Folks, I think this particular spur of the conversation has hit a usefulness dead-end.
Let's bring it back to something more concrete and less ad hominem please. Brian Brian Nisbet, Network Operations Manager HEAnet Limited, Ireland's Education and Research Network 1st Floor, 5 George's Dock, IFSC, Dublin 1 Registered in Ireland, no 275301 tel: +35316609040 fax: +35316603666 web: http://www.heanet.ie/ On 11/08/2016 14:11, an...@ox.co.za wrote: > On Thu, 11 Aug 2016 05:15:50 -0700 > "Ronald F. Guilmette" <r...@tristatelogic.com> wrote: >> an...@ox.co.za wrote: >>> 1. When we find crime, child porn, credit card scams, etc on >>> networks, we should immediately report it to the Police in the >>> jurisdiction where the data is. >> >> The above is delusional on so many levels I'm not sure even where to >> begin. >> > Your ad hominem statement makes whatever you say less trustworthy, I do > the same, so does Suresh, so I guess I can hardly point fingers, I have > also called people delusional, mental, nuts or bofh - it helps to > break the sheep down and makes wolves angry that they type silly > things :) > > Of course, I am not delusional, I may be wrong, I may be mistaken, > mis-informed, > stupid or even ignorant but to tell me that I am delusional is obviously and > patently untrue... > > This already detracts from anything valid that you may (or may not) say > later on in your reply... > >> In the first place, who exactly is this royal "we"? >> > We as in us the people, I believe that we already discussed that, as in > we, the people on this mailing list :) > > including the Queen, actually including all Queens, even Freddy > if they are in reading distance of this list :) > >> In the second place, what exactly is the "jurisdiction where the data >> is" for 82.221.130.101? Is that Belize? Is that Iceland? Is that >> Russia? Do you know? Does RIPE NCC know? If you are claiming that >> you know, then please do enlighten us... or at least me... as to >> exactly HOW you know the actual jurisdiction is in this case. >> > Well it could be anywhere right now - but it will be somewhere at that > point in time when someone needs to apply for a search warrant. > >> Thirdly, weren't you the same fellow who was just arguing a few >> messages back that "crime" only exists in relation to a specific >> jurisdiction anyway? maybe the *real* jurisdiction of 82.221.130.101 >> is the Principality of Sealand, where there are no laws prohibiting >> the buying and selling of other people's credit card numbers. So >> what "should" we do then? >> > legally? - nothing. If the society and people of whatever sovereign > country wants to do whatever they want - this is their business and not > mine. (I am not an American, maybe if I become an American I will have > to start kicking butt and taking names all over the planet, I guess > you will have to train me then... :) in Africa we like to believe in > the goodness of humanity, to truly appreciate that people are generally > evil pathetic selfish shitty little creatures is not in our concept of > Ubuntu - in fact until of late some of these words did not even exist in our > local cultures ) > > If it is truly heinous we can lobby your congress to send a drone? > > I am of course joking, but legally - nothing - Internet wise, you are > working up a proposed policy document about how crime should be > handled? > > But, definitely, there is a big difference between abuse, actual crime > and crime intelligence ?or not? > > do you agree/disagree with that? (trying to have/add/find some value > in a devolved thread...) > >> Finally, did you miss it when I posted, just not very long ago, the >> following link to a BBC story that describes in some detail that >> police are overwehelmed and that they can't even keep up with this >> the great and growing masses of cybercrime anymore? >> >> http://www.bbc.com/news/uk-36731694 >> > But we are CIVIL society and more interestingly, we are cross > border, cross cultural and cross social > > The law enforcement problem in the UK is not an International one > and still, like you yourself said, we (me/I/You/Us :) ) don't have the > power of a state > > In another thread you are discovering how there are questions of legal > identity about RIPE that "we" are not sure of ourselves :) > > >>> We must not, discuss this on a public list before the Police has at >>> the very least, had the opportunity to first ensure that they have >>> secured the data/servers/evidence that may be required to prosecute. >> Gee! And here I was starting to think that you were in favor of free >> speech on the Internet! I guess not. Sorry. My mistake. (You >> apparently want to tell me what I "must not" say. That's not my >> definition of free speech.) >> > > if someone is actively selling credit card, identity theft child porn, > etc. in an ideal world, I would like to see those criminals properly > investigated, prosecuted and sentenced > > Free Speech is a right that has to be in balance with it's > responsibility. > > You cannot claim that hate speech - is free speech - so free speech has > limits - in terms of the other rights of other people > > For example - little children have the right not to be abused by > pedophiles - and publishing child pornography - IS NOT FREE SPEECH > > similarly - not giving criminals a "heads up" or null routing their > traffic and/or obstructing the functionality of law enforcement, laws > of countries and the rule of law - is not "free speech" > > >> Also, I refer you again to this: >> >> http://www.bbc.com/news/uk-36731694 >> >> and I remind you again that you are living in a fantasy world. >> Speaking from direct personal experience, it doesn't matter how many >> months of lead time you give law enforcement. They simply DO NOT put >> down their doughnuts and rush out to image servers until *after* >> reports of serious cybercrimes appear in the media. >> > it depends on the priorities, resources and many other factors. > > And, "reminding me that I live in a fantasy world" simply dilutes > credibility as obviously I live in the same sewer as the rest of us. > >> These days, the only times when they are actually pro-active and >> actually ahead of the curve is in terrorism-related cases. >> > I refer you to this article: > > http://www.bbc.com/news/uk-36731694 > > They say all of it - they do not say that they are all over terrorism... > > See, I can do that also :) > >>> 2. If, after a reasonable amount of time, we receive no feedback (as >>> in back off, we are investigating this - or we are busy prosecuting >>> or whatever) then we should do what? >> >> See above. For a long while I did exactly what you think should be >> done. I tried to always inform law enforcement early and often, about >> all of the really bad crap I found. And I gave them a fair >> opportunity to tell me to keep quiet, because they had an ongoing >> investigation. So far, no matter what I've reported to them, and no >> matter how bad it was, they haven't even given me a courtesy call > > yeah, I feel your pain. I may be in the same boat as you, I guess it > is because I called some of them a bunch of incompetent troglodytes that > could not even investigate someone breaking into a paper bag... they > tend to kinda delete my emails and information even before reading it... > > I do not really blame them, I can be a pain in the ass sometimes :) > just from reading you a bit, I think you may be in the same boat > >> back. In short, they are worse than useless. They are a waste of my >> time. They don't care what I do or say or find, and I no longer care >> what they do or say or think or find. On those rare occasions when >> they actually do bust some cybercriminal, I applaud them, but usually >> the arrest only comes years after the criminals have already been >> well-known to be doing their crimes. (And as I learned recently, in >> Russia, at least, when a criminal of any kind gets busted, the >> authorities don't even release their names. So as a non-LE person, >> you can't even be sure that the Russians aren't just making the whole >> thing up for publicity reasons, you know, to make Putin look good, >> like the _alleged_ arrest of "fifty" cybercriminals that is _alleged_ >> to have taken place in Russia earlier this year. What a nice round >> number to release to the media!) >> > doing pretty press releases is always a bonus for budgets :) > >>> ...but you cannot simply find a random domain, note content on it >>> that seems as if there may possibly be criminal activity and/or >>> abuse. >> >> I can't? Oh. Sorry. Too late! I already did. Sorry. I didn't >> know that rule until now. :-) >> > Okay, well, now you know :) > >>> I cannot publish anything about this website or this content on there >>> as their is simply no due process, no proof of actual illegal >>> activity, no actual trial, guilt, verdict, etc. >> >> That's quite alright, YOU don't have to. I already did. >> > Oh, thanks for that then, I did not notice > (btw sarcasm is the lowest form of wit - i'll betcha I am lower than > you :) ) > >> See, *I* don't have the power of a state. I can't send people to >> jail. I can only bad-mouth them in public and hope that other people >> realize what criminals they are, and then stop trading packets with >> them. >> > yes, *sigh* if only now we had that credibility thing going for us... > btw - do you still run your blacklists? - links? info? > >> Because the penalities that I personally can impose are so limited and >> weak, I don't have to make a case against any party "beyond a >> reasonable doubt". If I make a case aganst a party where the >> "preponderance of the evidence" (i.e. 51%) says that they are guilty, >> then people who read what I write, and agree with my analysis may >> stop accepting packets from the crooks I identify. That is a >> reasonable outcome. >> >>> We should start filtering/editing/censoring content deciding to >>> 'null-route' entire IP ranges because of our content decisions? >> >> I do it every day, at least for my own server. It's called "spam >> filtering". (I don't like spam.) >>> seriously? >> Oh yes, seriously. >> > everyone claims to hate spam - yet in many decades it is a persistent > problem, I wonder why... > > Oh, yes, it is a BALLS thing. > > Twitter.com does not accept abuse complaints - so what do we do? > oh, I know, I know - we continue accepting all emails from twitter.com > in case our users get upset - bwahahahaha > > Does twitter.com ever feel any pain? heck no. unimaginable thing that. > >>> We can also maybe build a huge wall around our networks? Maybe we >>> should not route any traffic that we have not properly inspected? >> >> Works for me! Sounds like a perfect description of my firewall. >> > ROFL, I was joking - but you can also just pull out the > fiber/cable/antenna/dish :) > > Andre > >> >> Regards, >> rfg >> > >
