Fw: Re: @EXT: RE: RIPE NCC Executive Board election
Dear Sara. It is very interesting what you say, every day we have attacks and problems related to cyber attacks, where the only action we can do is protect ourselves, there is no mechanism to fight hackers, we always depend on the goodwill of other colleagues in Europe they handle abuse emails, which unfortunately most of the time is useless. Many times we have hackers perfectly located, many are kids with a lot of ability to annoy, but little to protect themselves (we often find them in forums) We need a direct route of contact, with guarantees that something can be done, something that is not at a political level, such as in this group, where ripe members can only collaborate with each other, but beyond that there is nothing that RIPE can do to help us in this situations. Kind regards. Javier [DIGITAL VALUE SL] Javier Martín Departamento de Gestión | DIGITAL VALUE SL tel: +34 963162089 [tel:+34 963162089] site: digitalvalue.es [http://digitalvalue.es] email: javier.martin@digitalvalue.es [mailto:javier.martin@digitalvalue.es] dirección: Av. Ausias March 104, bajo - 46026 - Valencia Sobre 17/04/2020 10:54:58, Marcolla, Sara Veronica <sara.marcolla@europol.europa.eu> escribió: Hi Maxi, Technical innovation can be harnessed for social good, but just as readily for nefarious ends. This is truer of cybercrime than of perhaps any other crime area. And cybercriminals are also getting more aggressive. That’s why Europol and its partner organisations are taking the fight to them on all fronts. Encouraging all members of the Internet community to join the fight against crime is one of the objectives of the Cybercrime centre, and working together with public-private partnerships is the best way to achieve these results. If you are interested, you can find out more on our official website: https://www.europol.europa.eu/crime-areas-and-trends/crime-areas/cybercrime [https://www.europol.europa.eu/crime-areas-and-trends/crime-areas/cybercrime]. Kind regards, Sara Marcolla Europol - O3 European Cyber Crime Centre (EC3) www.europol.europa.eu [http://www.europol.europa.eu/] From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> On Behalf Of Maxi Sent: 17 April 2020 10:43 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] RIPE NCC Executive Board election Hey, Is this the official point of view from Europol? If so, please have in mind that the RIPE NCC has to follow certain court rules. The RIPE NCC should stay neutral, because only courts could decide if something is illegal or not. //Maxi Impressum: Zeug e.K. Hochstraße 15 92637 Theisseil Inhaber: Maximilian Schieder Telefon: 015678 572314 E-Mail: maxi@zeug.co [mailto:maxi@zeug.co] Registergericht: Amtsgericht Weiden in der Oberpfalz Registernummer: HRA 2907 ******************* DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it. Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated. *******************
If they were all kids in their mommies basements instead of part of an organised crime underground as often as not .. --srs ________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Javier Martín <javier.martin@centrored.net> Sent: Friday, April 17, 2020 2:39:05 PM To: Marcolla, Sara Veronica <sara.marcolla@europol.europa.eu>; Maxi <maxi@zeug.co>; JORDI PALET MARTINEZ via anti-abuse-wg <anti-abuse-wg@ripe.net> Subject: [anti-abuse-wg] Fw: Re: @EXT: RE: RIPE NCC Executive Board election Dear Sara. It is very interesting what you say, every day we have attacks and problems related to cyber attacks, where the only action we can do is protect ourselves, there is no mechanism to fight hackers, we always depend on the goodwill of other colleagues in Europe they handle abuse emails, which unfortunately most of the time is useless. Many times we have hackers perfectly located, many are kids with a lot of ability to annoy, but little to protect themselves (we often find them in forums) We need a direct route of contact, with guarantees that something can be done, something that is not at a political level, such as in this group, where ripe members can only collaborate with each other, but beyond that there is nothing that RIPE can do to help us in this situations. Kind regards. Javier [DIGITAL VALUE SL] Javier Martín Departamento de Gestión | DIGITAL VALUE SL tel: +34 963162089<tel:+34%20963162089> site: digitalvalue.es<http://digitalvalue.es> email: javier.martin@digitalvalue.es<mailto:javier.martin@digitalvalue.es> dirección: Av. Ausias March 104, bajo - 46026 - Valencia Sobre 17/04/2020 10:54:58, Marcolla, Sara Veronica <sara.marcolla@europol.europa.eu> escribió: Hi Maxi, Technical innovation can be harnessed for social good, but just as readily for nefarious ends. This is truer of cybercrime than of perhaps any other crime area. And cybercriminals are also getting more aggressive. That’s why Europol and its partner organisations are taking the fight to them on all fronts. Encouraging all members of the Internet community to join the fight against crime is one of the objectives of the Cybercrime centre, and working together with public-private partnerships is the best way to achieve these results. If you are interested, you can find out more on our official website: https://www.europol.europa.eu/crime-areas-and-trends/crime-areas/cybercrime. Kind regards, Sara Marcolla Europol - O3 European Cyber Crime Centre (EC3) www.europol.europa.eu<http://www.europol.europa.eu/> From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> On Behalf Of Maxi Sent: 17 April 2020 10:43 To: anti-abuse-wg@ripe.net Subject: Re: [anti-abuse-wg] RIPE NCC Executive Board election Hey, Is this the official point of view from Europol? If so, please have in mind that the RIPE NCC has to follow certain court rules. The RIPE NCC should stay neutral, because only courts could decide if something is illegal or not. //Maxi Impressum: Zeug e.K. Hochstraße 15 92637 Theisseil Inhaber: Maximilian Schieder Telefon: 015678 572314 E-Mail: maxi@zeug.co<mailto:maxi@zeug.co> Registergericht: Amtsgericht Weiden in der Oberpfalz Registernummer: HRA 2907 ******************* DISCLAIMER : This message is sent in confidence and is only intended for the named recipient. If you receive this message by mistake, you may not use, copy, distribute or forward this message, or any part of its contents or rely upon the information contained in it. Please notify the sender immediately by e-mail and delete the relevant e-mails from any computer. This message does not constitute a commitment by Europol unless otherwise indicated. *******************
Hi Javier
Many times we have hackers perfectly located, many are kids with a lot of ability to annoy, but little to protect themselves (we often find them in forums)
If many hackers are kids, we don't have legal problem, but we fail as society. I think it's beyond the scope of the WG to address this problem. But I do feel, that states need to also take care of children that show talent in cyber matters. We do it for athletes, making sure these kids can spend their energy in sorting competition rather than some destructive behaviour. Cyber Criminals are good at spotting and fostering talent in foras. No on get's up in the morning and say, gosh today I become a cyber criminal. Best Serge -- Dr. Serge Droz Chair of the FIRST Board of Directors https://www.first.org
Good morning to everybody. Maybe I have not explained myself well. My problem is not that they are children or adults, my problem is that there are hackers, and they do what they want, they even own ips in RIPE, and there is no way to do anything, that is the problem that affects us. The question for me is if we are going to remain motionless or if we are going to act together to counter the situation. The good ones are tied hand and foot, and the bad ones have free field to disturb at ease. Kind regards Javier Javier Martín Departamento de Gestión | CentroRed tel: +34 952200958 [tel:+34 963162089] site: centrored.com email: javier.martin@digitalvalue.es [mailto:javier.martin@digitalvalue.es] dirección: Av. Ausias March 104, bajo - 46026 - Valencia Sobre 17/04/2020 11:21:21, Serge Droz via anti-abuse-wg <anti-abuse-wg@ripe.net> escribió: Hi Javier
Many times we have hackers perfectly located, many are kids with a lot of ability to annoy, but little to protect themselves (we often find them in forums)
If many hackers are kids, we don't have legal problem, but we fail as society. I think it's beyond the scope of the WG to address this problem. But I do feel, that states need to also take care of children that show talent in cyber matters. We do it for athletes, making sure these kids can spend their energy in sorting competition rather than some destructive behaviour. Cyber Criminals are good at spotting and fostering talent in foras. No on get's up in the morning and say, gosh today I become a cyber criminal. Best Serge -- Dr. Serge Droz Chair of the FIRST Board of Directors https://www.first.org
Good morning, as everybody is certainly aware, the antiabuse scenario has become rather complex, so possibly one of the weak points of this group may be its rather wide charter [https://www.ripe.net/participate/ripe/wg/anti-abuse]. With specialized discussions on various other abuse-related topics happening on many different fora around, it is however natural to continue considering this as the central and reference forum for all aspects related with one single important issue: network assets in the RIPE NCC region (IPv4 ranges and ASNs) used in a *dedicated* way by criminals or abusers (that is, excluding abuse from customers of real ISPs about which nothing can be done here besides chatting). These groups are very hungry for "clean" ranges, "bulletproof" ranges, "new" ranges in a scenario where IPv4 costs are raising to the stars - with all this implies in terms, for instance, of corruption as we have seen in the recent AFRINIC case. So, I admit that I am here almost exclusively for informations and discussions about RIPE NCC resources in the hands of criminals, and in this sense I found the information supplied by Ron to be extremely valuable, even if this may not be the best place to have a discussion about it and even if his reference to the position in the list of candidates was probably an unfortunate oversight - but from previous discussions there was no doubt about the identity of the questionable candidate. I would be favorable to either a focusing of the group charter on RIPE NCC resources dedicated to abuse, or to a new workgroup specifically targeting this aspect -- even if the presence of abusers themselves and their facilitators in open groups would limit strongly what the group could achieve operationally. Regards Furio On Fri, Apr 17, 2020 at 11:30:17AM +0200, Javier Martín wrote:
Good morning to everybody.
Maybe I have not explained myself well.
My problem is not that they are children or adults, my problem is that there are hackers, and they do what they want, they even own ips in RIPE, and there is no way to do anything, that is the problem that affects us.
The question for me is if we are going to remain motionless or if we are going to act together to counter the situation. The good ones are tied hand and foot, and the bad ones have free field to disturb at ease.
Kind regards Javier
Javier Martín Departamento de Gestión | CentroRed tel: +34 952200958 [tel:+34 963162089] site: centrored.com email: javier.martin@digitalvalue.es [mailto:javier.martin@digitalvalue.es] dirección: Av. Ausias March 104, bajo - 46026 - Valencia Sobre 17/04/2020 11:21:21, Serge Droz via anti-abuse-wg <anti-abuse-wg@ripe.net> escribió: Hi Javier
Many times we have hackers perfectly located, many are kids with a lot of ability to annoy, but little to protect themselves (we often find them in forums)
If many hackers are kids, we don't have legal problem, but we fail as society. I think it's beyond the scope of the WG to address this problem. But I do feel, that states need to also take care of children that show talent in cyber matters. We do it for athletes, making sure these kids can spend their energy in sorting competition rather than some destructive behaviour. Cyber Criminals are good at spotting and fostering talent in foras. No on get's up in the morning and say, gosh today I become a cyber criminal.
Best Serge
-- Dr. Serge Droz Chair of the FIRST Board of Directors https://www.first.org
Il 17/04/2020 12:33 furio ercolessi <furio+as@spin.it> ha scritto:
Good morning,
as everybody is certainly aware, the antiabuse scenario has become rather complex,
Apologies if I jump into this discussion - I do not work for a RIPE member, I lurk this list to stay up to date with general abuse trends. But there is one thing that escapes me: if, as Ron asserts (and this needs to be proven), there is an ongoing attempt to put into the RIPE NCC Board one or more individuals that are connected with theft of IP space and other abuse, isn't this attempt a gigantic form of abuse in itself, with potential consequences that could go well beyond RIPE and its members and affect the European Internet community as a whole? Why should it not be in topic for the abuse list, and where is it in topic then? -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange vittorio.bertola@open-xchange.com Office @ Via Treviso 12, 10144 Torino, Italy
Vittorio, All of the candidates who have been nominated for the Exec Board at present have met the criteria set down by the NCC and its members. My point here is that it is not up to the AA-WG to interfere in that, rather it is up to the membership of the NCC to decide who they (we in my case as I do work for a member organisation, but I do not usually post here in that specific capacity) wish to see on that Board. Changes to those criteria are similarly decided by NCC members. So, where is the right place to discuss this? The RIPE NCC Members Discuss list, which is limited to members only, is certainly a forum: https://www.ripe.net/participate/mail/ripe-ncc-mailing-lists/members-discuss Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 ________________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Vittorio Bertola via anti-abuse-wg <anti-abuse-wg@ripe.net> Sent: Friday 17 April 2020 12:02 To: furio ercolessi; anti-abuse-wg Subject: Re: [anti-abuse-wg] Fw: Re: @EXT: RE: RIPE NCC Executive Board election CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe.
Il 17/04/2020 12:33 furio ercolessi <furio+as@spin.it> ha scritto:
Good morning,
as everybody is certainly aware, the antiabuse scenario has become rather complex,
Apologies if I jump into this discussion - I do not work for a RIPE member, I lurk this list to stay up to date with general abuse trends. But there is one thing that escapes me: if, as Ron asserts (and this needs to be proven), there is an ongoing attempt to put into the RIPE NCC Board one or more individuals that are connected with theft of IP space and other abuse, isn't this attempt a gigantic form of abuse in itself, with potential consequences that could go well beyond RIPE and its members and affect the European Internet community as a whole? Why should it not be in topic for the abuse list, and where is it in topic then? -- Vittorio Bertola | Head of Policy & Innovation, Open-Xchange vittorio.bertola@open-xchange.com Office @ Via Treviso 12, 10144 Torino, Italy
On 17/04/2020 16:31, Brian Nisbet wrote: Brian is correct. "...it is up to the membership of the NCC to decide who they wish to see on that Board.". Just like in any country (and as we have seen over the past number of years), the citizens get a leadership they deserve not what they want. Unfortunately, so too it will be in RIPE. -Hank
Vittorio,
All of the candidates who have been nominated for the Exec Board at present have met the criteria set down by the NCC and its members. My point here is that it is not up to the AA-WG to interfere in that, rather it is up to the membership of the NCC to decide who they (we in my case as I do work for a member organisation, but I do not usually post here in that specific capacity) wish to see on that Board.
Changes to those criteria are similarly decided by NCC members.
So, where is the right place to discuss this? The RIPE NCC Members Discuss list, which is limited to members only, is certainly a forum:
https://www.ripe.net/participate/mail/ripe-ncc-mailing-lists/members-discuss
Brian Co-Chair, RIPE AA-WG
Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270
________________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of Vittorio Bertola via anti-abuse-wg <anti-abuse-wg@ripe.net> Sent: Friday 17 April 2020 12:02 To: furio ercolessi; anti-abuse-wg Subject: Re: [anti-abuse-wg] Fw: Re: @EXT: RE: RIPE NCC Executive Board election
CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe.
Il 17/04/2020 12:33 furio ercolessi <furio+as@spin.it> ha scritto:
Good morning,
as everybody is certainly aware, the antiabuse scenario has become rather complex, Apologies if I jump into this discussion - I do not work for a RIPE member, I lurk this list to stay up to date with general abuse trends.
But there is one thing that escapes me: if, as Ron asserts (and this needs to be proven), there is an ongoing attempt to put into the RIPE NCC Board one or more individuals that are connected with theft of IP space and other abuse, isn't this attempt a gigantic form of abuse in itself, with potential consequences that could go well beyond RIPE and its members and affect the European Internet community as a whole? Why should it not be in topic for the abuse list, and where is it in topic then?
--
Vittorio Bertola | Head of Policy & Innovation, Open-Xchange vittorio.bertola@open-xchange.com Office @ Via Treviso 12, 10144 Torino, Italy
Hi, On Fri, Apr 17, 2020 at 05:57:31PM +0300, Hank Nussbacher wrote:
On 17/04/2020 16:31, Brian Nisbet wrote:
Brian is correct. "...it is up to the membership of the NCC to decide who they wish to see on that Board.". Just like in any country (and as we have seen over the past number of years), the citizens get a leadership they deserve not what they want. Unfortunately, so too it will be in RIPE.
I thought you do represent a LIR? So you can actually *vote* on who you trust. And, of course, bring forward extra candidates for the EB that you trust and that are willing to do the job. Gert Doering -- NetMaster -- have you enabled IPv6 on something today...? SpaceNet AG Vorstand: Sebastian v. Bomhard, Michael Emmer Joseph-Dollinger-Bogen 14 Aufsichtsratsvors.: A. Grundner-Culemann D-80807 Muenchen HRB: 136055 (AG Muenchen) Tel: +49 (0)89/32356-444 USt-IdNr.: DE813185279
Furio, I should say that I find the posts with explicit information extremely useful as well, along with the presentations we've had at meetings with similar content. My comments on the recent email should *not* be taken to suggest that I do not believe such content is suitable for the WG. I absolutely do thing it is suitable. I do not class the post to which I objected as that kind of material. I think your other comments are definitely food for thought. Thank you, Brian Co-Chair, RIPE AA-WG Brian Nisbet Service Operations Manager HEAnet CLG, Ireland's National Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin D01 X8N7, Ireland +35316609040 brian.nisbet@heanet.ie www.heanet.ie Registered in Ireland, No. 275301. CRA No. 20036270 ________________________________________ From: anti-abuse-wg <anti-abuse-wg-bounces@ripe.net> on behalf of furio ercolessi <furio+as@spin.it> Sent: Friday 17 April 2020 11:33 To: anti-abuse-wg Subject: Re: [anti-abuse-wg] Fw: Re: @EXT: RE: RIPE NCC Executive Board election CAUTION[External]: This email originated from outside of the organisation. Do not click on links or open the attachments unless you recognise the sender and know the content is safe. Good morning, as everybody is certainly aware, the antiabuse scenario has become rather complex, so possibly one of the weak points of this group may be its rather wide charter [https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.ripe.n...]. With specialized discussions on various other abuse-related topics happening on many different fora around, it is however natural to continue considering this as the central and reference forum for all aspects related with one single important issue: network assets in the RIPE NCC region (IPv4 ranges and ASNs) used in a *dedicated* way by criminals or abusers (that is, excluding abuse from customers of real ISPs about which nothing can be done here besides chatting). These groups are very hungry for "clean" ranges, "bulletproof" ranges, "new" ranges in a scenario where IPv4 costs are raising to the stars - with all this implies in terms, for instance, of corruption as we have seen in the recent AFRINIC case. So, I admit that I am here almost exclusively for informations and discussions about RIPE NCC resources in the hands of criminals, and in this sense I found the information supplied by Ron to be extremely valuable, even if this may not be the best place to have a discussion about it and even if his reference to the position in the list of candidates was probably an unfortunate oversight - but from previous discussions there was no doubt about the identity of the questionable candidate. I would be favorable to either a focusing of the group charter on RIPE NCC resources dedicated to abuse, or to a new workgroup specifically targeting this aspect -- even if the presence of abusers themselves and their facilitators in open groups would limit strongly what the group could achieve operationally. Regards Furio On Fri, Apr 17, 2020 at 11:30:17AM +0200, Javier Martín wrote:
Good morning to everybody.
Maybe I have not explained myself well.
My problem is not that they are children or adults, my problem is that there are hackers, and they do what they want, they even own ips in RIPE, and there is no way to do anything, that is the problem that affects us.
The question for me is if we are going to remain motionless or if we are going to act together to counter the situation. The good ones are tied hand and foot, and the bad ones have free field to disturb at ease.
Kind regards Javier
Javier Martín Departamento de Gestión | CentroRed tel: +34 952200958 [tel:+34 963162089] site: centrored.com email: javier.martin@digitalvalue.es [mailto:javier.martin@digitalvalue.es] dirección: Av. Ausias March 104, bajo - 46026 - Valencia Sobre 17/04/2020 11:21:21, Serge Droz via anti-abuse-wg <anti-abuse-wg@ripe.net> escribió: Hi Javier
Many times we have hackers perfectly located, many are kids with a lot of ability to annoy, but little to protect themselves (we often find them in forums)
If many hackers are kids, we don't have legal problem, but we fail as society. I think it's beyond the scope of the WG to address this problem. But I do feel, that states need to also take care of children that show talent in cyber matters. We do it for athletes, making sure these kids can spend their energy in sorting competition rather than some destructive behaviour. Cyber Criminals are good at spotting and fostering talent in foras. No on get's up in the morning and say, gosh today I become a cyber criminal.
Best Serge
-- Dr. Serge Droz Chair of the FIRST Board of Directors https://eur02.safelinks.protection.outlook.com/?url=https%3A%2F%2Fwww.first....
participants (8)
-
Brian Nisbet -
furio ercolessi -
Gert Doering -
Hank Nussbacher -
Javier Martín -
Serge Droz -
Suresh Ramasubramanian -
Vittorio Bertola