Amazon-owned video streaming site Twitch is taking a scorched-earth approach in a bid to ferret out who is behind a “malicious spambot.” The bots have been flooding streamers’ public chats with offensive, repetitive messages that have sometimes rendered their channels “unusable.”
Twitch says the bots, beginning February 24, were posting an average of 34 messages per minute, with some channels being bombarded with up to nearly 700 a minute. Twitch says the attacks are “undermining its brand”—so far hitting about 1,000 channels with more than 150,000 spam messages that are racist and homophobic. Other messages, which were no match for Twitch’s AutoMod tool to prevent such attacks, involved sexual harassment and the solicitation of child sex.
Twitch, which bills itself as the “leading video platform and community for gamers,” says it has traced the attacks to Chatsurge.net, which offers spambot attacks for sale. From there, Twitch investigators believe the perpetrator is associated with the e-mail address of firstname.lastname@example.org and a Shaw Communications IP address of 22.214.171.124 located in Coquitlam, British Columbia. In addition, Twitch thinks a PayPal account associated with the e-mail email@example.com is connected, according to court documents.
Twitch, in a petition (PDF) to the British Columbia courts last week, said it “is unable to uncover additional identifying information.” The site wants the court to order the release of a massive amount of information toward that end.
For starters, Twitch wants Shaw to produce any identifying information about the customer associated with the 126.96.36.199 IP address. Twitch also wants an order commanding PayPal to hand over identifying information “of the customer associated with Chatsurge.net, firstname.lastname@example.org, or email@example.com.”
As for CloudFlare, which is the server host of Chatsurge.net, Twitch wants it to unmask identifying information associated with the Chatsurge.net domain. Twitch is making the same request to WhoisPrivacy and WhoisGuard to unveil ownership of the Chatsurge.net and Dongcorp.org domains.
What’s more, Twitch claims that all of these companies “are involved in the Spambot Attacks,” including WhoisPrivacy and WhoisGuard for “providing a means for the perpetrator to don the cloak of anonymity to undertake this harmful conduct.”
Twitch said it spent hundreds of hours investigating the attacks.
In the course of the Investigation, Twitch also determined that the attacker broadcast himself working on his bot software. Very shortly after the broadcast, Chatsurge.net was updated to offer that software. The attacker was associated with a Shaw IP address, namely 188.8.131.52. This IP address is located in Coquitlam, BC, Canada, and it is believed that the perpetrator of the Spambot Attacks is located in the same place as this IP address.
The PayPal account associated with Chatsurge.net uses the e-mail address firstname.lastname@example.org.
Among other reasons, Twitch says it’s entitled to the information because the person behind the spambots is breaching the company’s terms of service.
Powered by WPeMatico