Subject: Re: [anti-abuse-wg] Russian carding... no, Islandic carding... no
Belizian carding!
Fcc: outbox
--------
an...@ox.co.za wrote:
>1. When we find crime, child porn, credit card scams, etc on networks,
>we should immediately report it to the Police in the jurisdiction where
>the data is.
The above is delusional on so many levels I'm not sure even where to
begin.
In the first place, who exactly is this royal "we"?
In the second place, what exactly is the "jurisdiction where the data is"
for 82.221.130.101? Is that Belize? Is that Iceland? Is that Russia?
Do you know? Does RIPE NCC know? If you are claiming that you know,
then please do enlighten us... or at least me... as to exactly HOW you
know the actual jurisdiction is in this case.
Thirdly, weren't you the same fellow who was just arguing a few messages
back that "crime" only exists in relation to a specific jurisdiction
anyway? maybe the *real* jurisdiction of 82.221.130.101 is the
Principality of Sealand, where there are no laws prohibiting the buying
and selling of other people's credit card numbers. So what "should"
we do then?
Finally, did you miss it when I posted, just not very long ago, the
following link to a BBC story that describes in some detail that
police are overwehelmed and that they can't even keep up with this
the great and growing masses of cybercrime anymore?
http://www.bbc.com/news/uk-36731694
>We must not, discuss this on a public list before the Police has at
>the very least, had the opportunity to first ensure that they have
>secured the data/servers/evidence that may be required to prosecute.
Gee! And here I was starting to think that you were in favor of free
speech on the Internet! I guess not. Sorry. My mistake. (You
apparently want to tell me what I "must not" say. That's not my
definition of free speech.)
Also, I refer you again to this:
http://www.bbc.com/news/uk-36731694
and I remind you again that you are living in a fantasy world. Speaking
from direct personal experience, it doesn't matter how many months of
lead time you give law enforcement. They simply DO NOT put down their
doughnuts and rush out to image servers until *after* reports of serious
cybercrimes appear in the media.
These days, the only times when they are actually pro-active and actually
ahead of the curve is in terrorism-related cases.
>2. If, after a reasonable amount of time, we receive no feedback (as in
>back off, we are investigating this - or we are busy prosecuting or
>whatever) then we should do what?
See above. For a long while I did exactly what you think should be done.
I tried to always inform law enforcement early and often, about all of
the really bad crap I found. And I gave them a fair opportunity to tell
me to keep quiet, because they had an ongoing investigation. So far,
no matter what I've reported to them, and no matter how bad it was,
they haven't even given me a courtesy call back. In short, they are
worse than useless. They are a waste of my time. They don't care
what I do or say or find, and I no longer care what they do or say
or think or find. On those rare occasions when they actually do bust
some cybercriminal, I applaud them, but usually the arrest only comes
years after the criminals have already been well-known to be doing
their crimes. (And as I learned recently, in Russia, at least, when
a criminal of any kind gets busted, the authorities don't even release
their names. So as a non-LE person, you can't even be sure that the
Russians aren't just making the whole thing up for publicity reasons,
you know, to make Putin look good, like the _alleged_ arrest of
"fifty" cybercriminals that is _alleged_ to have taken place in Russia
earlier this year. What a nice round number to release to the media!)
>...but you cannot simply find a random domain, note content on it that seems
>as if there may possibly be criminal activity and/or abuse.
I can't? Oh. Sorry. Too late! I already did. Sorry. I didn't
know that rule until now. :-)
>I cannot publish anything about this website or this content on there
>as their is simply no due process, no proof of actual illegal activity,
>no actual trial, guilt, verdict, etc.
That's quite alright, YOU don't have to. I already did.
See, *I* don't have the power of a state. I can't send people to jail.
I can only bad-mouth them in public and hope that other people realize
what criminals they are, and then stop trading packets with them.
Because the penalities that I personally can impose are so limited and
weak, I don't have to make a case against any party "beyond a reasonable
doubt". If I make a case aganst a party where the "preponderance of the
evidence" (i.e. 51%) says that they are guilty, then people who read what
I write, and agree with my analysis may stop accepting packets from the
crooks I identify. That is a reasonable outcome.
>We should start filtering/editing/censoring content deciding to
>'null-route' entire IP ranges because of our content decisions?
I do it every day, at least for my own server. It's called "spam
filtering". (I don't like spam.)
>seriously?
Oh yes, seriously.
>We can also maybe build a huge wall around our networks? Maybe we
>should not route any traffic that we have not properly inspected?
Works for me! Sounds like a perfect description of my firewall.
Regards,
rfg
