effect some Verizon DSL customers.
83.169.21.109
91.121.72.103 -  Now unblocked in most areas

91.121.92.84
88.198.224.117
178.63.172.193
67.23.234.51
Go ahead. Ping them. Try to connect to them using your favorite IRC client. Now call up your friend on any ISP besides Verizon in the USA and see if it works for them! You may also want to “try” and visit the newest Operation Payback website www.anonops.eu from your FiOS connection. Good luck! (as of 2:36pm EST Verizon has unblocked only 91.121.72.103, so this test will work now in most areas)

 
Now before we move forward I need to make myself clear. I am NOT encouraging you to join Operation Payback. I am simply encouraging you to see for yourself how Verizon is deciding what you can and cannot get to on the internet. Now I’m sure the reason here is obvious, however Verizon is an Internet transit provider, not a babysitter. You should be able to decide where you want to go online. Whats to stop them from blocking other sites they don’t like? Would you even know? “Page cannot be displayed” “hmmm guess they are down” most people think, never realizing Verizon is knowingly and actively denying you access.
Here are some more details on how I tested this to be sure I was right before making this public. A trace route or tracert allows you to initiate a trace of every router your internet traffic goes through to get to it’s destination. Just about any modern PC has this functionality built in. If your request doesn’t go through, running a tracert can help you see why and where the failure is happening. Take a look:
tracert 83.169.21.109
Tracing route to lvps83-169-21-109.dedicated.hosteurope.de [83.169.21.109]
over a maximum of 30 hops:
  1     *        *        *     Request timed out.
  2     *        *        *     Request timed out.
  3     *        *        *     Request timed out.
  4     *        *        *     Request timed out.
  5     *        *        *     Request timed out.
  6     *        *        *     Request timed out.
  7     *        *        *     Request timed out.
  8     *        *        *     Request timed out.
  9     *        *        *     Request timed out.
 10     *        *        *     Request timed out.
 11     *        *        *     Request timed out.
 12     *        *        *     Request timed out.
 13     *        *        *     Request timed out.
 14     *        *        *     Request timed out.
 15     *        *        *     Request timed out.
 16     *        *        *     Request timed out.
 17     *        *        *     Request timed out.
 18     *        *        *     Request timed out.
 19     *        *        *     Request timed out.
 20     *        *        *     Request timed out.
 21     *        *        *     Request timed out.
 22     *        *        *     Request timed out.
 23     *        *        *     Request timed out.
 24     *        *        *     Request timed out.
As you can see, the traffic goes nowhere and is stopped at whatever hop number 1 is. I changed the last digits of the IP address from 109 to 110 and initiated another trace. It went right through and listed a Verizon router as hop #1 meaning the traffic stops being passed once it hits Verizon owned equipment. (note, in the below trace I have masked some addresses to protect my location)
To be sure, my test was valid and this wasn’t a case of a transit problem, I used my Comcast connection to verify that all ending hops leading to 109 and 110 were the same routers. I had no problem doing a tracert on 83.169.21.110 or any other IP’s listed above from Comcast!
C:\Users\test>tracert 83.169.21.110
Tracing route to www.pro-rauchfrei.de [83.169.21.110]
over a maximum of 30 hops:
  1     2 ms     2 ms    <1 ms  l100.nwrknj-vfttp-**.verizon-gni.net [****]
  2     1 ms     2 ms     3 ms  g4-0-1-792.nwrknj-lcr-07.verizon-gni.net [130.81.109.108]
  3     2 ms     2 ms     2 ms  so-5-0-0-0.nwrk-bb-rtr1.verizon-gni.net [130.81.29.8]
  4     2 ms     3 ms     2 ms  0.so-7-0-0.xl3.ewr6.alter.net [152.63.19.177]
  5     6 ms     6 ms     5 ms  0.xe-4-0-0.xl3.nyc4.alter.net [152.63.3.101]
  6     6 ms     5 ms     6 ms  gigabitethernet4-0-0.gw1.nyc4.alter.net [152.63.20.97]
  7     5 ms     4 ms     4 ms  teliasonera-test.customer.alter.net [157.130.255.206]
  8     5 ms     4 ms     4 ms  nyk-bb2-link.telia.net [80.91.250.147]
  9    84 ms    84 ms    86 ms  ldn-bb2-link.telia.net [80.91.253.117]
 10    92 ms    93 ms    92 ms  prs-bb2-link.telia.net [80.91.247.240]
 11   102 ms   102 ms   102 ms  ffm-bb2-link.telia.net [80.91.246.180]
 12   102 ms   101 ms   134 ms  ffm-b7-link.telia.net [80.91.254.253]
 13   103 ms   103 ms   143 ms  xe-0-2-0.cr-polaris.fra1.he-core.de [213.248.104.54]
 14   110 ms   112 ms   114 ms  xe-0-1-0-v2.cr-polaris.fra1.he-core.de [80.237.129.81]
 15   118 ms   118 ms   117 ms  xe-2-3-0.cr-nashira.cgn4.hosteurope.de [80.237.129.165]
 16     *        *        *     Request timed out.
 17   105 ms   105 ms   105 ms 
www.pro-rauchfrei.de [83.169.21.110]
Trace complete.
I then went on Facebook and called out everyone to test this issue for me. In all I had approximately 15 FiOS users from 3 states and 2-3 DSL users run the same test. Of the FiOS users, all of them were unable to get to any of the IP addresses listed above. The traffic died at the first hop and that first hop always ended with verizon-gni.net
Among the Verizon DSL users, one reported the same issue while the other two were fine, leading me to believe this is still rolling out to DSL users.

So where does this leave us? Well it’s clear that Verizon is censoring the internet and this probably isn’t the first time they have done it either. I figured it was an effort in futility but I called FiOS support to ask them about this and got nowhere. Eventually I spoke to a “tier 2 network admin” who assured me “Verizon provides an unrestricted connection to the internet with the exception of port 25 outbound for non-business customers” Funny, when I tested I found that static IP business FiOS customers are censored as well.
SHAME ON YOU VERIZON. We pay you to provide a service, not dictate what we can and cannot view online. Operation Payback is a real problem, however you have no right to simply deny users from accessing any information related to it without their knowledge, and then dney that you are doing so! Your job is to provide a service. As a user of you service, (if I’d want to) I have the right to be an idiot, perform illegal activities online, and then you have the right to suspend my account. That’s how every other ISP does it. What your essentially doing is proactively treating us all like service violators and babies who cant handle the “whole internet”
I encourage everyone to make this as public as possible. Post this on Facebook and Twitter. Spread the word. Make this a PR nightmare for Verizon. This is a slippery slope. Whats to stop a Verizon network administrator from denying any of us access to another part of the internet? Think about it!


For media, questions or other inquires please email: compuboy2010@gmail.com


UPDATE 12/12/10:
I have gotten more and more confirmation of DSL users now being blocked as well. It really depends on your area it seems. I also have my first report of a single FiOS use saying he is not being blocked. (I dont however have a geo location of this user or logs proving this).
I have been actively tracking this post and have seen bits on forums about launching an attack against Verizon. DONT people! That would be the worst move we could make at a time like this. All it will do is give whatever network admin group did this more justification. The right thing to do is to make this viral. Get Verizon customers to call and question why these IP's are blocked. Draw attention to the fact that this was done without customers knowledge. It's the only way.
Send this story and the link into your favorite online media outlet. I can be reached for questions or comments at compuboy2010@gmail.com

14 comments:

  1. Verizon cannot legally do this. They are not able to moderate traffic and at the same time be protected against warez and other complaints.

    They are only protected when they keep a hands-off approach on their network.

    Once they start moderating any lawsuits or legal action that is directed at activity goes right to them and does not need to go through the usual channels since they are moderating traffic.

    Comcast tried this stuff before, you can't have it both ways.

    ReplyDelete
  2. Thats why we need to SPREAD THIS and let everyone know. So they cant get away with it. Because legal or not, they ARE doing it!

    ReplyDelete
  3. VERIZON FiOS & DSL Blocked Users Connect to IRC Server 80.190.98.196 (nitrox.anonops.net) not yet blocked Please forward this info to Social Networks >>>> Please Forward this info !!!!

    ReplyDelete
  4. Your right. Some of the newer IP's are not yet blocked. I cant encourage everyone to spread this around enough. Post a link on twitter, send a link on Facebook etc. The only way to stop them from getting away with this is to make sure it's p[ublic knowledge. I am aware that many members on Anonymous may be reading this blog. That being said, I am not recommending a DDOS or any attack aginst Verizon. Instead, spread the word!

    ReplyDelete
  5. Updates: Verizon has unblocked one of the six IP's I identified them blocking. This is the IP of the anonops webserver and also the one I used in the tracert logs. I have updated the blog to reflect this and put in new tracert logs showing another IP they are STILL blocking. Keep the media pressure up everyone!

    ReplyDelete
  6. please can you confirm if this is your page also
    http://anonymous-payback.tk/ as no one seems to know if this has changed from the MC target. If so can you delete the other page to stop confusion thanks and well done :) UK

    ReplyDelete
  7. Chrissie,
    I have no idea what your talkign about. I am in no way associated with Op Payback or Anonymous. I'm simply reporting on Verizon censoring the internet

    ReplyDelete
  8. Sorry read it as if you had created the .eu site. good info though and have shared it around, you can delete these posts if you like. Im following you on twitter :)

    Chrissie

    ReplyDelete
  9. Chrissie,
    Thx it's cool. I'm leaving your post up incase someone else makes the same mistake ;)
    I was on the .eu site but only to keep tabs on this whole thing. It's my job ;)

    ReplyDelete
  10. Thank you for sharing your through and diligent research efforts with this post!
    Thanks to the efforts of people, such as yourself, censorship is brought out of the technology darkness that is often inaccessible to every day computer/web users such as myself. You have brought a very important example of censorship into the limelight where it can be scrutinized and I thank you.
    I am an adult that does not need Verizon to babysit me and as a result of your post I will be contacting Verizon regarding this matter.
    -Default User

    ReplyDelete
  11. Default User,
    Not sure what happened to your comment but I posted it again below. People such as yourself make all the effort worth it. Many dont understand how serious this is. Yes right now it's some IRC servers used by hackers but in the future what if it's something much more important? Assuming you read this I am VERY interested to hear if you get anywhere with Verizon. They basicly denied it when I called. Maybe we can get a reference number or something and enourage the masses to call.
    Feel free to e-mail me to contact me directly.

    -------------------------------------------


    Thank you for sharing your through and diligent research efforts with this post!
    Thanks to the efforts of people, such as yourself, censorship is brought out of the technology darkness that is often inaccessible to every day computer/web users such as myself. You have brought a very important example of censorship into the limelight where it can be scrutinized and I thank you.
    I am an adult that does not need Verizon to babysit me and as a result of your post I will be contacting Verizon regarding this matter.
    -Default User

    ReplyDelete
  12. First off, I have Verizon DSL. After reading your blog yesterday, I tested it out immediatly, and found that I could not access www.anonops.eu. After confirming others could access, I discovered I could only access it through TOR proxy. I also, unsuccessfully, tried to ping the other ips. I e-mailed your blog to EFF and some details about the issue and received a reply earlier today, where I was thanked for sharing the info.

    ReplyDelete
  13. bugmenotusr,
    Good research. If you wouldn't mind, please forward any reply you get to my email listed on the blog. When I dicsovered this I wasnt really sure what to do or who to contact which is why I made it public. Keep spreading the word! ;)

    Thanks!

    ReplyDelete
  14. Hi Well Verizon denied it all. I have only my mobile phone service with them (5 phones no less) so I have no way of verify it all, believe you of course! But my concern is 1 Obvious censorship and 2) was planning on adding one of those USB phone services (did I say that right? the one you plug into your laptop to access internet) and if I understand your post correctly that will be effected. I will email you and if you don't mind I would like to continue to tweet this topic, include your blog in my blog list and continue to write about it. I know the cables are important but remember the Kansas City Shuffle...make them look right when you go left? I so see them doing behind the scenes things such as this.
    Well off to email you...I am FollowTheOps so look for me.
    -Default User

    ReplyDelete