Hi all.

I work on anthiphising and I take care on shut down process for a Managed Security Service company. We are not so big as RSA, maybe this is imporant to know.
Anyway, our process consist in contact with email fax and call tipically the ISP where clone site is hosted.
Well, many ISP for many country are quickly and not require any Policy implication to act the shut down.

Unfortunately this process was so very difficult for Telfonica O2, Czeck Republic ISP. It infact require that we submit a request to the policy.

So, I have two question:
1- someone know the right contact in the policy (we want to avoid to contact many people and have a long delay)
2- Why in Czeck republic they ask for Policy contact. (it is just a phishing web page) ?

Thanks so much in advance.
Information Security Manager

Hi,
I asked your question of O2 in the UK,
they would like you to contact them directly.
You can use the form at https://www.o2.co.uk/apps/help/help
As a postcode you can use ZZ3 3ZZ (since this is a required field)
As a mobile phone number you can use 77777777.
Please let us know what they say.

Thanks for your support. I asked just today to UK O2 as you suggested.

I will come back as I have any feedback.

Anyway, just for your information, following is the last email from Telefonica O2 in Prague.

">Dear Sirs,
>the mentioned fraudulent site has been operated by an O2 >customer.
>
> Due to Czech Act No. 127/2005 Coll., on Electronic >Communications and on the Amendments to the Other Acts >(Electronic Communications Act) we are not allowed to analyze >traffic, stop operation or identify any customer not having >appropriate request from Czech Police.
>
> The best and fastest way to solve the problem is to provide >Czech Police with information on illegal fraudulent site operation >and to ask for investigation of the incident.
>
> We are going to stop the fraudulent site operation immediately >after receiving the request from Czech Police.
> I'm sorry I cannot assist you more effectively now.
> Sincerely
> Richard Michalek
> Information Security & BCM manager
> Telefonica O2 Czech Republic, a.s.
"

Hi,

unfortunately today, 24 Hours after, No any answer from o2.uk !

Maybe, weapon attach needed

Sometime, I ask myself:
...what is the utility of APWG, Castle..., PhishingThanks, Cert .. and so on if in two months no one is able to shut down jus one IP address !?!?
..I think that this UNCOMMON HAVE TO BE WELL MANAGED by these organizzation !?

Kindly, don't consider my opinion as a polemics, but just as a simple observation !

Regards

Even registrars that don't respond to spam reports usually respond to phish reports. I think they are afraid the credit card companies will stop working with them. Maybe these guys already can't process major credit cards and have nothing to risk.

48 Hours after, No any answer from o2.uk !

Can you give us the URL in question? There are usually several ways to shut down a questionable site.

A little update for you.

Tomorrow the guy whith which I'm in contact in Telefonica O2, who told me that I have to contact police office, reply at my request of police office indications that " ...he don't have indication .."

Today I got the fax number of Prague Police Offcie. So, I will try in this way, otherwise I came bac to you with the URLs.

Anyway, I put the URL in the database.

Have nice day
Thanks for now.

HI guys,

I got the right number of police, and one day after Telefonica 02 closed the IP Address.

Thanks for your support.