RE: EVERYTHING about Booters (and CloudFlare)

["Naslund, Steve" <SNaslund () medline com>]

There are not international cyber crime laws because there is no international law enforcement agency with the reach to 
enforce them and because most countries like things like sovereignty.  There is also an inherent conflict between 
private citizen hacking and state sponsored hacking and the line is sometimes blurry.  If a state sponsor is using a 
private DDoS network, what are the chances they are going to allow an investigation/arrest in that case?  There are 
already enough laws on the books in most cases to handle this stuff, there just isn't the law enforcement 
resources/interest to pursue this.  

Companies like CloudFare generally end up in one of two states given my experience since the first public Internet 
became available.

1.  Various service providers get screwed with enough and eventually retaliate by messing with CloudFare's 
connectivity/peering/availability to the point that CloudFare becomes an unviable platform for the nefarious services.  
This happened in the original spam wars with regularity.  As soon as CloudFare becomes inconvenient or too visible to 
law enforcement, they move on to the next provider and enough legit business is scared away that CloudFare dies on the 
vine.

2.  Eventually one of the nefarious services messes around with something large enough to create big law enforcement 
interest (a successful hit on a critical national resource) at which point they cut all the intergovernmental red tape 
and take out everyone including the hacker, the server farm, the hosting company, and anyone else involved.  Remember 
that they don't necessarily have to prove a criminal case to shut your business down.  All they really have to do is 
get a judge to order a seizure of enough of your gear to shut you down for a period of time that sends all your other 
business out the door.  Note that I don't support/not support that tactic but it's a fact that it works.  Sure, you can 
try to defend yourself but how deep are your legal pockets?  The US Justice Department has shown time and again that 
they can wipe out large swaths of nefarious operators when they care enough to do so.  They have also shown the ability 
to cross international border to do so.  They put some serious dents in Pirate Bay and Anonymous.  They don't kill them 
permanently but it doesn't matter to the guys sitting in prison for years.

Steven Naslund
Chicago IL