# Anyone else get a fake DMCA message from CenturyLink?



## Frag_Maniac (Dec 5, 2016)

Last night Tom's Hardware forums and the HiJackThis log analyzer site were redirecting me to what appeared to be a legit CenturyLink DMCA warning message, stating they'd received more than one complaint about copyright violations. A little while later there was suddenly no site I could access that did not redirect me to the message. So I filled out the 2 question survey asking if I was the owner of the account and over 18 yrs old.

The final page showed the login username of my modem page, and all pages had an authentic CenturyLink logo, so it looked legit. Mind you before even answering the survey, I went into scan mode with all my security software, and no malware was detected. Last night while chatting with someone at CenturyLink, via a chat button on the DMCA page, she said she could not access any of my account records, and referred me to the main CenturtyLink customer service number to call them during business hours.

The result of answering the short survey re-established my net connection as it said it would. Today however, when talking to a person in their tech dept on the phone, she said there was no record of any DMCA complaints on my account. I asked her to speak to upper tier tech dept and investigate a possible hack. When I told her I was concerned about identity theft, she assured me a person would have to also have the password of your modem to get anywhere. Still though, I'm really upset about this.

I've been told they're going through an extensive database software update, so maybe it's presented a greater than usual vulnerability. Maybe they shouldn't even divulge such updates to customers. *I'm curious if anyone else has had this fake DMCA message from CenturyLink lately?* I was using the Chrome browser btw. As far as I can tell, the only way something like this is possible, is if CenturyLink themselves were hacked, vs just malware in Google or Chrome. It's not at all the same as the Google redirect bug I experienced one year over the holidays, as that was truly a malware case that showed up via scans.


----------



## xkm1948 (Dec 6, 2016)

Question is: Have you engaged in questionable downloading or not?  From your description it sounds legit. If they have ways to block you even visiting internet.


----------



## natr0n (Dec 6, 2016)

How is it fake when it cut out your internet. That's legit as it gets.

Comcast here does similar with new accounts. You can get redirected(walledgarden) till you answer a question or provide account number.

You probably downloaded something unknowingly that got flagged.


----------



## thesmokingman (Dec 6, 2016)

natr0n said:


> How is it fake when it cut out your internet. That's legit as it gets.



That's true, it comes down from higher up the food chain than 1st level support.


----------



## Frag_Maniac (Dec 6, 2016)

Well a few things just strike me as strange.

1. I've had Qwest/Century Link service for 25 years, yet this is the first time I've ever seen one of these notifications, and I've not changed my internet usage routine one bit.

2. The person in tech support said if there were a history of copyright complaints, it would show on my account. So it doesn't really matter what tier she is.

3. Forum chat I've read verifies both the above, that fake notices can be sent, and that there should be a record of complaints if there are in fact any. In fact you can ask them for that info and they'll send it to you if they have it.

I guess I shouldn't be surprised everyone wants to assume guilt though. It happens every time someone raises this topic.


----------



## theonedub (Dec 6, 2016)

Frag Maniac said:


> I guess I shouldn't be surprised everyone wants to assume guilt though. It happens every time someone raises this topic.



You haven't exactly claimed innocence though, either


----------



## Kursah (Dec 6, 2016)

The only time I've seen DMCA notices for clients (and ex roommates) was when they were downloading and uploading content that caused the DMCA to push the notice to the ISP. Those were physical messages that came in the mail, postage-style. Always have been, even if an email was sent, there was always a physical copy presented in every case I've had to audit, review or experience. That doesn't mean that is always the case, but in all instances of Bresnan/Optimum/Charter, Centurylink and Blackfoot Communication DMCA notices I've seen for clients, they did not resolve in the manner you've experienced.

BUT...with that said,I would not be surprised if the ISP didn't actually check back with the DMCA to confirm if the notice is legitimate. But what gets me...is the redirect you're receiving. Makes me wonder if you don't have a browser hijacker or malware that's screwing with you.

Honestly if they captured your traffic and provided you a poisoned DNS, it would be pretty easy between that and a browser hijacker it could be pretty easy to redirect your traffic and screw with you and see if they could get some more info from you.

Did you happen to copy the URL that it was redirecting you to or take screenshots? 

You said you used security software, what did you use?


----------



## erocker (Dec 6, 2016)

It's definitely not fake.


----------



## thesmokingman (Dec 6, 2016)

Kursah said:


> Honestly if they captured your traffic and provided you a poisoned DNS, it would be pretty easy between that and a browser hijacker it could be pretty easy to redirect your traffic and screw with you and see if they could get some more info from you.
> 
> Did you happen to copy the URL that it was redirecting you to or take screenshots?
> 
> You said you used security software, what did you use?



What you are suggesting is illegal and defeats the point of the redirect for confirmation of ownership of said IP. Why would they break the law to confirm that a law has been broken for ex?


----------



## R-T-B (Dec 6, 2016)

thesmokingman said:


> What you are suggesting is illegal and defeats the point of the redirect for confirmation of ownership of said IP. Why would they break the law to confirm that a law has been broken for ex?



If it was a fake notice, you are assuming it's copyright holders responsible and not other malicious entities with other objectives...  which is frankly, unlikely.

That said, this notice certainly sounds legit.


----------



## thebluebumblebee (Dec 6, 2016)

I'd ask this question over on DSLreports.com


----------



## Kursah (Dec 6, 2016)

thesmokingman said:


> What you are suggesting is illegal and defeats the point of the redirect for confirmation of ownership of said IP. Why would they break the law to confirm that a law has been broken for ex?



You assume it's a legitimate redirect. Without proof that is a mistake IMHO, hence why I asked how far the OP dug into finding out how the redirect was occurring. If you think this is the first time someone's used redirects of the browser or DNS variety to spoof DMCA, you're mistaken. It's just another convenient outlet to fool people that don't know any better. With that said, as legit as this seems, I'd be getting to the bottom of it to make damn sure the redirect was truly qualified. I would've taken screen shots, saved URL's, ran AVAM software, even ran Wireshark to capture all traffic during this situation to see where everything's going and where its coming from. Why? Because in this world of Crypto-Wall, -Locker, etc... and worse...it pays to dig in when something like this comes about. Plus as folks know, DMCA notices can be followed up with lawsuits and loss of ISP membership/connectivity, if the OP hasn't done anything illegal, then they need to dig in. If their roommate or a hacker is, then they need to qualify that and put a stop to it.

Not only that, just because authorities "enforce" the law, doesn't mean they won't break it to do so.


----------



## thesmokingman (Dec 6, 2016)

Kursah said:


> You assume it's a legitimate redirect. Without proof that is a mistake IMHO, hence why I asked how far the OP dug into finding out how the redirect was occurring. If you think this is the first time someone's used redirects of the browser or DNS variety to spoof DMCA, you're mistaken. It's just another convenient outlet to fool people that don't know any better. With that said, as legit as this seems, I'd be getting to the bottom of it to make damn sure the redirect was truly qualified. I would've taken screen shots, saved URL's, ran AVAM software, even ran Wireshark to capture all traffic during this situation to see where everything's going and where its coming from. Why? Because in this world of Crypto-Wall, -Locker, etc... and worse...it pays to dig in when something like this comes about. Plus as folks know, DMCA notices can be followed up with lawsuits and loss of ISP membership/connectivity, if the OP hasn't done anything illegal, then they need to dig in. If their roommate or a hacker is, then they need to qualify that and put a stop to it.
> 
> Not only that, just because authorities "enforce" the law, doesn't mean they won't break it to do so.



ISP's have the ability and do redirect when they need/want to. They want you to read something before turning your service back on, that's how it's done. IE, the OP could not go anywhere else on his network until he read and answered the questions. Whose gonna hack him just to do that? And authorities... wtf is? The DMCA doesn't have any police authority much less to hack anyone. You're really making nothing into some conspiracy.


----------



## Kursah (Dec 6, 2016)

ISP's do have the authority absolutely, but to blindly think that someone couldn't easily do the same to him is inappropriate.

As I said before, I'd be getting to the bottom of it and qualifying exactly why that DMCA came through if legit, and if not, I'd be checking my security. If you truly feel that's going overboard, that's on you. Doesn't affect me at all. But I'll gladly assist if/when you end up in a situation should you request it. 

You'd be surprised what various authorities are capable of, working with them I don't need conspiracies. Take from the situation what you will, but I wouldn't recommend discounting or ASSusming anything until the situation's been fully qualified and proven as a charge or a spoof.


----------



## thesmokingman (Dec 6, 2016)

Kursah said:


> ISP's do have the authority absolutely, but to blindly think that someone couldn't easily do the same to him is inappropriate.
> 
> As I said before, I'd be getting to the bottom of it and qualifying exactly why that DMCA came through if legit, and if not, I'd be checking my security. If you truly feel that's going overboard, that's on you. Doesn't affect me at all. But I'll gladly assist if/when you end up in a situation should you request it.
> 
> You'd be surprised what various authorities are capable of, working with them I don't need conspiracies. Take from the situation what you will, but I wouldn't recommend discounting or ASSusming anything until the situation's been fully qualified and proven as a charge or a spoof.



The only assumption is that the OP isn't guilty of what the notice stated.


----------



## R-T-B (Dec 6, 2016)

thesmokingman said:


> The only assumption is that the OP isn't guilty of what the notice stated.



Actaully, the assumption is that he is guilty, not the other way around.

Granted, he hasn't exactly oozed innocence, but what you are saying is kinda backwards.


----------



## Kursah (Dec 6, 2016)

thesmokingman said:


> The only assumption is that the OP isn't guilty of what the notice stated.



Guilty until proven innocent. Its his job to prove his innocence. All we can do is provide suggestions for how to do that if it is true. Standing in the "shame on you" camp sure doesn't help anything if he is in-fact innocent, same with standing in the "he didn't do it" camp if he's guilty. I prefer the middle zone where he might be an asshole that is guilty or he might be a good guy getting screwed... tough to know until, and I'll say this one last time, the DMCA was qualified and confirmed.


----------



## thesmokingman (Dec 6, 2016)

R-T-B said:


> Actaully, the assumption is that he is guilty, not the other way around.
> 
> Granted, he hasn't exactly oozed innocence, but what you are saying is kinda backwards.



It's pretty obvious. Not guilty ppl say they're not guilty, thus we'd know it was something else, hack, mistake. But instead of putting his big boy pants on, getting a vpn like everyone else, he makes a thread going omg is this real?


----------



## Frag_Maniac (Dec 6, 2016)

Kursah said:


> Those were physical messages that came in the mail, postage-style. Always have been, even if an email was sent, there was always a physical copy presented in every case I've had to audit, review or experience. That doesn't mean that is always the case, but in all instances of Bresnan/Optimum/Charter, Centurylink and Blackfoot Communication DMCA notices I've seen for clients, they did not resolve in the manner you've experienced.


I've received no mail or email notices, and as well, like I said, the tech person at CenturyLink I spoke to on the phone confirmed there is no record of any copyright complaints on my account. Above someone insisted you can't count on the word of lower tier personnel, which I find is sometimes in fact true, but any phone tech staff has access to your account records after confirming a few personal info questions, and can see whether there's been such complaints.

No, unfortunately I didn't copy the URL of the redirect. I was considering attempting to block it with my ad blocker in the case of it being a hack or malware, but I didn't. Reason I didn't is I can't be sure my apt wasn't broken into, and I didn't want to do anything that would make it look like I was hiding something if in fact it were a legit message. Our apt building has experienced break-ins before. In fact a close friend of mine that used to live here got broken into, and moved out shortly after.

The security software I used was fairly basic stuff I normally have running in the background or do regular scans with, including Avast, Comodo, CCleaner, Glary Utilities, and Malwarebytes.

Tomorrow I will be calling CenturyLink back to confirm a billing was corrected on a modem I was charged for, but already sent back. I'm also going to be following up on what the lower tier tech person said about no record of any copyright complaints, this time via an upper tier tech if I can talk to one. Mainly to find out if by chance there's any portion of a customer's account the lower tier staff don't have access to.

As far as guilt or innocence, at this point I get the feeling no matter what I say, most of you, including some staff whom don't really even know me, have drawn your own conclusions. I'm not even going to get an argument started on the cynicism involved in that, but I *will* ask that this thread be closed if the onslaught of accusations persists.


----------



## Kursah (Dec 6, 2016)

I would tell them you want Level 2 from the start of the phone call, if they try to delay you, ask for their manager. Work your way up the Centurylink ladder and get answers faster. Don't settle for less than answers...especially if you're innocent dude.

I don't blame you for reacting the way you are to speculation, but also understand the default perspective of a lotta folks that see DMCA and haven't seen a spoofed one before or understand how that works. I fortunately have in my job and I've worked with Centurylink...a sickening amount...to get issues like that and many...many others resolved. Especially with their newly introduced fiber service in my area...what a nightmare.

Anyways, back to the issue, as I said before, I'm neutral on the matter...odds are if you were guilty, you wouldn't be posting here IMHO. Also you'd have recieved a notice in the mail confirming the claims...as I've seen in every other case I've had to investigate when someone on the network got the admin's webfilter permissions and started downloading shit they weren't supposed to. Too many good ol' boys up here want simple passwords and trust everyone. Keeps me busy, job security. 

I wish you luck on this matter, but don't settle for the teir 1 thumbsuckers if they cant get you answers in 10 or 15 minutes, get it escalated and tell them that. Simply say, I need to get to the bottom of this asap, I appreciate your time but I am requesting we escalate this either to your manager or tier 2. You should be good to go. LMK if I can be of any further assistance in the matter!

*If you're willing to step up and prove your innocence, who are we to NOT help you? That's not very TPU like of some users here..BUT some of us will help! *



thesmokingman said:


> It's pretty obvious. Not guilty ppl say they're not guilty, thus we'd know it was something else, hack, mistake. But instead of putting his big boy pants on, getting a vpn like everyone else, he makes a thread going omg is this real?



Do you have any proof or are you assuming again?

Until you've seen one spoofed, I'm not sure you're any kind of authority in the matter. TPU is about helping others, the dude is seeking some help... Seems you have none to offer.


----------



## thesmokingman (Dec 6, 2016)

Kursah said:


> Do you have any proof or are you assuming again?
> 
> Until you've seen one spoofed, I'm not sure you're any kind of authority in the matter. TPU is about helping others, the dude is seeking some help... Seems you have none to offer.



Are you NOT assuming as well? Whose making the case that the notice fake?


----------



## jboydgolfer (Dec 6, 2016)

Kursah said:


> The only time I've seen DMCA notices for clients (and ex roommates) was when they were downloading and uploading content that caused the DMCA to push the notice to the ISP. Those were physical messages that came in the mail, postage-style. Always have been, even if an email was sent, there was always a physical copy presented in every case I've had to audit, review or experience. That doesn't mean that is always the case, but in all instances of Bresnan/Optimum/Charter, Centurylink and Blackfoot Communication DMCA notices I've seen for clients, they did not resolve in the manner you've experienced.
> 
> BUT...with that said,I would not be surprised if the ISP didn't actually check back with the DMCA to confirm if the notice is legitimate. But what gets me...is the redirect you're receiving. Makes me wonder if you don't have a browser hijacker or malware that's screwing with you.
> 
> ...



 Same here for me with charter they send a little 4 x 4 post card type letter it's not even in an envelope it's just a piece of paper that claims some type of vague security error warning with a number to call and a code . And when you call and give the code they tell you that someone was downloading content illegally at over your  connection but it's hard to prove because neighbors could be piggybacking off your signal etc.

 I live in a five college city with UMass Amherst, Hampshire College, Mount Holyoke college, Smith College, Amherst College all within 40 miles of eachother, and you get so many people sharing single connections it's not funny .... I remember years ago at an apartment I live at we Musta had 10 of them a month


----------



## Kursah (Dec 6, 2016)

thesmokingman said:


> Are you NOT assuming as well? Whose making the case that the notice fake?



Feel free to review the thread and donate in any helpful way. Your questions have already been answered.


----------



## Steevo (Dec 6, 2016)

One of two things I can think of.

First is CenturyLink is assisting with determining who is on the network and how many users there are to try and throw a claim on someone. 

Do you remember the wording or get a screenshot of it, a wed address and or an IP of the site?

Second is just some friendly mal-ware using an exploit yet unknown or unpopular and once you spoke with whoever was running the hijack they either gave up and moved on or you have a machine that is infected or a compromised link somewhere on the ISP's network or node. 

I got a "Firefox update." javascript that tried to auto-run even with Ad-Block (since changed to uBlock) and forcing my router to use OpenDNS. I was briefly reminded of the late 2000's when drive by downloads were huge and your actual website could get infected faster than a sailor at a discount whorehouse thanks to java, flash, and activeX.


----------



## qubit (Dec 6, 2016)

Frag Maniac said:


> I've had Qwest/Century Link service for 25 years


You've had internet access since 1991?!  Respect.  What business are you in to be such an early adopter, if you don't mind saying?

I agree with you that something doesn't look right if you've had a DMCA block on your internet access, but then the company doesn't know anything about it. While, it _could_ just about be some sort of hack / identity theft, I think the most likely scenario is that it's just a technical glitch at their end and you've got nothing to worry about in my opinion.


----------



## Recon-UK (Dec 6, 2016)

You got rekt.


----------



## Frag_Maniac (Dec 6, 2016)

qubit said:


> You've had internet access since 1991?!  Respect.  What business are you in to be such an early adopter, if you don't mind saying?


This is just yet another example of some people reading more into a comment than is there. I said Qwest/CentruryLink *service*, not Qwest/CenturyLink *ISP service*. Obviously before there was internet, Qwest was just a phone company. Suffice it to say, over half that time, roughly 16 years, I've had Qwest/CenturyLink ISP service, and this is the only time I've ever seen such a message. To those assuming I'm infringing on copyrights, don't you think it's odd that in all that time, I've only seen ONE message like this, and when it happens, their phone staff say there are no such records of copyright complaints when I call in about it?



> I agree with you that something doesn't look right if you've had a DMCA block on your internet access, but then the company doesn't know anything about it. While, it _could_ just about be some sort of hack / identity theft, I think the most likely scenario is that it's just a technical glitch at their end and you've got nothing to worry about in my opinion.


Yeah I agree, and I also don't think copyright complaints would be only accessible to upper tier staff. Reason being, most ISPs do everything they can to keep their customers. That means getting them the information they need to correct any illegal behavior they, their friends, or burglars may have indulged in. You aren't going to be able to do that very expediently by making them request upper tier staff to access it, and it only slows them down having to have such people answer those questions.

Plus this could very well be a technical glitch as you said, especially since they are going through a database software and/or hardware changeover. It wouldn't be the first time I've seen a tech glitch in Qwest or CenturyLink's system. They are also investigating  a possible hack.

Anyways, to staff, I'm going to make an official request this thread be closed. There's only been a few here that aren't lynch minded, and it's just perpetuating arguments over speculations of innocence or guilt. The purpose and topic of the thread, which I made clear, was to merely ask if anyone else has experienced this, and most are not adhering to that topic. If I need any help, I can get it from one of those offering it via PM.

Thank you.


----------



## qubit (Dec 6, 2016)

Yeah, lynch minded doesn't seem very fair at all.  Feel free to pm me about this if you like.

And finally, I take back all that respect!


----------



## NdMk2o1o (Dec 6, 2016)

This seems really similar to something I experienced about 10 years ago when various UK ISP's started pandering to the likes of RIAA and sending people ridiculous letters demanding £1k for downloading a single or a cam film..... they used a lot of questionable tactics like this, pretty much illegal/bullying tactics and trying to scare people into paying stupid amounts, the reasoning behind it seems to be that probably 5% or less of them threatened with the accusations will likely bow to the demands thus making up for the 95% and all of the billions of $ in revenue lost..... I recall getting a letter, I ignored it.... I'm still here today and they never took me to court and sent me to prison for 50 years.... 

Either that or it's malware, which is also as likely, threaten to have your details leaked/emails, credit cards etc and to call now to remove...


----------

