[190837] in North American Network Operators' Group
RE: EVERYTHING about Booters (and CloudFlare)
daemon@ATHENA.MIT.EDU (Naslund, Steve)
Thu Jul 28 12:00:50 2016
X-Original-To: nanog@nanog.org
From: "Naslund, Steve" <SNaslund@medline.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Thu, 28 Jul 2016 16:00:45 +0000
In-Reply-To: <19876815d14b97428e9eb9fe1a2635fb.squirrel@mail.scarynet.org>
Errors-To: nanog-bounces@nanog.org
There are not international cyber crime laws because there is no internatio=
nal law enforcement agency with the reach to enforce them and because most =
countries like things like sovereignty. There is also an inherent conflict=
between private citizen hacking and state sponsored hacking and the line i=
s sometimes blurry. If a state sponsor is using a private DDoS network, wh=
at are the chances they are going to allow an investigation/arrest in that =
case? There are already enough laws on the books in most cases to handle t=
his stuff, there just isn't the law enforcement resources/interest to pursu=
e this. =20
Companies like CloudFare generally end up in one of two states given my exp=
erience since the first public Internet became available.
1. Various service providers get screwed with enough and eventually retali=
ate by messing with CloudFare's connectivity/peering/availability to the po=
int that CloudFare becomes an unviable platform for the nefarious services.=
This happened in the original spam wars with regularity. As soon as Clou=
dFare becomes inconvenient or too visible to law enforcement, they move on =
to the next provider and enough legit business is scared away that CloudFar=
e dies on the vine.
2. Eventually one of the nefarious services messes around with something l=
arge enough to create big law enforcement interest (a successful hit on a c=
ritical national resource) at which point they cut all the intergovernmenta=
l red tape and take out everyone including the hacker, the server farm, the=
hosting company, and anyone else involved. Remember that they don't neces=
sarily have to prove a criminal case to shut your business down. All they =
really have to do is get a judge to order a seizure of enough of your gear =
to shut you down for a period of time that sends all your other business ou=
t the door. Note that I don't support/not support that tactic but it's a f=
act that it works. Sure, you can try to defend yourself but how deep are y=
our legal pockets? The US Justice Department has shown time and again that=
they can wipe out large swaths of nefarious operators when they care enoug=
h to do so. They have also shown the ability to cross international border=
to do so. They put some serious dents in Pirate Bay and Anonymous. They =
don't kill them permanently but it doesn't matter to the guys sitting in pr=
ison for years.
Steven Naslund
Chicago IL
