This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/anti-abuse-wg@ripe.net/
[anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Ronald F. Guilmette
rfg at tristatelogic.com
Sun Mar 31 22:54:42 CEST 2019
In message <alpine.LRH.2.21.1903312003441.29965 at gauntlet.corp.fccn.pt>, =?ISO-8859-15?Q?Carlos_Fria=E7as?= <cfriacas at fccn.pt> wrote: >2019-03 aims to create an inexistent rule, that could lead to >consequences... Speaking of which, I wonder if anyone here might happen to know the penality, under Dutch law, for knowingly receiving stolen property, or cash? I only ask because I did notice, just yesterday, the fact that AS205869, aka Universal IP Solution Corp. is apparently still, to this day, a member in good standing (and dues-paying member) of RIPE. And this is true even MONTHS after the company was publicly identified as having been one of two entities behind a large scale "ad fraud" scheme, publicly documented by Google and their partners, WhiteOps, and which netted the criminals behind it an alleged $29 million of ill-gotten gains: https://arstechnica.com/information-technology/2018/12/how-3ves-bgp-hijackers-eluded-the-internet-and-made-29m/ This entire sophisticated ad fraud scheme resulted in multiple U.S. federal grand jury indictments: https://www.justice.gov/usao-edny/press-release/file/1114576/download Unfortunately, many of those criminally charged are still at large, and thus, they are able to continue doing business with, and paying dues to RIPE. To say that any such funds now being paid to RIPE are "tainted" would be a rather gross understatement. This is the elephant in the room that none of the opponents of 2019-03 wants to talk about, i.e. the rather inconvenient fact that RIPE, due to its intransigent lethargy, is quite apparently doing business, even as we speak, with known and well-identified cyber-criminals. So, when it comes time for RIPE to answer, in a Dutch court, for this continued and ongoing support of known criminals, what will be RIPE's response? I can see it all now... "Oh! Gee! Sorry your honor! We are an association, under Dutch law, and our by-laws require us not to adopt any policies that do not obtain 100% consensus of ALL of our members, and thus, because our members are a rambunctious lot, and because at least some of them don't really mind that much being associated with criminals, we have been unable to adopt any new governing rules for our association that would actually prohibit us from receiving stolen money. Can we go now?" Yea. *That* defense is sure to work... NOT! Perhaps some of the people here who have speculated aloud about the (dim) possibility that RIPE might someday accrue some civil liability for having kicked out members who are hijackers could perhaps spare a moment or two in their busy schedules to give at least some thought to the vastly greater potential liability, both civil and criminal, that might accrue to RIPE if it continues, as it is now doing, to support and sell services to known cyber-criminals. Note that when and if a day of legal judgement finally arrives for *these* failures, RIPE will also not be able to avail itself of either of the two other traditional defenses that have been trotted out, in the past, to try to excuse the inexcusable. I am speaking of course of the "we didn't know" defense and the "we were just following orders" defense. RIPE clearly *does* know about the nature and purpose of Universal IP Solution Corp., and if it doesn't know, then it can only be because RIPE is -willfully- electing to remain ignorant. Separately, RIPE can certainly attempt to claim that it was "just following the orders" of its membership, but that defense is likely to fall on deaf ears also... as it has in the past. So where are all of the members who earlier, and right here on this mailing list, worried aloud about legal liability? Why are they apparently NOT worrrying about the legal liability that may arise from seeing evil and doing nothing whatsoever to impede it, or to even stop doing business with it? Apparently, the potential for legal liability is only an issue when concern abou the potential for that is used as an argument to support those conservatives who wish to do nothing at all. When viewed objectively and even-handedly however, arguments in favor of doing nothing which are based on the "legal liability" bogeyman can be easily seen to be rather entirely disingenuous, because it is self-evident that the *real* and far more serious potential for legal liability lies with continuing to have RIPE support and sell services to cyber-criminals, as it is now, quite apparently, doing. Regards, rfg
- Previous message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
- Next message (by thread): [anti-abuse-wg] 2019-03 New Policy Proposal (BGP Hijacking is a RIPE Policy Violation)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]