I've now heard from several operators - our selves included - about getting an e-mail bomb threat to our datacenters asking for $5,000 USD or the "bomb will be detonated".
Is this being seen on a wide spread e-mail blast to the RIR contacts, or am I just unlucky to know like 6 other data center folks who have also gotten this e-mail?
It seems like a very odd/bizarre spam/threat campaign which would carry significant jail time.
we received it as well
Yup, same here
Travis
Are you contacting your LEO? Or is this so spammy just hit delete?
I feel like even spam chosen poorly comes with consequences.
I got one and I don’t have a datacenter. I’d better check my pockets….
and here.
For now we're just ignoring it, but if anyone wants to quote us (ISC, a
DNS root server operator) in the event of law enforcement action please
let me know.
Ray
Yes, it’s from the operator of bytefend and they have been sending numerous threatening emails for months.
You can check the statement from the victim Frantech from the link below:
I hit delete after I saw Frantech had already reported it the FBI as per their website.
Whoever this is seems to be scraping ASN WHOIS data, the spam got sent to the noc@ address that's in whois for my ASN and IP space.
We have a distinct abuse address (not just abuse@) and that is where
the messages were sent.
We didn't receive the bomb threat ones. We only received the (somewhat
more amusing) messages entitled "Your network has been PWNED" and
"Fuck you".
The situation loses its humor entirely with the introduction of bomb
threats. Seems like a script kiddie taking things way too far.
Matt Hoppes wrote:
I've now heard from several operators - our selves included - about getting an e-mail bomb threat to our datacenters asking for $5,000 USD or the "bomb will be detonated".
Is this being seen on a wide spread e-mail blast to the RIR contacts, or am I just unlucky to know like 6 other data center folks who have also gotten this e-mail?
It seems like a very odd/bizarre spam/threat campaign which would carry significant jail time.
And now I REALLY want to get moving on a service to drop a drone on spammers. (Active Countermeasures!)
Miles Fidelman
The kid sending these (if it is Bytefend, who has a history/tweets of bragging about attacking Frantech within the past month if I understand correctly) is going to be looking at serious jail time given the amount of evacuations he’s caused already. A brief list:
https://miami.cbslocal.com/2021/10/19/miami-att-call-center-evacuated-bomb-threat/
https://www.mystateline.com/news/local-news/rockford-university-evacuated-due-to-bomb-threat/amp/
https://globalnews.ca/news/8274492/bomb-threats-kitchener-waterloo/amp/
https://amp.newsobserver.com/news/local/crime/article255116937.html
The thing is, who is in office to care? Oh wait, guess equipment *is* important
Honestly, for how 'spammy' that e-mail looked it's hard to believe anyone took it seriously - but also, you never know.
scammers and attackers aren’t well known for their eloquent prose…
As soon as you decide to not take one thing seriously, how do you draw the line? three spelling mistakes and the wrong tense of a verb means its fake? I’d rather not play chicken with peoples’ lives.
For how long did you keep up with the evacuation of the equipment? 
We have a distinct abuse address (not just abuse@) and that is where
the messages were sent.We didn't receive the bomb threat ones. We only received the (somewhat
more amusing) messages entitled "Your network has been PWNED" and
"Fuck you".
Hi,
We got the same here at France-IX. It was on friday 15th. Hopefully, they "PWNED" all our Cisco and Mikrotik routers (of which we have none).
The situation loses its humor entirely with the introduction of bomb
threats. Seems like a script kiddie taking things way too far.
I heard that yesterday (19th) evening there was law enforcement deployment and evacuation in the area of a major Paris (FR, EU) telco hotel, apparently due to "threats to a business in the area". Details (popcorn) on FrNOG (in french) : [FRnOG] [MISC] Fwd: Anyone else getting the 'spam' bomb threat?
I put what we received up on pastebin entirely with headers (and redacted our info).
Warm regards,
-M<
Hi Omar,
This is likely a hoax. Probably a “joe job” - making it appear as someone innocent is responsible. Its good to share this info to raise network operators awareness since even if it is fake its concerning how many received it.
I’ll leave it to the pros here to tell us if we shouldn’t worry.
Warm regards,
-M<
So what ever happened to the threatener? Was he caught?
Hi Becki,
For me, it’s not credible enough to put resources into pursuing it. Beyond that any benefits as a result of tracking it down would probably be less than zero. I posted the contents and headers in pastebin so if it had value to anyone else they’d be able to take advantage of it.
Warm regards,
-M<