Re: New hijacking - Done via via good old-fashioned Identity Theft

[Sven Olaf Kamphuis <sven () cb3rob net>]

-
Exactly when and where did RIR whois databases gain any legal status as
an authoritive source of information, rather than just an internal tool
for network operators? (as far as i see, the rirs are legally nothing more 
than a collective of network operators, not an authority in any way).

-
Exactly when and where did RIR whois entries, or rather the lack thereof
prohibit any other use of those ranges (as in: blatantly announcing them, 
not having a registered AS number or someone elses AS number).

-
Exactly since when and where did IP addresses become property?
(Ok, there are some court verdicts identifying them as "personal details" 
(although they identify a node on a network, not a person ;)

-
If they are indeed personal details, they are not allowed to be in public 
whois in the first place without the consent of the end-end-end user
(privacy laws)


And furthermore, if you want to stop spam on that shitty old SMTP 
protocol, i suggest you stop wasting time on blacklisting ips,

and start working on a standard to issue all your "buddies" with a unique 
password so your mailserver accepts their mail and nobody elses.

EVERY MODERN PROTOCOL (skype, msn) does it -that- way, and -that- works.

for which it is required that:
1: a standard header is created thats discared on forwards
"Password: "

2: mailinglists, online shops, etc, anyone who does not have your 
businesscard with a unique password on it, add a field for this.

(keep in mind, each sender gets a unique password from the receiver, this 
can be stored in the address book along with the email address itself).


-

<FLAME>


You "Spam fighters" have effectively KILLED smtp by:
- blacklists
- your anti open relay crap
- motivating eyeball isps to block port 25
- graylisting makes it so damn slow nobody wants to use it anymore anyway

all of this has resulted in:

SMTP no longer being used on the actual workstations
Therefore not operating in a p2p and real-time fashion

and did you manage to stop spam? -> NO, you just managed to make it 
completely un workable and unreliable.

did you manage to make people choose other protocols such as Skype and 
MSN: yes! (if email was still used in a p2p fashion people would not 
-need- instant messengers in the first place, as their wintendo computer 
would just talk smtp and store directly to the inbox)

Imap, pop2, pop3 and all that other crap could have been skipped.

</FLAME>

--
Greetings,

Sven Olaf Kamphuis,
CB3ROB Ltd. & Co. KG
=========================================================================
Address: Koloniestrasse 34         VAT Tax ID:      DE267268209
         D-13359                   Registration:    HRA 42834 B
         BERLIN                    Phone:           +31/(0)87-8747479
         Germany                   GSM:             +49/(0)152-26410799
RIPE:    CBSK1-RIPE                e-Mail:          sven () cb3rob net
=========================================================================
<penpen> C3P0, der elektrische Westerwelle

=========================================================================

Confidential: Please be advised that the information contained in this
email message, including all attached documents or files, is privileged
and confidential and is intended only for the use of the individual or
individuals addressed. Any other use, dissemination, distribution or
copying of this communication is strictly prohibited.




On Wed, 6 Oct 2010, Ronald F. Guilmette wrote:

> In message <AANLkTi=rH=kXm6ksK1gkyfu=nh4oazW=c+66Meo5HL+H () mail gmail com>,
> Heath Jones <hj1980 () gmail com> wrote:
>
> > > Certainly, fine folks at Reliance Globalcom Services, Inc. could tell
> > > us who is paying them to connect these hijacked blocks to their network,
> > > but I rather doubt that they are actually going to come clean and do
> > > that.
> >
> > Ron, I haven't been following this anti-spam stuff much since it went
> > political with ARIN but I do have a few quick questions (relating to
> > US law and spam).
> >
> > 1) Is spamming from within the US criminal activity?
>
> Sadly, it appears not.
>
> In many cases it is however actionable.  (And in other cases involving
> actual criminal activity, e.g. as prohibited by 18 USC 1030, `Fraud and
> related activity in connection with computers', it may, I think, be
> considered as an aggravating factor in determining punishments.)
>
> > What constitutes spam in that case?
>
> Are you asking what I think?  Or what the majority of netizens think?
> Or are you asking what U.S. courts think?
>
> Those are three different answers.
>
> > 2) If you could justify the incoming spam as a DOS, is that criminal
> > activity? Could you justify it as a DOS?
>
> Yes.  No.
>
> > 3) Is providing ARIN with bogus information just to get around their
> > processes criminal activity?
>
> In this case, nobody provided ARIN with *any* bogus information, ever.
> (So your question is utterly irrelevant to this particular case.)
>
> > 4) Is obtaining disused IP space / AS allocations from assigned
> > entity, and not updating ARIN criminal activity?
>
> In this particular case, nobody appears to have ``obtained'' IP space
> from the various High Schools, Middle Schools, and Elementary schools
> involved, other than via deceit, trickery, and fraud.  Were the various
> schools involved here ripped off?  I would say yes.  Does the fraud in
> this case rise to the level of being either criminal or actionable?
> I am not a lawyer, but my guess is that the answer is probably yes to
> both... *IF* anybody cared enough to persue it.  I base that opinion
> stictly and only on the definition of the English language word `fraud'
> as given at www.merriam-webster.com.
>
> As regards to updating ARIN, or the lack thereof, the _absence_ of such
> ``updating'', in this case... i.e. the absence of any notice to ARIN
> that these blocks were being glomed onto... is part of the overall
> pattern of fraud in this case which, as I have said, I believe to be
> potentially both criminal and actionable... if anybody cared enough to
> persue it.
>
> But that's just my opinion, and I am not a lawyer.
>
> > 5) Is advertising Prefixes or AS number assigned to another entity
> > criminal activity?
>
> If it constitutes criminal fraud which deprives some party of some property,
> or some right, or the full enjoyment of some property or some right, to which
> they are otherwise entitled, under law, then yes, although I am not a
> lawyer, my limited understanding of the law in these United States indicates
> to me that yes, most probably such activity may well be considered criminal,
> in at least some circumstances, perhaps including the ones being discussed
> in this thread.
>
> > 6) If any of the above could be classed as criminal activity, are
> > Reliance Globalcom (in this case) legally obligated to cut them off?,
>
> The answer to that depends, I think, upon whether they are _knowing_
> participants in the fraud.  If they merely got duped... which is indeed
> what is suggested by that fact that somebody paid $4,000 to get a specific
> domain name so that they could then dupe _somebody_ (where that somebody
> who was to be duped, in this case was clearly _not_ ARIN)... then in
> that case, Reliance Globalcom is just another one of the victims, and not
> one of the perpetrators.
>
> Hypothetically, if, once they have been duly informed that this particular
> fraud is ongoing, they do nothing, and continue announcing the routes even
> after allowing them a reasonable amount of time to properly investigate what
> is going on here, then at that point I think that yes, then they might in
> fact be criminally liable, civilly liable, or both.
>
> > or just help by switching on a packet capture
>
> What would be the point of that??
>
> I can already tell you what the blocks in question are most probably being
> used for, and have done so already, I think.
>
>
> Regards,
> rfg