This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
JORDI PALET MARTINEZ
jordi.palet at consulintel.es
Fri Mar 22 12:13:14 CET 2019
Hi Erik, Using ----> because for some reason this email is not being automatically "quoted" correctly in my email client. Regards, Jordi El 21/3/19 23:54, "anti-abuse-wg en nombre de Erik Bais" <anti-abuse-wg-bounces at ripe.net en nombre de ebais at a2b-internet.com> escribió: Dear WG, I've read the proposal and the discussion that has been posted in the last couple of days. In the current form, I would like to state that I wouldn't support the proposal. I would like to give some history about BGP hijacks and specifically 2 that have been widely published (at least in the Netherlands for 1 in particular..) and another one after people found out via Wikileaks (Hacking Team involvement). The first one was when Bulgarian spammers hijacked IP space of the Ministry of Foreign Affairs in the Netherlands.. for more than 10 days.. without the Dutch ministry noticing .. BTW. Spamhaus did .. and listed their prefixes along with other prefixes from the hijackers. The ministry stated the IP space wasn't in use or announced .. at least not announced in BGP by them .. After the hijack came to surface, a Dutch national newspaper published a story about it.. and questions to the responsible minister were asked how / why / who was responsible / why didn't anyone notice etc etc. https://www.volkskrant.nl/wetenschap/ip-adressen-ministerie-gekaapt-door-bulgaren~b75ad982/ ( Dutch article ) https://tweakers.net/nieuws/104975/ip-adressen-buza-gekaapt-via-bgp-hijacking.html ( Dutch tech site article ) The official reaction to Dutch parliament was, that it was too hard to prosecute or even find the actual people behind the hijack and they decided not to go after them. While in fact there was the option to request the administrative information known at the RIPE NCC and the AMS-IX where they consumed services and had payment details and perhaps even more (both are Dutch entities and required to provide the information when asked by the Dutch authorities). But perhaps it was just not important enough to look into it and request the Bulgarian government to hand over some of their citizens.... as the Dutch government might needed the Bulgarian assistance in 2014/2015 during the refugee influx and their support in the EU. #politics Even IF they would have proceeded .. under Dutch law, BGP Hijacking isn't a criminal offence and as a result, not directly illegal or criminal.. Performing a (D)DOS or breaking into a computer system is.. but BGP hijacking as such isn't. Especially if the IP space wasn't in use.. so nothing broke or stopped working .. --------> There are plenty of "bad" things, especially in Internet which are not classified as such, but if you go to the courts will get punished, or at least warned. Law is slow the change and adapt to new times. Let give me an example. Let's suppose "A" has a flat. "A" is renting it to "B". "B" is not using it. "C" knows it, so usurp that property. Not just that but is creating troubles to neighbor's "X" "Y" "Z", such as smoke with the BBQ, too loud music. Even if "A" is not being impacted at all (because "B" still pay the bills"), what "B" is doing is against law. * Usurpation is against law. * Spam is also against law, as it is DDoS and many other things (and some of them are not classified as "such" by the law, but by comparison, in the real-life cases they are considered) * add here other acts against law that I'm forgetting, I'm sure there are Law can't cover every possible "example" of "bad actions", which doesn't mean they are illegal. Law allows membership organizations, such as RIPE, to setup their own by-laws and protect them. Law allows you to enforce by-laws, at a minimum with a very simple mechanism: if you don't follow by-laws, you're in breach, and we can cancel the membership. I really think the Dutch government did very bad not making a courts case on this, but that's a different debate ... --------> So even if they would get the Bulgarian spammer/hijackers in front of a Dutch judge .. the change was that ... they would walk, because there was no harm done .. No law was broken, no system invaded and nothing stopped working . . . ( Full disclosure I'm not a lawyer, but this is the information that I was handed at the time.. ) The Dutch cyber prosecutor wasn't even sure under which section of the Dutch Criminal law (Strafrecht) this might fall and he suggested 'perhaps .. Art. 161 sexies Sr - https://twitter.com/Byte_Fighter/status/625012729171025920 ) That can be found here : (in Dutch ) https://maxius.nl/wetboek-van-strafrecht/artikel161sexies Where it mentions ( He who deliberately destroys, damages or disables any automated telecommunications work, causes a disturbance in the workings or operation of such work, or defeats a safety measure taken in relation to such work, shall be punished: ) - * Google Translate translation... The other version of a quite known BGP Hijack is the one of Hacking Team, who acted on behalf of the Italian government (Police) to re-activate a RAT Command and Controll server after a bulletproof hoster (Santrex) went down. And that particular C&C was important enough to regain control over, as it was part of an active operation of the ROS. ( https://en.wikipedia.org/wiki/Raggruppamento_Operativo_Speciale ) More insight on that BGP Hijack - https://arstechnica.com/information-technology/2015/07/hacking-team-orchestrated-brazen-bgp-hack-to-hijack-ips-it-didnt-own/ So in this case, the Italian Police (ROS) used (forced??) an Italian ISP to hijack some IP space to regain control of their lost RAT C&C server.. (endpoint for RAT infected machines.) This wasn't an accident .. but was it criminal by the ISP to assist their local police ? And what would have been the impact if they didn't . . ? --------> 1) Police can't enforce any ISP to do anything. A court order can to. 2) If there is a court order for such thing (which I really doubt), you can appeal it. 3) If there is a court order you will have written documents, and you have the right to publish them. Sometimes not immediately, but in the case that because the court order you're being punish because the experts report, the judge will *definitively* allow you to provide it to RIPE and the experts, via NDA, or the board in the worst case, will tell the community that this is involved in a court case and can't be "punish", or even better the case will be dismissed before started. --------> These are your/our tax dollars at work ... They either don't care or are the bad actor themselves. So the customers that hold an SSA or End-User Agreement (PI Holders for IP space and AS number) look to be the 'target' of the policy, however that leaves out the legacy resource holders.. And with the current transfer policies in place, yes it is possible to obtain a legacy AS number and a legacy IPv4 prefix ...for yourself .. and those can't be 'retrieved' with this policy .. And even with the policy, it isn't the RIPE NCC that COULD de-register them as they are not allocated by the RIPE NCC in the first place ... So Legacy holders (resources with a legacy status) are for obvious reasons, excluded for penalties and out of reach. Also according to the policy that specifies services to Legacy holders, as this policy doesn't state that it wants to include and impact legacy holders. --------> Isn't a bad thing that legacy resources, when transferred don't lose that status (and this only happens, unless I'm mistaken in RIPE) ? Should we consider changing that? --------> The biggest issue what I see in this policy, is that the RIPE NCC ( either themselves or the Exec Board. ) is desired / aimed to pull the trigger on a membership or contractual relationship. This is huge no no imho. These kind of actions or decisions should be kept out of the RIPE NCC office and the actual case and decision should be made by a court and court order. If the RIPE NCC would like to stay neutral, it can't be the executor or be held liable for any decisions like this, handed to them (even by an external 'expert' ) on these matters. If someone likes to make the case that someone is in violation, there should be a neutral judge that should review the case and the accuser can go to the RIPE NCC with the result .. And the RIPE NCC will just execute based on the outcome. Handing those kind of decisions to the RIPE NCC or the Exec Board is a sliding scale .. and open to scope creep. I would be very careful with what we are wishing for .. --------> I think you're wrong on this. As said law protects the membership organizations about bad members. Nothing new here. --------> I can understand the sentiment or intent of the policy, but I'm against any form of policy where the RIPE NCC or the Exec Board will be involved in the actual decision like this as it will impact their neutral status and the fact they are opening themselves for liability claims. Again I'm not a lawyer, but I have huge concerns about this. --------> I guess the impact analysis will tell us. Not sure if the NCC can check the "legal validity" of this proposal and somehow "advanced" at least informally before the impact analysis, so we can take that in consideration in a new version? --------> Kind regards, Erik Bais - Sorry for the long read.. - On 19/03/2019, 13:41, "anti-abuse-wg on behalf of Marco Schmidt" <anti-abuse-wg-bounces at ripe.net on behalf of mschmidt at ripe.net> wrote: Dear colleagues, A new RIPE Policy proposal, 2019-03, "BGP Hijacking is a RIPE Policy Violation", is now available for discussion. The goal of this proposal is to define that BGP hijacking is not accepted as normal practice within the RIPE NCC service region. You can find the full proposal at: https://www.ripe.net/participate/policies/proposals/2019-03 As per the RIPE Policy Development Process (PDP), the purpose of this four-week Discussion Phase is to discuss the proposal and provide feedback to the proposer. At the end of the Discussion Phase, the proposers, with the agreement of the Anti-Abuse WG co-chairs, decide how to proceed with the proposal. We encourage you to review this proposal and send your comments to <anti-abuse-wg at ripe.net> before 17 April 2019. Kind regards, Marco Schmidt Policy Officer RIPE NCC Sent via RIPE Forum -- https://www.ripe.net/participate/mail/forum ********************************************** IPv4 is over Are you ready for the new Internet ? http://www.theipv6company.com The IPv6 Company This electronic message contains information which may be privileged or confidential. The information is intended to be for the exclusive use of the individual(s) named above and further non-explicilty authorized disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited and will be considered a criminal offense. If you are not the intended recipient be aware that any disclosure, copying, distribution or use of the contents of this information, even if partially, including attached files, is strictly prohibited, will be considered a criminal offense, so you must reply to the original sender to inform about this communication and delete it.
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]