google-cloud-storagespamphishing

Having issues reporting storage buckets that are hosting spam and phishing redirects html/javascript files


The following storage buckets are hosting spam and phishing links and I cannot get any google support to forward my report to upper tiers to take action.

All I get in response is basically "That's someone else's problem" with some links to google help pages I have already scoured through. I need a warm body, engineer, SRE, who knows what to do with this information and am stuck behind the tier 0.5 helpdesk folks who seem to have no idea what I am talking about. I have tried reporting multiple times using the "Report an issue" in gmail, but all I ever get is "We could not send your feedback".

These buckets are hosting redirects to spam sites while trying to exist in a trusted space so they don't get blocked.. Some of them are wide open and can be uploaded to.

https://storage.googleapis.com/aviantecnices
https://storage.googleapis.com/chekqsjd54s5
https://storage.googleapis.com/colegialite
https://storage.googleapis.com/crevvmissionhxs
https://storage.googleapis.com/culosadictosc
https://storage.googleapis.com/debpointedarmtgb
https://storage.googleapis.com/devpoint
https://storage.googleapis.com/fomktclassyture
https://storage.googleapis.com/kingshort
https://storage.googleapis.com/ksn
https://storage.googleapis.com/letshort
https://storage.googleapis.com/negasportesoq
https://storage.googleapis.com/timessqurerounda
https://storage.googleapis.com/totalquiresotima
https://storage.googleapis.com/wingoodsnwessserveronne

The buckets seem to contain one or many simple html files with a basic javascript redirect to a rogue spam site. It appends a uel query after the link which I believe tracks the email account of the user who received the email and probably lets the scammer know it is a good email to target.

I took the liberty of changing the redirect for links on one of the buckets (crevvmissionhxs) to the ftc fraud reporting site.. figured it might save a few folks who are naive enough to click on the links from helping the scammers.

<script>
var url= document.location;
var str1=url.toString();
var res = str1.split("#");
// scammers original 'var newurl="http://bad-evil-site/"+res[1];'
// replaced url... 
var newurl="https://consumer.ftc.gov/articles/0210-how-get-less-spam-your-email#everyone";
window.location.href = newurl;
</script>

I have tried submitting reports, chatting with support, forwarding to abuse@google, forwarding to other abuse emails like public-data-abuse@google.com. I was expecting some action taken on buckets that are being used to abuse and spam the internet illegally. Does anyone know how to get through to someone in the Google cloud storage team to take action on these types of accounts? I have been reporting multiple short links to the abuse team at bit.ly and they respond within a day that they took action on bad links - but Google seems to be off in lala land and never responds, or responds with "I don't deal with that.. you need to contact xyz department... here are help pages (I have already looked at and got nowhere with)... etc.".

I have several unanswered reports at


Solution

  • Finally was able to get Google support team to shut down the buckets using https://issuetracker.google.com/issues/330175053