Subject: Re: [anti-abuse-wg] Russian carding... no, Islandic carding... no Belizian carding! Fcc: outbox -------- andre@ox.co.za wrote:
1. When we find crime, child porn, credit card scams, etc on networks, we should immediately report it to the Police in the jurisdiction where the data is.
The above is delusional on so many levels I'm not sure even where to begin. In the first place, who exactly is this royal "we"? In the second place, what exactly is the "jurisdiction where the data is" for 82.221.130.101? Is that Belize? Is that Iceland? Is that Russia? Do you know? Does RIPE NCC know? If you are claiming that you know, then please do enlighten us... or at least me... as to exactly HOW you know the actual jurisdiction is in this case. Thirdly, weren't you the same fellow who was just arguing a few messages back that "crime" only exists in relation to a specific jurisdiction anyway? maybe the *real* jurisdiction of 82.221.130.101 is the Principality of Sealand, where there are no laws prohibiting the buying and selling of other people's credit card numbers. So what "should" we do then? Finally, did you miss it when I posted, just not very long ago, the following link to a BBC story that describes in some detail that police are overwehelmed and that they can't even keep up with this the great and growing masses of cybercrime anymore? http://www.bbc.com/news/uk-36731694
We must not, discuss this on a public list before the Police has at the very least, had the opportunity to first ensure that they have secured the data/servers/evidence that may be required to prosecute.
Gee! And here I was starting to think that you were in favor of free speech on the Internet! I guess not. Sorry. My mistake. (You apparently want to tell me what I "must not" say. That's not my definition of free speech.) Also, I refer you again to this: http://www.bbc.com/news/uk-36731694 and I remind you again that you are living in a fantasy world. Speaking from direct personal experience, it doesn't matter how many months of lead time you give law enforcement. They simply DO NOT put down their doughnuts and rush out to image servers until *after* reports of serious cybercrimes appear in the media. These days, the only times when they are actually pro-active and actually ahead of the curve is in terrorism-related cases.
2. If, after a reasonable amount of time, we receive no feedback (as in back off, we are investigating this - or we are busy prosecuting or whatever) then we should do what?
See above. For a long while I did exactly what you think should be done. I tried to always inform law enforcement early and often, about all of the really bad crap I found. And I gave them a fair opportunity to tell me to keep quiet, because they had an ongoing investigation. So far, no matter what I've reported to them, and no matter how bad it was, they haven't even given me a courtesy call back. In short, they are worse than useless. They are a waste of my time. They don't care what I do or say or find, and I no longer care what they do or say or think or find. On those rare occasions when they actually do bust some cybercriminal, I applaud them, but usually the arrest only comes years after the criminals have already been well-known to be doing their crimes. (And as I learned recently, in Russia, at least, when a criminal of any kind gets busted, the authorities don't even release their names. So as a non-LE person, you can't even be sure that the Russians aren't just making the whole thing up for publicity reasons, you know, to make Putin look good, like the _alleged_ arrest of "fifty" cybercriminals that is _alleged_ to have taken place in Russia earlier this year. What a nice round number to release to the media!)
...but you cannot simply find a random domain, note content on it that seems as if there may possibly be criminal activity and/or abuse.
I can't? Oh. Sorry. Too late! I already did. Sorry. I didn't know that rule until now. :-)
I cannot publish anything about this website or this content on there as their is simply no due process, no proof of actual illegal activity, no actual trial, guilt, verdict, etc.
That's quite alright, YOU don't have to. I already did. See, *I* don't have the power of a state. I can't send people to jail. I can only bad-mouth them in public and hope that other people realize what criminals they are, and then stop trading packets with them. Because the penalities that I personally can impose are so limited and weak, I don't have to make a case against any party "beyond a reasonable doubt". If I make a case aganst a party where the "preponderance of the evidence" (i.e. 51%) says that they are guilty, then people who read what I write, and agree with my analysis may stop accepting packets from the crooks I identify. That is a reasonable outcome.
We should start filtering/editing/censoring content deciding to 'null-route' entire IP ranges because of our content decisions?
I do it every day, at least for my own server. It's called "spam filtering". (I don't like spam.)
seriously?
Oh yes, seriously.
We can also maybe build a huge wall around our networks? Maybe we should not route any traffic that we have not properly inspected?
Works for me! Sounds like a perfect description of my firewall. Regards, rfg
On Thu, 11 Aug 2016 05:15:50 -0700 "Ronald F. Guilmette" <rfg@tristatelogic.com> wrote:
andre@ox.co.za wrote:
1. When we find crime, child porn, credit card scams, etc on networks, we should immediately report it to the Police in the jurisdiction where the data is.
The above is delusional on so many levels I'm not sure even where to begin.
Your ad hominem statement makes whatever you say less trustworthy, I do the same, so does Suresh, so I guess I can hardly point fingers, I have also called people delusional, mental, nuts or bofh - it helps to break the sheep down and makes wolves angry that they type silly things :) Of course, I am not delusional, I may be wrong, I may be mistaken, mis-informed, stupid or even ignorant but to tell me that I am delusional is obviously and patently untrue... This already detracts from anything valid that you may (or may not) say later on in your reply...
In the first place, who exactly is this royal "we"?
We as in us the people, I believe that we already discussed that, as in we, the people on this mailing list :) including the Queen, actually including all Queens, even Freddy if they are in reading distance of this list :)
In the second place, what exactly is the "jurisdiction where the data is" for 82.221.130.101? Is that Belize? Is that Iceland? Is that Russia? Do you know? Does RIPE NCC know? If you are claiming that you know, then please do enlighten us... or at least me... as to exactly HOW you know the actual jurisdiction is in this case.
Well it could be anywhere right now - but it will be somewhere at that point in time when someone needs to apply for a search warrant.
Thirdly, weren't you the same fellow who was just arguing a few messages back that "crime" only exists in relation to a specific jurisdiction anyway? maybe the *real* jurisdiction of 82.221.130.101 is the Principality of Sealand, where there are no laws prohibiting the buying and selling of other people's credit card numbers. So what "should" we do then?
legally? - nothing. If the society and people of whatever sovereign country wants to do whatever they want - this is their business and not mine. (I am not an American, maybe if I become an American I will have to start kicking butt and taking names all over the planet, I guess you will have to train me then... :) in Africa we like to believe in the goodness of humanity, to truly appreciate that people are generally evil pathetic selfish shitty little creatures is not in our concept of Ubuntu - in fact until of late some of these words did not even exist in our local cultures ) If it is truly heinous we can lobby your congress to send a drone? I am of course joking, but legally - nothing - Internet wise, you are working up a proposed policy document about how crime should be handled? But, definitely, there is a big difference between abuse, actual crime and crime intelligence ?or not? do you agree/disagree with that? (trying to have/add/find some value in a devolved thread...)
Finally, did you miss it when I posted, just not very long ago, the following link to a BBC story that describes in some detail that police are overwehelmed and that they can't even keep up with this the great and growing masses of cybercrime anymore?
But we are CIVIL society and more interestingly, we are cross border, cross cultural and cross social The law enforcement problem in the UK is not an International one and still, like you yourself said, we (me/I/You/Us :) ) don't have the power of a state In another thread you are discovering how there are questions of legal identity about RIPE that "we" are not sure of ourselves :)
We must not, discuss this on a public list before the Police has at the very least, had the opportunity to first ensure that they have secured the data/servers/evidence that may be required to prosecute. Gee! And here I was starting to think that you were in favor of free speech on the Internet! I guess not. Sorry. My mistake. (You apparently want to tell me what I "must not" say. That's not my definition of free speech.)
if someone is actively selling credit card, identity theft child porn, etc. in an ideal world, I would like to see those criminals properly investigated, prosecuted and sentenced Free Speech is a right that has to be in balance with it's responsibility. You cannot claim that hate speech - is free speech - so free speech has limits - in terms of the other rights of other people For example - little children have the right not to be abused by pedophiles - and publishing child pornography - IS NOT FREE SPEECH similarly - not giving criminals a "heads up" or null routing their traffic and/or obstructing the functionality of law enforcement, laws of countries and the rule of law - is not "free speech"
Also, I refer you again to this:
http://www.bbc.com/news/uk-36731694
and I remind you again that you are living in a fantasy world. Speaking from direct personal experience, it doesn't matter how many months of lead time you give law enforcement. They simply DO NOT put down their doughnuts and rush out to image servers until *after* reports of serious cybercrimes appear in the media.
it depends on the priorities, resources and many other factors. And, "reminding me that I live in a fantasy world" simply dilutes credibility as obviously I live in the same sewer as the rest of us.
These days, the only times when they are actually pro-active and actually ahead of the curve is in terrorism-related cases.
I refer you to this article: http://www.bbc.com/news/uk-36731694 They say all of it - they do not say that they are all over terrorism... See, I can do that also :)
2. If, after a reasonable amount of time, we receive no feedback (as in back off, we are investigating this - or we are busy prosecuting or whatever) then we should do what?
See above. For a long while I did exactly what you think should be done. I tried to always inform law enforcement early and often, about all of the really bad crap I found. And I gave them a fair opportunity to tell me to keep quiet, because they had an ongoing investigation. So far, no matter what I've reported to them, and no matter how bad it was, they haven't even given me a courtesy call
yeah, I feel your pain. I may be in the same boat as you, I guess it is because I called some of them a bunch of incompetent troglodytes that could not even investigate someone breaking into a paper bag... they tend to kinda delete my emails and information even before reading it... I do not really blame them, I can be a pain in the ass sometimes :) just from reading you a bit, I think you may be in the same boat
back. In short, they are worse than useless. They are a waste of my time. They don't care what I do or say or find, and I no longer care what they do or say or think or find. On those rare occasions when they actually do bust some cybercriminal, I applaud them, but usually the arrest only comes years after the criminals have already been well-known to be doing their crimes. (And as I learned recently, in Russia, at least, when a criminal of any kind gets busted, the authorities don't even release their names. So as a non-LE person, you can't even be sure that the Russians aren't just making the whole thing up for publicity reasons, you know, to make Putin look good, like the _alleged_ arrest of "fifty" cybercriminals that is _alleged_ to have taken place in Russia earlier this year. What a nice round number to release to the media!)
doing pretty press releases is always a bonus for budgets :)
...but you cannot simply find a random domain, note content on it that seems as if there may possibly be criminal activity and/or abuse.
I can't? Oh. Sorry. Too late! I already did. Sorry. I didn't know that rule until now. :-)
Okay, well, now you know :)
I cannot publish anything about this website or this content on there as their is simply no due process, no proof of actual illegal activity, no actual trial, guilt, verdict, etc.
That's quite alright, YOU don't have to. I already did.
Oh, thanks for that then, I did not notice (btw sarcasm is the lowest form of wit - i'll betcha I am lower than you :) )
See, *I* don't have the power of a state. I can't send people to jail. I can only bad-mouth them in public and hope that other people realize what criminals they are, and then stop trading packets with them.
yes, *sigh* if only now we had that credibility thing going for us... btw - do you still run your blacklists? - links? info?
Because the penalities that I personally can impose are so limited and weak, I don't have to make a case against any party "beyond a reasonable doubt". If I make a case aganst a party where the "preponderance of the evidence" (i.e. 51%) says that they are guilty, then people who read what I write, and agree with my analysis may stop accepting packets from the crooks I identify. That is a reasonable outcome.
We should start filtering/editing/censoring content deciding to 'null-route' entire IP ranges because of our content decisions?
I do it every day, at least for my own server. It's called "spam filtering". (I don't like spam.)
seriously? Oh yes, seriously.
everyone claims to hate spam - yet in many decades it is a persistent problem, I wonder why... Oh, yes, it is a BALLS thing. Twitter.com does not accept abuse complaints - so what do we do? oh, I know, I know - we continue accepting all emails from twitter.com in case our users get upset - bwahahahaha Does twitter.com ever feel any pain? heck no. unimaginable thing that.
We can also maybe build a huge wall around our networks? Maybe we should not route any traffic that we have not properly inspected?
Works for me! Sounds like a perfect description of my firewall.
ROFL, I was joking - but you can also just pull out the fiber/cable/antenna/dish :) Andre
Regards, rfg
Folks, I think this particular spur of the conversation has hit a usefulness dead-end. Let's bring it back to something more concrete and less ad hominem please. Brian Brian Nisbet, Network Operations Manager HEAnet Limited, Ireland's Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin 1 Registered in Ireland, no 275301 tel: +35316609040 fax: +35316603666 web: http://www.heanet.ie/ On 11/08/2016 14:11, andre@ox.co.za wrote:
On Thu, 11 Aug 2016 05:15:50 -0700 "Ronald F. Guilmette" <rfg@tristatelogic.com> wrote:
andre@ox.co.za wrote:
1. When we find crime, child porn, credit card scams, etc on networks, we should immediately report it to the Police in the jurisdiction where the data is.
The above is delusional on so many levels I'm not sure even where to begin.
Your ad hominem statement makes whatever you say less trustworthy, I do the same, so does Suresh, so I guess I can hardly point fingers, I have also called people delusional, mental, nuts or bofh - it helps to break the sheep down and makes wolves angry that they type silly things :)
Of course, I am not delusional, I may be wrong, I may be mistaken, mis-informed, stupid or even ignorant but to tell me that I am delusional is obviously and patently untrue...
This already detracts from anything valid that you may (or may not) say later on in your reply...
In the first place, who exactly is this royal "we"?
We as in us the people, I believe that we already discussed that, as in we, the people on this mailing list :)
including the Queen, actually including all Queens, even Freddy if they are in reading distance of this list :)
In the second place, what exactly is the "jurisdiction where the data is" for 82.221.130.101? Is that Belize? Is that Iceland? Is that Russia? Do you know? Does RIPE NCC know? If you are claiming that you know, then please do enlighten us... or at least me... as to exactly HOW you know the actual jurisdiction is in this case.
Well it could be anywhere right now - but it will be somewhere at that point in time when someone needs to apply for a search warrant.
Thirdly, weren't you the same fellow who was just arguing a few messages back that "crime" only exists in relation to a specific jurisdiction anyway? maybe the *real* jurisdiction of 82.221.130.101 is the Principality of Sealand, where there are no laws prohibiting the buying and selling of other people's credit card numbers. So what "should" we do then?
legally? - nothing. If the society and people of whatever sovereign country wants to do whatever they want - this is their business and not mine. (I am not an American, maybe if I become an American I will have to start kicking butt and taking names all over the planet, I guess you will have to train me then... :) in Africa we like to believe in the goodness of humanity, to truly appreciate that people are generally evil pathetic selfish shitty little creatures is not in our concept of Ubuntu - in fact until of late some of these words did not even exist in our local cultures )
If it is truly heinous we can lobby your congress to send a drone?
I am of course joking, but legally - nothing - Internet wise, you are working up a proposed policy document about how crime should be handled?
But, definitely, there is a big difference between abuse, actual crime and crime intelligence ?or not?
do you agree/disagree with that? (trying to have/add/find some value in a devolved thread...)
Finally, did you miss it when I posted, just not very long ago, the following link to a BBC story that describes in some detail that police are overwehelmed and that they can't even keep up with this the great and growing masses of cybercrime anymore?
But we are CIVIL society and more interestingly, we are cross border, cross cultural and cross social
The law enforcement problem in the UK is not an International one and still, like you yourself said, we (me/I/You/Us :) ) don't have the power of a state
In another thread you are discovering how there are questions of legal identity about RIPE that "we" are not sure of ourselves :)
We must not, discuss this on a public list before the Police has at the very least, had the opportunity to first ensure that they have secured the data/servers/evidence that may be required to prosecute. Gee! And here I was starting to think that you were in favor of free speech on the Internet! I guess not. Sorry. My mistake. (You apparently want to tell me what I "must not" say. That's not my definition of free speech.)
if someone is actively selling credit card, identity theft child porn, etc. in an ideal world, I would like to see those criminals properly investigated, prosecuted and sentenced
Free Speech is a right that has to be in balance with it's responsibility.
You cannot claim that hate speech - is free speech - so free speech has limits - in terms of the other rights of other people
For example - little children have the right not to be abused by pedophiles - and publishing child pornography - IS NOT FREE SPEECH
similarly - not giving criminals a "heads up" or null routing their traffic and/or obstructing the functionality of law enforcement, laws of countries and the rule of law - is not "free speech"
Also, I refer you again to this:
http://www.bbc.com/news/uk-36731694
and I remind you again that you are living in a fantasy world. Speaking from direct personal experience, it doesn't matter how many months of lead time you give law enforcement. They simply DO NOT put down their doughnuts and rush out to image servers until *after* reports of serious cybercrimes appear in the media.
it depends on the priorities, resources and many other factors.
And, "reminding me that I live in a fantasy world" simply dilutes credibility as obviously I live in the same sewer as the rest of us.
These days, the only times when they are actually pro-active and actually ahead of the curve is in terrorism-related cases.
I refer you to this article:
http://www.bbc.com/news/uk-36731694
They say all of it - they do not say that they are all over terrorism...
See, I can do that also :)
2. If, after a reasonable amount of time, we receive no feedback (as in back off, we are investigating this - or we are busy prosecuting or whatever) then we should do what?
See above. For a long while I did exactly what you think should be done. I tried to always inform law enforcement early and often, about all of the really bad crap I found. And I gave them a fair opportunity to tell me to keep quiet, because they had an ongoing investigation. So far, no matter what I've reported to them, and no matter how bad it was, they haven't even given me a courtesy call
yeah, I feel your pain. I may be in the same boat as you, I guess it is because I called some of them a bunch of incompetent troglodytes that could not even investigate someone breaking into a paper bag... they tend to kinda delete my emails and information even before reading it...
I do not really blame them, I can be a pain in the ass sometimes :) just from reading you a bit, I think you may be in the same boat
back. In short, they are worse than useless. They are a waste of my time. They don't care what I do or say or find, and I no longer care what they do or say or think or find. On those rare occasions when they actually do bust some cybercriminal, I applaud them, but usually the arrest only comes years after the criminals have already been well-known to be doing their crimes. (And as I learned recently, in Russia, at least, when a criminal of any kind gets busted, the authorities don't even release their names. So as a non-LE person, you can't even be sure that the Russians aren't just making the whole thing up for publicity reasons, you know, to make Putin look good, like the _alleged_ arrest of "fifty" cybercriminals that is _alleged_ to have taken place in Russia earlier this year. What a nice round number to release to the media!)
doing pretty press releases is always a bonus for budgets :)
...but you cannot simply find a random domain, note content on it that seems as if there may possibly be criminal activity and/or abuse.
I can't? Oh. Sorry. Too late! I already did. Sorry. I didn't know that rule until now. :-)
Okay, well, now you know :)
I cannot publish anything about this website or this content on there as their is simply no due process, no proof of actual illegal activity, no actual trial, guilt, verdict, etc.
That's quite alright, YOU don't have to. I already did.
Oh, thanks for that then, I did not notice (btw sarcasm is the lowest form of wit - i'll betcha I am lower than you :) )
See, *I* don't have the power of a state. I can't send people to jail. I can only bad-mouth them in public and hope that other people realize what criminals they are, and then stop trading packets with them.
yes, *sigh* if only now we had that credibility thing going for us... btw - do you still run your blacklists? - links? info?
Because the penalities that I personally can impose are so limited and weak, I don't have to make a case against any party "beyond a reasonable doubt". If I make a case aganst a party where the "preponderance of the evidence" (i.e. 51%) says that they are guilty, then people who read what I write, and agree with my analysis may stop accepting packets from the crooks I identify. That is a reasonable outcome.
We should start filtering/editing/censoring content deciding to 'null-route' entire IP ranges because of our content decisions?
I do it every day, at least for my own server. It's called "spam filtering". (I don't like spam.)
seriously? Oh yes, seriously.
everyone claims to hate spam - yet in many decades it is a persistent problem, I wonder why...
Oh, yes, it is a BALLS thing.
Twitter.com does not accept abuse complaints - so what do we do? oh, I know, I know - we continue accepting all emails from twitter.com in case our users get upset - bwahahahaha
Does twitter.com ever feel any pain? heck no. unimaginable thing that.
We can also maybe build a huge wall around our networks? Maybe we should not route any traffic that we have not properly inspected?
Works for me! Sounds like a perfect description of my firewall.
ROFL, I was joking - but you can also just pull out the fiber/cable/antenna/dish :)
Andre
Regards, rfg
On Thu, 11 Aug 2016 14:52:26 +0100 Brian Nisbet <brian.nisbet@heanet.ie> wrote:
Folks, I think this particular spur of the conversation has hit a usefulness dead-end. Let's bring it back to something more concrete and less ad hominem please. Brian
agreed, but there are valid abuse topics that we should actually talk about. When these are read with the 2009 efforts and other past threads, the ever shifting definition of abuse does beg discussion All the threads and replies spawned by Ron's initial post has raised serious and valid questions - and as Sascha has pointed out, the difference between resource definitions, allocation and assignment, as well as the processes regarding each (and how these affect and effect abuse, which has remained a constant, right?) But: The very definition of abuse - has it changed? If yes, what exactly constitutes abuse in 2016? - We may actually have to redefine the definition of abuse? Also, I am honestly not sure myself: Is all crime also abuse? is all abuse also crime? Does society demand and hold org's like RIPE to a higher standard? (Should they?) and does RIPE have a greater responsibility than we all assumed? before flaming me, please just think about that for a second. Realise that it may actually have changed, our perception of things has changed over the past ten years? - and, if I am wrong - help me out! :) If all crime is actually abuse - or if only certain crimes are abuse - is there any due process requirements, or is it up to our own network owners (or bosses) judgment(s) My current boss is very clear about what she considers abuse - Any traffic that is bad for our network or clients ingress or egress (and, by bad she also means that anything that we can become liable for or be sued for, etc.) But, abuse is now beyond that? It is also passive content - out there in the RIPE ip space? Bleh, sorry if I am on a tangent - maybe I need a beer...(or two) Andre
participants (3)
-
andre@ox.co.za -
Brian Nisbet -
Ronald F. Guilmette