Posts Tagged: Egypt

Feb 11

Spammers Hijack Internet Space Assigned to Egyptian President’s Wife

Egyptian citizens calling for besieged President Hosni Mubarak to step down may have been cut off from using the Web, but spammers have been busy cutting the government off from its own Internet address space: Earlier this month, junk e-mail artists hijacked a large swath of Internet addresses assigned to Mubarak’s wife.

According to, well known spammers commandeered a chunk of more than 4,000 IP addresses that were assigned years ago to Suzanne Mubarak and the Suzanne Mubarak Science Exploration Center. Spamhaus reports that those addresses have been used recently to promote a variety of dodgy Web businesses, and that the hijacked block is under the control of an organization that has ties to alleged spammer Michael Lindsay and iMedia Networks. iMedia did not respond to requests for comment.

The high profile land grab is the latest example of how spammers are becoming more brazen in their quest for non-blacklisted Internet address space from which to send spam, said Rod Rasmussen, president and chief technology officer of Internet Identity.

Rasmussen said Internet address space hijackers tend to target chunks of addresses assigned to governments and defense contractors, because those allocations are less likely to be reported missing, and very few of them are blocked by anti-spam tools.

“The spammers doing this look for chunks of [Internet] space that are dormant, but most of all blocks of IP addresses that are whitelisted,” by anti-spam groups, Rasmussen said. “Their spam gets through anti-spam filters nicely after that, or least until the hijacking is detected.”

Sometimes, the scammers are able to hijack IP space by snatching up expired domain names that were used to register the addresses years earlier. The attackers then send an e-mail from that domain to the regional Internet registry that assigned the block of IP, requesting whatever changes they need to assume control over the addresses.In other cases, spammers use forged letters and bogus corporate fronts to impersonate the rightful owner of the addresses.

Another chunk of addresses that Spamhaus found were recently hijacked by spammers — 255 IPs originally assigned in 1994 to the now defunct Claremont Technology Group — appears to have been stolen sometime after the organization let its domain lapse. That domain now redirects to Falls Church, Va. based government contractor Computer Sciences Corp (CSC), which acquired Claremont in 1998.

Rasmussen believes we are likely to see a spike in this type hijacking activity as global supply of unassigned IPv4 addresses continues to dwindle and unallocated blocks become more valuable. Experts disagree on exactly when the pool of IPv4 addresses will be drained: Some says as mid- to late 2011, and others claim it’s only a few more days.

Continue reading →

Jan 11

Egypt Unplugged from the Internet

As many readers no doubt know, the Egyptian government on Thursday severed the nation’s ties with the rest of the Internet, in an apparent effort to disrupt political protests calling for an end to the 30-year rule of Egyptian leader Hosni Mubarak.

I’ve been tweeting about new developments as they arise, but I wanted to point to a few of the more dramatic graphs that different sources have drawn up to show the precipitous decline in Internet traffic and connectivity to and from Egypt as leaders there sought to isolate phone and computer networks from the rest of the world.

Arbor Networks put together this graphic, which shows what happens when 80 million people are disconnected from the Web all at once:

The Extraexploit blog looked at the Internet routing situation around Egypt before and after the disconnection, using the handy (but tricky) tool available here. This Java-based tool charts the routing activity between and among separate networks on the Internet. The first image below shows what some of the main routes to and from Egypt’s various networks looked like just before the incident.

Check out the same route view from today, and it’s clear that Egypt has isolated itself from the rest of the Internet.

As the folks at wrote, there are still a handful of Internet connections that remain live in Egypt, but the comments to that post suggest that those connections may have been left tightly in the grip of the Egyptian government. Link Egypt, Vodafone/Raya, Telecom Egypt, and Etisalat Misr — all have been blocked, Renesys found.

In response to the Egyptian government’s crackdown on protesters there, Wikileaks released new State Department cables that reveal human rights abuses and political arrests in the country. Too bad nobody in Egypt is going to be able to see those cables.

Have you discovered a graphic that shows the network isolation of Egypt in a compelling way? Post a link in the comments below, please.

Update, 11:19 a.m.: A reader wrote in with a link to a decent graph maintained by RIPE (French for “European IP Networks”), which shows the disconnection starting on Jan. 27.

Update, Jan. 29, 7:34 p.m. ET: A relatively new data leak prevention firm called Unveillance sent a pointer to their blog post, which chronicled the disconnection of Egypt from a slightly different perspective: The drop in network activity from computer systems within Egypt that were infected with malicious software or controlling other infected hosts.