August 28, 2016

Earlier this month, KrebsOnSecurity published The Reincarnation of a Bulletproof Hoster, which examined evidence suggesting that a Web hosting company called HostSailor was created out of the ashes of another, now-defunct hosting firm notorious for harboring spammers, scammers and other online ne’er-do-wells. Today, HostSailor’s lawyers threatened to sue this author unless the story is removed from the Web.

Obviously, I stand by my reporting and have no intention of unpublishing stories. But I’m writing about HostSailor again here because I promised to post an update if they ever responded to my requests for comment.

The letter, signed by Abdullah Alzarooni Advocates in Dubai — where HostSailor says it is based — carries the subject line, “Warning from Acts of Extortion and Abuse of the Privacy of Third Parties.” It lists a number of links to content the company apparently finds objectionable.

Could this same kind of legal pressure be why security industry giant Trend Micro removed all reference to HostSailor from the report that started all this? Trend hasn’t responded to direct questions about that.

Astute readers will notice in the letter (pasted below) a link to a Twitter message from this author among the many things HostSailor’s lawyers will like me to disappear from the Internet. That tweet to HostSailor’s Twitter account read:

“Potential downside of reporting ISIS sites: The hosting firm (ahem @HostSailor) may share your info/name/report with ISIS. Opsec, people!”

I sent that tweet after hearing from a source with whom I’ve been working to report sites affiliated with the jihadist militant group ISIS. The source had reported to HostSailor several of its Internet addresses that were being used by a propaganda site promoting videos of beheadings and other atrocities by ISIS, and he shared emails indicating that HostSailor had simply forwarded his abuse email on to its customer — complete with my source’s name and contact information. Thankfully, he was using a pseudonym and throwaway email address.

HostSailor’s twitter account responded by saying that the company doesn’t share information about its customers. But of course my tweet was regarding information shared about someone who is not a HostSailor customer.

This isn’t the first time KrebsOnSecurity has been threatened with lawsuits over stories published here. The last time I got one of these letters was in Sept. 2015, from a lawyer representing AshleyMadison’s former chief technology officer. The year before, it was Sony Pictures Entertainment, whose lawyers lashed out a large number of publications for too closely covering its epic and unprecedented data breach in 2014.

Prior to that, I received some letters from the lawyers for Igor Gusev, one of the main characters in my book, Spam Nation. Mr. Gusev’s attorneys insisted that I was publishing stolen information — pictures of him, financial records from his spam empire “SpamIt” — and demanded that I remove all offending items and publish an apology.

My attorney in that instance laughed out loud when I shared the letter from Gusev’s lawyers, calling it a “blivit.” When I apparently took more than a moment to get the joke, he explained that a “blivit” is a term coined by the late great author Kurt Vonnegut, who defined it as “two pounds of shit in a one-pound bag.”

Only time will tell if this letter is a blivit as well. I’ve taken the liberty of sanitizing the PDF document it came in, and converting that into two image files – in case anyone wants to take a look.

An emailed "legal notice" I apparently received from a law firm in Dubai, demanding that I unpublish an unflattering story about HostSailor.

An emailed “legal notice” I apparently received from a law firm in Dubai, demanding that I unpublish an unflattering story about HostSailor.


82 thoughts on “HostSailor Threatens to Sue KrebsOnSecurity

  1. Laurel chesky

    That’s hilarious, I’m sure Host Sailor can’t wait to go through discovery.

  2. Amy Porcari

    I pray you have the money for attorneys and you can fight these guys should they be stupid enough to force this. Once they loose and all their contact and owner information is available thru a court action, our government can help to hunt these guys down.

  3. Andy

    Believe clintonemail.com still up
    someone still running this email site

    1. k0nsl

      No, it isn’t online. What relevance does your comment have with the post about HostSailor and their threat about suing Krebs?

      -k0nsl

  4. Craig Thomas

    What kind of a lawyer signs his correspondence but omits to put his name on it?

  5. Festering_Lot

    What attorney writes “…by posting lots of reports…”? How many reports in a lot?

    1. Old School

      It was probably one of the junior ISIS wannabe-martyrs…

      Depends on the size of the lot?

  6. Bryan Smith

    Any chance of calling them Daesh instead of ISIS?

    1. Pat Suwalski

      ISIL would be preferable. Why would you pander to using their acronym in their own language? It otherwise means exactly the same thing, though ISIL is a better translation.

      1. Brian Fiori (AKA The Dean)

        IMO, ISIL is preferable to ISIS, for several reasons. But Daesh is even better, if only because those in charge of ISIL/ISIS despise its use.

  7. roflem

    Ohh….the popcorn I was awaiting weeks ago really took very very long to pop and now smells like a blivit. 🙂
    A bit entertaining. Maybe the “advocate” thinks he is entitled to call himself so because he wears a long robe all the time? And why can’t hostsailor afford a real lawyer in the US? Why don’t you buy some VSS and become a client to see if hostsailors customer service is as slow as this “lawyer” ?

  8. Lee Ann

    Thank you for doing all you do to help us with issues of internet, banking, etc. safety. I need to add your name to my prayer list. I hope HostSailor doesn’t sue you, & all the hassle that would entail.

  9. SeymourB

    Calumny? Someone’s thesaurus is getting a workout.

    I wish them luck trying to get you extradited to the UAE so whatever court judgement they arrive at can be enforced.

  10. jacka1

    About time somebody did this 😉 Although these lawyers are unfortunately fake. Brian is clueless about security, fraud, etc. Just republishes somebody else’s content and pretends he understands the industry.

  11. Hacking tools

    Earlier this month, Krebs On Security published The Reincarnation of a Bulletproof Hoster, which examined evidence suggesting that a Web hosting company called Host Sailor was created out of the ashes of another, now-defunct hosting firm notorious for harboring spammers, scammers and other online ne’er-do-wells. Today, Host Sailor’s lawyers threatened to sue this author unless the story is removed from the Web.

Comments are closed.