A bit of backstory: Lately we've been getting abuse notices via our datacenter and via email about our clients from s "CEG TEK International", we get about 5 of these a day now... as such we've started trying to confirm actual abuse is occurring. That said here's what we've found:
Why this matters:
At BlueVM Communications, we receive DMCA notices from time to time. Normally, we have no problem with these and we do our due diligence to keep our servers clean. However, one company has been sending repeated notices to us, mostly false and malicious, and today I've officially confirmed their lying about evidence to blackmail their targets.
Their normal notice starts off with a disclaimer that goes something like this: “CEG TEK International (“We”) represent [some porn company]. [some porn company] owns all right, title and interest in and to the works listed below. (Some individuals may find certain words in titles of works to be offensive. We apologize in advance if this is the case.)”
All is fine and dandy, some dude was pirating some porn, that's against our TOS, open and closed book... But here's the thing. The DMCA doesn't specify “settlement” as a requirement for DMCA notices so obviously we aren't going to force our client to pay for something that isn't backed up by the law... ignoring that we forward the clients the notices and that's all...
Now, here's the fishy part. For one notice they gave us, they gave a port of 41150 and a timestamp of 2013-01-23 12:19:36 EST. The only problem with this is that the client had us establish a firewall on his vps at 11:52 EST which included blocking that specific port and according to the logs and the firewall that port is and has been blocked.
What's not right you ask? Approximately 27 minutes PRIOR to the timestamp in the message (not to be confused with the timestamp of the email's arrival, which was the next day), one of our System Administrators made it impossible for such infringement and we have proof that such infringement did not occur. They couldn't communicate on that IP/Port at that timestamp, because it was blocked it 27 minutes prior and we have data indicating the client did not install a torrenting application on his vps.
So here we have a company, properly known as CEG TEK International, also known to some as http://copyrightsettlements.com, sending out false, malicious, and perjurous DMCA notices.
So, as of now, we're adopting a policy of requiring their company send any infringement notices to us via USPS Certified Mail or equivalent service provided by a private company... We'd like to encourage all providers to do the same.
Four example notices (IPs Redacted): http://pastie.org/5863818