They have actually been scraping ARIN IP space registration data for this and sending threats to people who hold IP space that has absolutely nothing to do with the actual business end user with a DIA circuit and static /30 that downloaded virtualbox. It's a ridiculous abuse of ARIN WHOIS data.

From the point of view of ISPs receiving such threats it is the most preposterous thing ever.