[anti-abuse-wg] More funny business involvolving the RIPE Route Registry

I'd like to call the attention of all of you to a NANOG posting that I made
recently:

   https://mailman.nanog.org/pipermail/nanog/2017-August/091954.html

It would appear that the network AS29073, formerly known as Ecatel, and
also formerly known as Quasi Networks, and now known as Novogara Ltd. may
be having a spot of bother soon.

The English translation of a document that I was given a link to today
appears to indicate that some or all of the principals behind this specific
"bullterpoof hosting" company have been ordered by a Dutch court to answer
some pointed questions about their ownnership and/or control over this
"Seychelles Islands" company, and perhaps also about their alleged tendency
to provide hosting for other people's intellectual property:

   https://uitspraken.rechtspraak.nl/inziendocument?id=ECLI:NL:RBDHA:2017:9026&showbutton=true

That, of course, is not really -my- main concern.  I am at the moment
rather more concerned about the manner in which they came to be doing
routing for a particular legacy Afrinic /14 block, i.e. the 196.16.0.0/14
block.  That has not been adequately explained as of now, I think.

I wonder if any of you on this list peer with this network, AS29073
and if so, why.  It seems to have a rather colorful reputation, to say
the least:

    http://www.cyberlightglobal.com/is-another-attack-on-western-financial-institutions-imminent/

    http://news.softpedia.com/news/complex-bitcoin-phishing-scheme-leads-back-to-rogue-web-hosting-firm-505511.shtml

    https://umbrella.cisco.com/blog/2016/06/20/bitcoin-wallet-phishes-reveal-rogue-hosts/

    https://techcrunch.com/2012/08/04/grum-inside-the-takedown-of-one-of-the-worlds-biggest-spam-networks/

I can speak another time about how easy it was, apparently, for these
clever fellows to slip a route object into the RIPE data base which
would seem to sanction their routing of the suspect block in question.


Regards,
rfg