This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] (no subject)
- Previous message (by thread): [anti-abuse-wg] Call For Agenda Items - RIPE 73
- Next message (by thread): [anti-abuse-wg] (no subject)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Thu Aug 11 14:15:50 CEST 2016
Subject: Re: [anti-abuse-wg] Russian carding... no, Islandic carding... no Belizian carding! Fcc: outbox -------- andre at ox.co.za wrote: >1. When we find crime, child porn, credit card scams, etc on networks, >we should immediately report it to the Police in the jurisdiction where >the data is. The above is delusional on so many levels I'm not sure even where to begin. In the first place, who exactly is this royal "we"? In the second place, what exactly is the "jurisdiction where the data is" for 82.221.130.101? Is that Belize? Is that Iceland? Is that Russia? Do you know? Does RIPE NCC know? If you are claiming that you know, then please do enlighten us... or at least me... as to exactly HOW you know the actual jurisdiction is in this case. Thirdly, weren't you the same fellow who was just arguing a few messages back that "crime" only exists in relation to a specific jurisdiction anyway? maybe the *real* jurisdiction of 82.221.130.101 is the Principality of Sealand, where there are no laws prohibiting the buying and selling of other people's credit card numbers. So what "should" we do then? Finally, did you miss it when I posted, just not very long ago, the following link to a BBC story that describes in some detail that police are overwehelmed and that they can't even keep up with this the great and growing masses of cybercrime anymore? http://www.bbc.com/news/uk-36731694 >We must not, discuss this on a public list before the Police has at >the very least, had the opportunity to first ensure that they have >secured the data/servers/evidence that may be required to prosecute. Gee! And here I was starting to think that you were in favor of free speech on the Internet! I guess not. Sorry. My mistake. (You apparently want to tell me what I "must not" say. That's not my definition of free speech.) Also, I refer you again to this: http://www.bbc.com/news/uk-36731694 and I remind you again that you are living in a fantasy world. Speaking from direct personal experience, it doesn't matter how many months of lead time you give law enforcement. They simply DO NOT put down their doughnuts and rush out to image servers until *after* reports of serious cybercrimes appear in the media. These days, the only times when they are actually pro-active and actually ahead of the curve is in terrorism-related cases. >2. If, after a reasonable amount of time, we receive no feedback (as in >back off, we are investigating this - or we are busy prosecuting or >whatever) then we should do what? See above. For a long while I did exactly what you think should be done. I tried to always inform law enforcement early and often, about all of the really bad crap I found. And I gave them a fair opportunity to tell me to keep quiet, because they had an ongoing investigation. So far, no matter what I've reported to them, and no matter how bad it was, they haven't even given me a courtesy call back. In short, they are worse than useless. They are a waste of my time. They don't care what I do or say or find, and I no longer care what they do or say or think or find. On those rare occasions when they actually do bust some cybercriminal, I applaud them, but usually the arrest only comes years after the criminals have already been well-known to be doing their crimes. (And as I learned recently, in Russia, at least, when a criminal of any kind gets busted, the authorities don't even release their names. So as a non-LE person, you can't even be sure that the Russians aren't just making the whole thing up for publicity reasons, you know, to make Putin look good, like the _alleged_ arrest of "fifty" cybercriminals that is _alleged_ to have taken place in Russia earlier this year. What a nice round number to release to the media!) >...but you cannot simply find a random domain, note content on it that seems >as if there may possibly be criminal activity and/or abuse. I can't? Oh. Sorry. Too late! I already did. Sorry. I didn't know that rule until now. :-) >I cannot publish anything about this website or this content on there >as their is simply no due process, no proof of actual illegal activity, >no actual trial, guilt, verdict, etc. That's quite alright, YOU don't have to. I already did. See, *I* don't have the power of a state. I can't send people to jail. I can only bad-mouth them in public and hope that other people realize what criminals they are, and then stop trading packets with them. Because the penalities that I personally can impose are so limited and weak, I don't have to make a case against any party "beyond a reasonable doubt". If I make a case aganst a party where the "preponderance of the evidence" (i.e. 51%) says that they are guilty, then people who read what I write, and agree with my analysis may stop accepting packets from the crooks I identify. That is a reasonable outcome. >We should start filtering/editing/censoring content deciding to >'null-route' entire IP ranges because of our content decisions? I do it every day, at least for my own server. It's called "spam filtering". (I don't like spam.) >seriously? Oh yes, seriously. >We can also maybe build a huge wall around our networks? Maybe we >should not route any traffic that we have not properly inspected? Works for me! Sounds like a perfect description of my firewall. Regards, rfg
- Previous message (by thread): [anti-abuse-wg] Call For Agenda Items - RIPE 73
- Next message (by thread): [anti-abuse-wg] (no subject)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]