[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)

In message <alpine.LRH.2.21.1903220821090.28269 at gauntlet.corp.fccn.pt>, 
Carlos <cfriacas at fccn.pt> wrote:

>> 5. "These are your/our tax dollars at work ...  They either don't care 
>> or are the bad actor themselves."
>
>It depends on the viewpoint and the available set of evidence. In this 
>case it can also be argued that it was a good actor. :-)

I cannot let this pass without reiterating what I said in a prior response.

Neither Hacking Team nor the bullet-proof hosting company that it employed
("Santrex") for its nefarious purposes, prior to the now-notorious hijacking
incident were in any sense "good actors".  And I encourage everyone to fully
familiarize themselves with this case.

https://krebsonsecurity.com/2015/07/hacking-team-used-spammer-tricks-to-resurrect-spy-network/
https://krebsonsecurity.com/2016/08/the-reincarnation-of-a-bulletproof-hoster/

Please note that folliowing the demise of Santrex, the company appears
to have been "reincarnated" under the name of HostSailor, and that this
name was one of several such "bullet proof" hosting companies that were
mentioned explicitly by Dhia Mahjoub - Head of Security R&D, Cisco Umbrella,
in his presentation at RIPE 77:

https://ripe77.ripe.net/wp-content/uploads/presentations/134-RIPE77_Anti_Abuse_WG.pdf
https://ripe77.ripe.net/archives/video/2286/
(See slide #11, top right center).

Hostsailor is, of course, at the present time, a member in good standing of
RIPE, with a considerable amount of RIPE-issued number assets at its disposal:

https://www.ripe.net/membership/indices/data/ae.sailorhost.html
https://bgp.he.net/AS60117


Regards,
rfg