[130626] in North American Network Operators' Group
Re: New hijacking - Done via via good old-fashioned Identity Theft
daemon@ATHENA.MIT.EDU (Heath Jones)
Wed Oct 6 18:24:09 2010
In-Reply-To: <35125.1286402505@tristatelogic.com>
Date: Wed, 6 Oct 2010 23:23:46 +0100
From: Heath Jones <hj1980@gmail.com>
To: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
>>1) Is spamming from within the US criminal activity?
>
> Sadly, it appears not.
>
> In many cases it is however actionable. =A0(And in other cases involving
> actual criminal activity, e.g. as prohibited by 18 USC 1030, `Fraud and
> related activity in connection with computers', it may, I think, be
> considered as an aggravating factor in determining punishments.)
Wouldn't it have to be illegal before punishments could be determined?
Isn't this kind of key to the whole issue of fighting spam?? (Is there
even a point if you cant nail them for it?)
>>What constitutes spam in that case?
>
> Are you asking what I think? =A0Or what the majority of netizens think?
> Or are you asking what U.S. courts think?
>
> Those are three different answers.
With regards to US court.
>>2) If you could justify the incoming spam as a DOS, is that criminal
>>activity? Could you justify it as a DOS?
>
> Yes. =A0No.
Ok.
>>3) Is providing ARIN with bogus information just to get around their
>>processes criminal activity?
>
> In this case, nobody provided ARIN with *any* bogus information, ever.
> (So your question is utterly irrelevant to this particular case.)
Not at all irrelevant, I'm talking generically here (not specific to
this case). Trying to cover all bases.
>>4) Is obtaining disused IP space / AS allocations from assigned
>>entity, and not updating ARIN criminal activity?
>
> In this particular case, nobody appears to have ``obtained'' IP space
> from the various High Schools, Middle Schools, and Elementary schools
> involved, other than via deceit, trickery, and fraud. =A0Were the various
> schools involved here ripped off? =A0I would say yes. =A0Does the fraud i=
n
> this case rise to the level of being either criminal or actionable?
> I am not a lawyer, but my guess is that the answer is probably yes to
> both... *IF* anybody cared enough to persue it. =A0I base that opinion
> stictly and only on the definition of the English language word `fraud'
> as given at www.merriam-webster.com.
>
> As regards to updating ARIN, or the lack thereof, the _absence_ of such
> ``updating'', in this case... i.e. the absence of any notice to ARIN
> that these blocks were being glomed onto... is part of the overall
> pattern of fraud in this case which, as I have said, I believe to be
> potentially both criminal and actionable... if anybody cared enough to
> persue it.
>
> But that's just my opinion, and I am not a lawyer.
Perhaps there is a method of class action, as opposed to individual
companies trying to sue?
>>5) Is advertising Prefixes or AS number assigned to another entity
>>criminal activity?
>
> If it constitutes criminal fraud which deprives some party of some proper=
ty,
> or some right, or the full enjoyment of some property or some right, to w=
hich
> they are otherwise entitled, under law, then yes, although I am not a
> lawyer, my limited understanding of the law in these United States indica=
tes
> to me that yes, most probably such activity may well be considered crimin=
al,
> in at least some circumstances, perhaps including the ones being discusse=
d
> in this thread.
Well that might possibly be a start of a legal avenue..?
>>6) If any of the above could be classed as criminal activity, are
>>Reliance Globalcom (in this case) legally obligated to cut them off?,
>
> The answer to that depends, I think, upon whether they are _knowing_
> participants in the fraud. =A0If they merely got duped... which is indeed
> what is suggested by that fact that somebody paid $4,000 to get a specifi=
c
> domain name so that they could then dupe _somebody_ (where that somebody
> who was to be duped, in this case was clearly _not_ ARIN)... then in
> that case, Reliance Globalcom is just another one of the victims, and not
> one of the perpetrators.
>
> Hypothetically, if, once they have been duly informed that this particula=
r
> fraud is ongoing, they do nothing, and continue announcing the routes eve=
n
> after allowing them a reasonable amount of time to properly investigate w=
hat
> is going on here, then at that point I think that yes, then they might in
> fact be criminally liable, civilly liable, or both.
Might be worth pointing that out to them? Most companies don't like risk..
>>or just help by switching on a packet capture
>
> What would be the point of that??
>
> I can already tell you what the blocks in question are most probably bein=
g
> used for, and have done so already, I think.
I was referring to new legislation coming into effect that gives the
FBI? the power to say 'flick the switch on now' and they then can log
traffic..
All in all, it just seems pretty pointless trying to fight spam if the
law isnt backing you. Filtering yes, fighting no.. Perhaps the law is
what needs to be worked on? (As a general comment to all)
Cheers
Heath
