2 days ago we wrote the article about the arrest of Arthur Budovsky, the supposed owner and founder of LibertyReserve payment processor. We confirmed his ownership by providing the link to the first LibertyReserve interview published by PlanetGold.
Our information were based on the two CostaRica's newspaper sources: ticotimes.net and teletica.com. We still have no confirmation from any other official sources except csi-8.com - Consulting International Services in Costa Rica and this is unusual situation. Why people responsible for the current situation leave victims without any official update? If Spanish police and FBI were involved in this matter why they do not publish any official statememnt? Today is a business day but not for the United States. Today is Memorial Day and all offices are closed, so maybe this is the reason of no reaction.
There are still some questions without the answer:
Why FBI didn't publish their splash page about a domain seizure on libertyreserve domain as they usually do?
Why sinkhole.shadowserver.org is not online?
Is it really FBI job or just DDoS or hijack domain attack?
I don't like to speculate without some proofs or reliable information, you can find many on other blogs an forums (competitors job, domain hijacking). However I did some research and found some interesting information that proof US goverment activity.
Let's start from the current dns information of libertyreserve.com domain:
Name Server IP Location
ns1.sinkhole.shadowserver.org 126.96.36.199 Wayne, PA, US
ns2.sinkhole.shadowserver.org 188.8.131.52 Wayne, PA, US
ns1.libertyreserve.com 184.108.40.206 Wayne, PA, US
There is the same ip address for two dns' addresses 220.127.116.11 which you can find also when you ping or nslookup libertyreserve.com domain:
Let's verify this ip:
Let's reverse this IP now and we will check which other domains are using this host:
Reverse IP Lookup Results
3 domains hosted on IP address 18.104.22.168:
These domains are offline but if you google them, you can verify that all these domains were seized by US government:
"According to the Complaint, from November 2008 to the present, Khandakar and Saelim used at least 50 stolen American Express credit cards to purchase EZ Pass tags and credits, which were resold through the drezpass.com and www.ezpasstag.com websites that they created. "
"Drezpass.com offered discounted E-ZPass tags using stolen credit cards, say Manhattan federal prosecutors who tallied the ripoff to E-ZPass at more than $100,000.
The feds identified the cyber-scammers as Rana Khandakar and Usawan Saelim, both 27 and from Brooklyn.
I doubt if these crooks are connected to LibertyReserve owners, but both were operating in Brooklyn.
Still not believe? Visit this page:
http://tvshack.net and you will see this splash page:
In my opinion it is only a matter of time when we see this page on libertyreserve domain. Why? Because tvshack.net domain was also redirected before to the warning-placeholder IP address: 22.214.171.124
check as domain: 126.96.36.199
You will Find 21 domains hosted on the same web server as 188.8.131.52.
callservice.biz - also seized by U.S. authorities
community.tvshack.net - also seized by U.S. authorities
filespump.com- also seized by U.S. authorities
livewaresystems.com - also seized by U.S. authorities
movies-links.tv - also seized by U.S. authorities
now-movies.com - also seized by U.S. authorities
planetmoviez.com - also seized by U.S. authorities
thepiratecity.org -also seized by U.S. authorities
tvshack.net - also seized by U.S. authorities
www.now-movies.com - also seized by U.S. authorities
www.planetmoviez.com - also seized by U.S. authorities
www.zml.com - also seized by U.S. authorities
zml.com - also seized by U.S. authorities
The second proof: http://www.dslreports.com/forum/remark,25218295
"I know that the US gov't has been seizing domain names, which is why tvshack.net moved to tvshack.cc.
It now appears that the US gov't can somehow seize or control the DNS records for .cc domains (and I invite anyone here to explain how they can do that).
But the larger issue here is that I'm trying to access tvshack.cc's website by going directly to their last known IP address which is 184.108.40.206, and EVEN HERE we see that it's being redirected to the warning-placeholder IP address 220.127.116.11.
Can someone explain how pointing my web browser to 18.104.22.168 is being re-directed to 22.214.171.124 ?"
and read the first comment here: http://ddos.arbornetworks.com/2010/07/takedown/
"Curious about how this was implemented, which I think is part of the legality question. Some of the seized domains point to a 1and1.com ip address, which is apparently also hosting a number of sites that weren’t seized (or at least don’t have the fancy DoJ welcome message):
There’s no redirect or anything either – it looks like 126.96.36.199 is serving up the DoJ notice. So they “seized” the domain but still leave it running on a private hosting company rather than a government server? Odd."
I've no doubts that libertyreserve.com domain were saized by US agents, but this work has not been finished yet or maybe they didn't decide yet what to do with this service. In other words, they arrested the owner but LibertyReserve company has a different jurisdiction and its own legal personality. This could be a barrier to seize a whole company.
It's also worth to notify, that the biggest competitor of LibertyReserve - PerfectMoney - stopped accepting US members in the same time when LibertyReserve website went down. We could read this info on their website:
"Dear Perfect Money Customers,
We bring to your attention that due to changes in our policy we forbid new registrations from individuals or companies based in the United States of America. This includes US citizens residing overseas. If you fall under the above mentioned category, please do not register an account with us.
We apologize for inconvenience caused."
Is it a coincidence? I doubt. PerfectMoney website is currently offline or loading very slow and this is also not a good signal for their members.
Summarizing, we still are basing on unconfirmed information and speculations, but the whole situation doesn't look good. Even if the owner is arrested I hope that the company will not be closed. Even if LibertyReserve is not empty of money, the process (if any) for recovering money will be very complicated and time consuming (no complete or fake base of members).
Ivaho from Money-Monitor TEAM