BrianKrebs

I learned a lot writing this, and there is a lot more here to pick at.

Ukraine has seen nearly one-fifth of its Internet space come under Russian control or sold to Internet address brokers since February 2022, a new study finds. The analysis indicates large chunks of Ukrainian Internet address space are now in the hands of shadowy proxy and anonymity services that are nested at some of America’s largest Internet service providers (ISPs).

"...A cursory review of all Internet address blocks currently routed through AT&T — as seen in public records maintained by the Internet backbone provider Hurricane Electric — shows a preponderance of country flags other than the United States, including networks originating in Hungary, Lithuania, Moldova, Mauritius, Palestine, Seychelles, Slovenia, and Ukraine.

Asked about the apparent high incidence of proxy services routing foreign address blocks through AT&T, the telecommunications giant said it recently changed its policy about originating routes for network blocks that are not owned and managed by AT&T. That new policy, spelled out in a February 2025 update to AT&T’s terms of service, gives those customers until Sept. 1, 2025 to originate their own IP space from their own autonomous system number (ASN), a unique number assigned to each ISP (AT&T’s is AS7018).

https://krebsonsecurity.com/2025/06/proxy-services-feast-on-ukraines-ip-address-exodus/

Jun 5 at 11:44pmWeb
Show threadBrianKrebsJun 6

AT&T's flak sent me a note that I munged the link to their new terms of service. Fixed that, but then noticed the link includes a reference to Adobe Flash Player, which Adobe stopped supporting almost five years ago.

It's a real shocker that the FBI warned last year against anyone communicating anything sensitive over the US phone networks.

Show threadEmoryJun 6
the DHS messaging on that implied to me that china is in our copper, which is bananas to think about.
Show threadSystem AdminihaterJun 6
@briankrebs I wish they would reconsider shutting down their email to SMS gateway. I wish someone would tell them how bad of an idea it is.
Show threadPaul_IPv6Jun 6

@briankrebs

telcos still think in decade long tech depreciation schedules and use. but treating your web software like an SS7 tends not to work out well. that's ignoring the obvious that they can't even be bothered to fix serious security issues with SS7... :(

Show threadEmory4d ago

@paul_ipv6 @briankrebs verisign owned a big chunk of ss7 into the aughts. they divested most of their business units and their #SS7 assets were sold off. i think ss7 might be #twilio and #carlyleGroup's problem to solve, which scares me a little cuz twilio is right in the eye of the hurricane of agentic ai fraud swarms that is forming 😬

it's been parted put to carriers ATT/Verizon/Lumen maintain their own ss7 infra. it's still roaming hubs out there, isn't it?

Show threadPete GentJun 5
@briankrebs if you want a messy tangent to this story, go investigate the phone numbers assigned in the invaded territories too.
Show threadNicole ParsonsJun 6

@gentle_tech @briankrebs

https://www.fastcompany.com/90999443/atts-political-donations-report-is-most-notable-for-everything-it-leaves-out

AT&T is a major GOP donor.
https://www.theregister.com/2025/06/05/att_investigates_data_dump/

https://www.bankinfosecurity.com/att-hit-by-massive-reported-identity-data-leak-again-a-28595

https://informationsecuritybuzz.com/att-data-leak-86-million-records-exposed/

AT&T had a data breach -- very useful for extortion. More than one.

https://hackread.com/hackers-leak-86m-att-records-with-decrypted-ssns/

https://www.theregister.com/2025/06/05/att_investigates_data_dump/

https://www.bloomberg.com/news/articles/2025-06-04/chinese-hacked-us-telecom-a-year-before-known-wireless-breaches

https://www.mozillafoundation.org/en/privacynotincluded/articles/att-had-a-huge-data-breach-heres-what-you-need-to-know/

https://medium.com/@technijian/at-t-data-breach-2025-86-million-customer-records-exposed-with-decrypted-social-security-numbers-a471828729a5

Be worried when Russia-aligned corporations buy local ISP's. It's an opportunity to imitate what they did in Ukraine.

https://www.oregonlive.com/silicon-forest/2025/05/att-will-buy-centurylinks-residential-internet-business-in-oregon-10-other-states.html

AT&T's political donations report is most notable for everything it leaves out

AT&T's political donations have long been in conflict with its stated values, argues Popular Information's Judd Legum. This is just the latest example.

Fast Company
Show threadMitch Effendi (ميتش أفندي)Jun 6
@briankrebs i wondering if anonymizing registrars are part of this. njalla is my weapon of choice for a lot of reasons, and i might have to rethink that if they’re capitalizing off of this. :/
Show threadEmoryJun 6
@briankrebs wait, is at&t pretending they don't know why they're announcing routes for those ASNs? or is at&t forcing all customers to use their ASNs in rwhois? or something totally different 😆
Show threadÐ𝖊𝖓𝖓𝖎𝖘 Ç𝖗𝖔𝖕𝖕𝖊𝖗 ᘕᚕᘔJun 6
Some of the new Russian providers have had some *issues* 😂🤘🏴‍☠️ bsky.app/profile/sees...

RE: https://bsky.app/profile/did:plc:ipohvgtczbdpxzcj76um3vwf/post/3lm65zlhzgs2f
Show threadH.E.R.A.L.D. R.A.D.D.6d ago

@briankrebs

How can anyone expect a different result as when metallurgy was given to the Arabs?

Relying on compromised DNS for communication and currency. Did no one listen to John Kerry when BCCI Bank was exposed?

#DNSisDead