There are two or three things here.<br><br>RIPE is under dutch law and the Netherlands does have a law against spam, and other cybercrime legislation as well that has historically been actively enforced.<br><br>The LIR is under romanian law and that does appear to have some laws against spam on their books but none of it appears to have been tested in court.<br><br>As a LE organization, Europol, like Interpol, deals with coordination and clearinghouse work between national LE and neither is an international police force.<br><br>This simply means that LE or the appropriate regulator in either country where the different parts of this contract exist (the Netherlands - opta or dutch high tech crime police, and whoever are their peers in Romania) should be able to act on this information. <br><br>U.S. LE as well given that the actual perpetrators are there.<br><br>Whether dutch, romanian or US law are able to take cognizance of publicly available information to open an investigation, or they need a local victim of IP hijacking (or an international victim through the normal LE channels) remains to be seen.<br><br>In either case we do need to see how much RIPE NCC can do to exercise its fiduciary duty over v4 space. <br><br>A bank manager who loaned money on the same slapdash implementation of criteria that NCC allocates IP space on (due diligence being interpreted as 'internet policing' might explain that) would be fired and/or prosecuted in very short order indeed.<br><div class="gmail_quote">On Fri, 7 Nov 2014 at 02:21 Reza Mahmoudi <<a href="mailto:R.mahmoudi@mobinnet.net">R.mahmoudi@mobinnet.net</a>> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">I was wondering if this kind of hijacking falls into the category of Cybercrime and authorities like Europol (<a href="https://www.europol.europa.eu/" target="_blank">https://www.europol.europa.<u></u>eu/</a> ) can help?<br>
<br>
Reza Mahmoudi<br>
______________________________<u></u>__________<br>
From: <a href="mailto:anti-abuse-wg-bounces@ripe.net" target="_blank">anti-abuse-wg-bounces@ripe.net</a> [<a href="mailto:anti-abuse-wg-bounces@ripe.net" target="_blank">anti-abuse-wg-bounces@ripe.<u></u>net</a>] on behalf of Ronald F. Guilmette [<a href="mailto:rfg@tristatelogic.com" target="_blank">rfg@tristatelogic.com</a>]<br>
Sent: Friday, November 07, 2014 12:02 AM<br>
To: <a href="mailto:anti-abuse-wg@ripe.net" target="_blank">anti-abuse-wg@ripe.net</a><br>
Subject: Re: [anti-abuse-wg] Hijack Factory: AS201640 / AS200002<br>
<br>
In message <20141106150814.GX31092@Space.<u></u>Net>,<br>
Gert Doering <<a href="mailto:gert@space.net" target="_blank">gert@space.net</a>> wrote:<br>
<br>
>In this particular case, I wonder why nobody is yelling at the upstream<br>
>who is happily forward packets for that AS... due dilligence at<br>
>accepting customer prefixes would have easily caught the announcements.<br>
<br>
I personally would be ``yelling at the upstream'' right now, but someone<br>
made a comment on the NANOG mailing list which sort-of hinted that this<br>
would be entirely futile in the case of AS200002. I don't know, but I<br>
suspect that he already knows something that I don't know, so I'm not<br>
wasting my time on sending comlaints to an entity that, it seems, may<br>
perhaps not give a damn.<br>
<br>
>(Yes, I understand that I'm now officially part of the problem, as<br>
>I'm obviously not willing to do everything technically possible to<br>
>stop particular sorts of badness)<br>
<br>
To the extent that you might be able to avoid forwarding route<br>
announcements which originate from AS201640, allow me to express<br>
my personal opinion that doing so would be admirable.<br>
<br>
<br>
Regards,<br>
rfg<br>
<br>
<br>
--<br>
This email was Virus checked by Juniper Security Gateway.<br>
</blockquote></div>