CenturyLink caught trying to steal customers despite promising court it wouldn’t, promises it won't do it again

Two-faced ISP gets $250,000 tickle, will be watched by independent monitor

CenturyLink has been caught trying to steal rivals’ customers despite signing a court document promising it would do no such thing.

As part of gaining approval from the US government for its proposed $34bn takeover of Level 3, CenturyLink agreed in 2018 to sell some of its new acquisition's fiber networks in several metro areas to ensure there was some degree of competition in the market.

But in a settlement published [PDF] on Friday, the Department of Justice said it has since discovered that the ISP had started putting in phone calls to specific customers trying to win back their business, just two months after it signed the agreement promising it wouldn’t do so for another two years.

The agreement was signed on March 2018, and in May 2018, calls to more than 70 large customers were made by a dedicated CenturyLink team dubbed the Inside Sales Channel. The sales effort continued for over 18 months until the government started investigating, and the calls to the former Level 3 customers stopped.

The line was so clearly crossed that CenturyLink has not attempted to challenge the government complaint and has agreed to its three main terms: the sales ban will be extended by a further two years; during that time CenturyLink will be scrutinized by an independent monitor to ensure they actually follow the agreement this time; and it will pay $250,000 to the DoJ to cover its costs and attorney fees.

Contact high

“CenturyLink violated the court-ordered Final Judgment designed to prevent anticompetitive effects arising from its acquisition of Level 3 Communications,” read the official announcement.

“Despite provisions in the Final Judgment barring CenturyLink from soliciting customers that switched to the buyer of the divestiture assets, CenturyLink failed to comply, initiating contact on over 70 occasions over more than a year with former Level 3 customers who elected to switch to the divestiture buyer in the Boise City-Nampa, Idaho MSA. CenturyLink does not deny the United States’ allegations and has agreed to the Amended Final Judgment.”

A woman holding a broken phone cable

How four rotten packets broke CenturyLink's network for 37 hours, knackering 911 calls, VoIP, broadband


In an effort to prevent it from doing the same thing again, the original agreement has also been updated to include several new provisions. Now, if CenturyLink is caught breaking the agreement again, it “may be held in contempt,” and the agreement can be extended still further.

The government will also have up to four years after the new agreement expires to go back and see if the company held up its side of the bargain.

Is a slap on the wrist enough to stop one of the largest telcos in America with over $22bn in annual revenue from trying to destroy its competition, when it was willing to pay $34bn to buy Level 3 in the first place just to do that, and then break a government contract?

Yes, of course it is because under this new agreement CenturyLink would get an even harder slap on the wrist if it broke the rules. Makes perfect sense. ®

Narrower topics

Other stories you might like

  • Trio accused of selling $88m of pirated Avaya licenses
    Rogue insider generated keys, resold them to blow the cash on gold, crypto, and more, prosecutors say

    Three people accused of selling pirate software licenses worth more than $88 million have been charged with fraud.

    The software in question is built and sold by US-based Avaya, which provides, among other things, a telephone system called IP Office to small and medium-sized businesses. To add phones and enable features such as voicemail, customers buy the necessary software licenses from an Avaya reseller or distributor. These licenses are generated by the vendor, and once installed, the features are activated.

    In charges unsealed on Tuesday, it is alleged Brad Pearce, a 46-year-old long-time Avaya customer service worker, used his system administrator access to generate license keys tens of millions of dollars without permission. Each license could sell for $100 to thousands of dollars.

    Continue reading
  • International operation takes down Russian RSOCKS botnet
    $200 a day buys you 90,000 victims

    A Russian operated botnet known as RSOCKS has been shut down by the US Department of Justice acting with law enforcement partners in Germany, the Netherlands and the UK. It is believed to have compromised millions of computers and other devices around the globe.

    The RSOCKS botnet functioned as an IP proxy service, but instead of offering legitimate IP addresses leased from internet service providers, it was providing criminals with access to the IP addresses of devices that had been compromised by malware, according to a statement from the US Attorney’s Office in the Southern District of California.

    It seems that RSOCKS initially targeted a variety of Internet of Things (IoT) devices, such as industrial control systems, routers, audio/video streaming devices and various internet connected appliances, before expanding into other endpoints such as Android devices and computer systems.

    Continue reading
  • Feds raid dark web market selling data on 24 million Americans
    SSNDOB sold email addresses, passwords, credit card numbers, SSNs and more

    US law enforcement has shut down another dark web market, seizing and dismantling SSNDOB, a site dealing in stolen personal information.

    Led by the IRS' criminal investigation division, the DOJ, and the FBI, the investigation gained control of four of SSNDOB's domains, hobbling its ability to generate cash. The agents said it raked in more than $19 million since coming online in 2015.

    Continue reading
  • US won’t prosecute ‘good faith’ security researchers under CFAA
    Well, that clears things up? Maybe not

    The US Justice Department has directed prosecutors not to charge "good-faith security researchers" with violating the Computer Fraud and Abuse Act (CFAA) if their reasons for hacking are ethical — things like bug hunting, responsible vulnerability disclosure, or above-board penetration testing.

    Good-faith, according to the policy [PDF], means using a computer "solely for purposes of good-faith testing, investigation, and/or correction of a security flaw or vulnerability."

    Additionally, this activity must be "carried out in a manner designed to avoid any harm to individuals or the public, and where the information derived from the activity is used primarily to promote the security or safety of the class of devices, machines, or online services to which the accessed computer belongs, or those who use such devices, machines, or online services."

    Continue reading
  • US brings first-of-its-kind criminal charges of Bitcoin-based sanctions-busting
    Citizen allegedly moved $10m-plus in BTC into banned nation

    US prosecutors have accused an American citizen of illegally funneling more than $10 million in Bitcoin into an economically sanctioned country.

    It's said the resulting criminal charges of sanctions busting through the use of cryptocurrency are the first of their kind to be brought in the US.

    Under the United States' International Emergency Economic Powers Act (IEEA), it is illegal for a citizen or institution within the US to transfer funds, directly or indirectly, to a sanctioned country, such as Iran, Cuba, North Korea, or Russia. If there is evidence the IEEA was willfully violated, a criminal case should follow. If an individual or financial exchange was unwittingly involved in evading sanctions, they may be subject to civil action. 

    Continue reading
  • Ukrainian crook jailed in US for selling thousands of stolen login credentials
    Touting info on 6,700 compromised systems will get you four years behind bars

    A Ukrainian man has been sentenced to four years in a US federal prison for selling on a dark-web marketplace stolen login credentials for more than 6,700 compromised servers.

    Glib Oleksandr Ivanov-Tolpintsev, 28, was arrested by Polish authorities in Korczowa, Poland, on October 3, 2020, and extradited to America. He pleaded guilty on February 22, and was sentenced on Thursday in a Florida federal district court. The court also ordered Ivanov-Tolpintsev, of Chernivtsi, Ukraine, to forfeit his ill-gotten gains of $82,648 from the credential theft scheme.

    The prosecution's documents [PDF] detail an unnamed, dark-web marketplace on which usernames and passwords along with personal data, including more than 330,000 dates of birth and social security numbers belonging to US residents, were bought and sold illegally.

    Continue reading

Biting the hand that feeds IT © 1998–2022