Re: [External] Re: Anyone else getting the 'spam' bomb threat?

[Martin Hannigan <hannigan () gmail com>]

Hi Becki,

For me, it's not credible enough to put resources into pursuing it. Beyond
that any benefits as a result of tracking it down would probably be less
than zero. I posted the contents and headers in pastebin so if it had value
to anyone else they'd be able to take advantage of it.

Warm regards,

-M<


On Thu, Oct 21, 2021 at 9:24 AM Kain, Becki (.) <bkain1 () ford com> wrote:

> So what ever happened to the threatener?  Was he caught?
>
>
>
> *From:* NANOG <nanog-bounces+bkain1=ford.com () nanog org> *On Behalf Of *Martin
> Hannigan
> *Sent:* Wednesday, October 20, 2021 11:44 PM
> *To:* Omar Haider <mrhdr405 () gmail com>
> *Cc:* nanog <nanog () nanog org>
> *Subject:* Re: [External] Re: Anyone else getting the 'spam' bomb threat?
>
>
>
> WARNING: This message originated outside of Ford Motor Company. Use
> caution when opening attachments, clicking links, or responding.
>
>
>
>
>
> Hi Omar,
>
>
>
> This is likely a hoax. Probably a “joe job” - making it appear as someone
> innocent is responsible. Its good to share this info to raise  network
> operators awareness since even if it is fake its concerning how many
> received it.
>
>
>
> I’ll leave it to the pros here to tell us if we shouldn’t worry.
>
>
>
> Warm regards,
>
>
>
> -M<
>
>
>
>
>
>
>
> On Wed, Oct 20, 2021 at 21:18 Omar Haider <mrhdr405 () gmail com> wrote:
>
> I feel uncomfortable in this newsletter
>
>
>
> On Wed, Oct 20, 2021, 10:56 AM Martin Hannigan <hannigan () gmail com> wrote:
>
>
>
>
>
> I put what we received up on pastebin entirely with headers (and redacted
> our info).
>
>
>
> https://pastebin.com/kLjPm8Nk
> <https://clicktime.symantec.com/35Wa5BUMZ7c8nUrobeoNvR67Vc?u=https%3A%2F%2Fpastebin.com%2FkLjPm8Nk>
>
>
>
> Warm regards,
>
>
>
> -M<
>
>
>
>
>
>
>
> On Wed, Oct 20, 2021 at 9:19 AM Radu-Adrian Feurdean <
> nanog () radu-adrian feurdean net> wrote:
>
> On Tue, Oct 19, 2021, at 16:00, Hunter Fuller via NANOG wrote:
> > We have a distinct abuse address (not just abuse@) and that is where
> > the messages were sent.
> >
> > We didn't receive the bomb threat ones. We only received the (somewhat
> > more amusing) messages entitled "Your network has been PWNED" and
> > "Fuck you".
>
> Hi,
>
> We got the same here at France-IX. It was on friday 15th. Hopefully, they
> "PWNED" all our Cisco and Mikrotik routers (of which we have none).
>
> > The situation loses its humor entirely with the introduction of bomb
> > threats. Seems like a script kiddie taking things way too far.
>
> I heard that yesterday (19th) evening there was law enforcement deployment
> and evacuation in the area of a major Paris (FR, EU) telco hotel,
> apparently due to "threats to a business in the area". Details (popcorn) on
> FrNOG (in french) :
> https://www.mail-archive.com/frnog () frnog org/msg67540.html
> <https://clicktime.symantec.com/3P7mG6Lx8b2Qo7sjs1uqaSZ7Vc?u=https%3A%2F%2Fwww.mail-archive.com%2Ffrnog%40frnog.org%2Fmsg67540.html>