Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
Kanak, NANOG moderators have requested this conversation go off list. Jeff On Tue, Nov 10, 2009 at 1:50 PM, noc acrino wrote: > Greetings! > > By the way, Jeffrey, by the 24th of October, when you posted the information > that the RBN is located in our networks we couldn't even know about any > malware redirectors on our clients resources - > http://www.stopbadware.org/reports/asn/44571. I'm trying to solve the Google > SB issue (still under investigation both by our team and the resource owner, > but NB - it's only 1 ip from 345 sites tested by Google ) but one little > question - how did you get to know about the malware abuse _before_ the > actual report on stopbadware.org or on google? What were your conclusions > based on? Why didn't you write to the abuse email the way it's traditionally > done in the network operators' sphere? > > Kanak > > Akrino Abuse Team > -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
Greetings! By the way, Jeffrey, by the 24th of October, when you posted the information that the RBN is located in our networks we couldn't even know about any malware redirectors on our clients resources - http://www.stopbadware.org/reports/asn/44571. I'm trying to solve the Google SB issue (still under investigation both by our team and the resource owner, but NB - it's only 1 ip from 345 sites tested by Google ) but one little question - how did you get to know about the malware abuse _before_ the actual report on stopbadware.org or on google? What were your conclusions based on? Why didn't you write to the abuse email the way it's traditionally done in the network operators' sphere? Kanak Akrino Abuse Team
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
Kanak, We're not a Staminus reseller. Please do your homework: http://webtrace.info/asn/32421 . I'm not going to hold court on whether or not you or your resellers are DDoSing competitor's customers, I was merely stating my opinion. The reader can draw their own conclusion. I think your network is blackhat, you say it's not. I say your entire network has minimal legitimate traffic and you say you have a diverse customer base. The way I see it right now: - You're an anonymous BVI company with no physical location - This Computerworld article is referring to Akrino: http://www.computerworld.com/s/article/9063418/Russian_hosting_network_running_a_protection_racket_researcher_says. I was consulted on this article before it went to print and i'll put my reputation on that. - All of the sites on Akrino around early 2008 were on NEAVE LIMITED until shutdown by uplink Eltel. They all came back up under Akrino uplink to Anders (AS39792). - 91.202.60.0/22 has one actual company with legitimate commercially necessary traffic (will provide a full report if you want to push the issue) yet is responsible for hundreds of malware infections over the past 6 months (see again, http://google.com/safebrowsing/diagnostic?site=AS:44571 ) -- The aforementioned company (solidtrustpay.com) was a Black Lotus customer and had received several days of multi-Gbps DDoS that subsided only once the customer agreed to use your network --- Post-DDoS the customer's server began receiving SSH connections from some former Soviet country (forget which offhand) trying to debug a reverse proxy (not sure if you/they realize that we filter your announcements). In the real world DDoS does not stop just hours before the gaining host goes to setup a proxy. - The attacks you claim to be filtering would not be possible unless your connection to AS39792 is 10GE or they're doing the filters for you. - The above has occurred at least three times with Akrino, zero times with better known, respected providers. - A handful of respected net ops have contacted me off list to confirm much of this data and provide additional evidence. Again, these are merely *opinions* and form the foundation of why I believe Akrino is a black hat network. Perhaps if you didn't have black hat resellers you wouldn't have this reputation? Maybe you should reconsider who you allow to resell your network? I don't know for certain but you need to clean up your network so you don't end up like Atrivo. Clean up now and everyone wins. Jeff On Sun, Nov 8, 2009 at 5:27 AM, noc acrino wrote: > 2009/11/6 Jeffrey Lyon >> >> The primary issue is that we receive a fair >> deal of customers who end up with wide scale DDoS attacks followed by >> an offer for "protection" to move to your network. In almost every >> case the attacks cease once the customer has agreed to pay this >> "protection" fee. Every one of these attacks was nearly identical in >> signature. > > By the way, Jeffrey, we can provide reports on HTTP-flood because our system > builds it's signatures on http traffic dumps like > > === IP: 88.246.76.65, last receiving time: 2009-10-25T23:07:37+03:00, many > identical requests (length 198): > GET / HTTP/1.1 > Accept: */* > Accept-language: en-us > User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) > Gecko/20061204 Firefox/2.0.0.1 > Host: [censored] > Connection: Keep-Alive > > So using this info we can map botnets, learn different attacks and in > collaboration with ISPs - find CCs of new botnets. And what are your > accusations of the identical signatures based on when simple Staminus > resellers (like you are) do not have access to their signatures database? > > Kanak > > Akrino Abuse Team > -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
2009/11/6 Jeffrey Lyon > The primary issue is that we receive a fair > deal of customers who end up with wide scale DDoS attacks followed by > an offer for "protection" to move to your network. In almost every > case the attacks cease once the customer has agreed to pay this > "protection" fee. Every one of these attacks was nearly identical in > signature. > By the way, Jeffrey, we can provide reports on HTTP-flood because our system builds it's signatures on http traffic dumps like === IP: 88.246.76.65, last receiving time: 2009-10-25T23:07:37+03:00, many identical requests (length 198): GET / HTTP/1.1 Accept: */* Accept-language: en-us User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; ru; rv:1.8.1.1) Gecko/20061204 Firefox/2.0.0.1 Host: [censored] Connection: Keep-Alive So using this info we can map botnets, learn different attacks and in collaboration with ISPs - find CCs of new botnets. And what are your accusations of the identical signatures based on when simple Staminus resellers (like you are) do not have access to their signatures database? Kanak Akrino Abuse Team
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
Hello, Jeffery and other NANOC members. Sorry for making another thread - I'm not too experienced in mailgroups. The problem is in structure of new generation advert or banner networks - they allow to return other subject traffic to the partner's URL. And this could also be used to redirect the traffic to different exploits (a simple way to compromise a banner network or hosting provider). This is extremely hard to monitor or to take preventive measures in case of a large banner or advert network. Unfortunately Google doesn't provide a detailed report on their check results: this could allow the resource's owner easily block their partners in that case. Anyway I'll contact the owner of this resource (91.202.63.96) now in order to perform a check of their partners. I suppose, just having a few domains would be enough. The other resource is situated on the public ip of our reseller - I'll ask him to check this domain, too. Thank you for that information, I'll report on that issue later. Kanak Akrino Support Team 2009/11/7 Jeffrey Lyon > Kanak, > > Can you please detail your plans to correct the malware issues on your > network? (reference: > http://google.com/safebrowsing/diagnostic?site=AS:44571 ). > > Best regards, Jeff > > > > [offlist communication snipped for privacy] > > > > > Kanak > > > > Akrino Abuse Team > > > > > > -- > Jeffrey Lyon, Leadership Team > jeffrey.l...@blacklotus.net | http://www.blacklotus.net > Black Lotus Communications of The IRC Company, Inc. > > Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - > 21 to find out how to "protect your booty." >
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
On 24 okt 2009, at 14:36, Suresh Ramasubramanian wrote: On Sat, Oct 24, 2009 at 2:48 PM, Marco Hogewoning wrote: On Oct 24, 2009, at 9:00 AM, Suresh Ramasubramanian wrote: \>> http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-accused-of-aiding-cybercrime-2165 With more on that: http://www.ripe.net/news/rbn.html I am glad this ugly situation has been resolved - and I do wish the resolution gets better coverage than this. It finally hit the press as well: http://www.pcworld.com/businesscenter/article/174651/uk_police_smooth_over_rift_with_internet_registry.html MarcoH
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
The decision to filter networks should remain with the collective network operators. Everyone, even criminals, has a "right" to distribute content but it's up to each operator to decide if that content will be allowed to transit their network. Personally, if an entire /22 does not have a single legitimate resource on it in the case of 91.202.60.0/22 *and* is widely suspected of being owned/operated by a criminal enterprise then filtering makes sense. Historically it takes a few pioneers to present a case for filtering specific networks before larger networks will begin to see the light. Jeff On Sat, Oct 24, 2009 at 9:59 AM, Daniel Karrenberg wrote: > On 24.10 03:05, Paul Bosworth wrote: >> I think the larger point is that ripe turned a blind eye to an >> internationally recognized criminal network. > > That may be a point but not a convincing one. > > Imagine the outcry on this list if ARIN were to deny some organisation > address space or ASNs just because they are "internationally recognised" > criminals. Wouldn't we demand a little more due process? > Especially since the alternatives are not as easy as walking to the > next fastfood joint. > > The RIPE NCC operates in a region where whole sovereign states call each > other criminals or worse on a daily basis. > > The only tenable position for each RIR is to strictly apply the > policies developed in its bottom-up self-regulatory process. Doing > anything else would require intervention via a proper legal process, > e.g. a *judge* with appropriate jurisdiction telling the RIR that > its actions are unlawful. > > Frustration is a bad advisor when trying to stop crime, unrelenting > application of due process is the only way ... frustrating as it may be. > > Daniel Karrenberg > Chief Scientist RIPE NCC > Speaking only for himself as is customary here. > > PS: This is old news, compare > http://www.h-online.com/security/news/item/Security-expert-calls-for-IP-address-ranges-of-criminal-providers-to-be-sent-direct-to-the-police-737905.html > > And see the press release that Marco pointed out. > > Daniel > > -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
On 24.10 03:05, Paul Bosworth wrote: > I think the larger point is that ripe turned a blind eye to an > internationally recognized criminal network. That may be a point but not a convincing one. Imagine the outcry on this list if ARIN were to deny some organisation address space or ASNs just because they are "internationally recognised" criminals. Wouldn't we demand a little more due process? Especially since the alternatives are not as easy as walking to the next fastfood joint. The RIPE NCC operates in a region where whole sovereign states call each other criminals or worse on a daily basis. The only tenable position for each RIR is to strictly apply the policies developed in its bottom-up self-regulatory process. Doing anything else would require intervention via a proper legal process, e.g. a *judge* with appropriate jurisdiction telling the RIR that its actions are unlawful. Frustration is a bad advisor when trying to stop crime, unrelenting application of due process is the only way ... frustrating as it may be. Daniel Karrenberg Chief Scientist RIPE NCC Speaking only for himself as is customary here. PS: This is old news, compare http://www.h-online.com/security/news/item/Security-expert-calls-for-IP-address-ranges-of-criminal-providers-to-be-sent-direct-to-the-police-737905.html And see the press release that Marco pointed out. Daniel
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
On Sat, Oct 24, 2009 at 2:48 PM, Marco Hogewoning wrote: > On Oct 24, 2009, at 9:00 AM, Suresh Ramasubramanian wrote: \>> http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-accused-of-aiding-cybercrime-2165 > > With more on that: > http://www.ripe.net/news/rbn.html I am glad this ugly situation has been resolved - and I do wish the resolution gets better coverage than this. suresh
Re: RE: Interesting Point of view - Russian police and RIPE accused of aiding RBN
We already filter this network but the move is largely symbolic. This needs to be done by eyeball networks, not just hosting networks. In filtering 91.202.60.0/22 we primarily keep our reverse proxies from serving up their "content" and keep them from offering proxies on our network. Its pretty rare that we will filter any network as a whole but in this case the need is pretty blatent. Jeff On Oct 24, 2009 4:25 AM, "Martin, Paul" wrote: So considering they're widely regarded as a criminal network hosting the more dodgy/dangerous stuff on the net, surely we could 'protect' our customers by blocking the 91.202.60.0/22 range? Consider that can of worms opened :o) Paul -Original Message- From: Jeffrey Lyon [mailto: jeffrey.l...@blacklotus.net] Sent: 24 Octobe... For more information about the Viatel Group, please visit www.viatel.com VTL (UK) Limited Registered in England and Wales Registered Address: Inbucon House, Wick Road, Egham, Surrey TW20 0HR Company Registration No: 04287100 VAT Registration Number: 781 4991 88 THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INTENDED RECIPIENT TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, you are notified that any dissemination, distribution or copying of this e-mail is prohibited, and you should delete this e-mail from your system. This message has been scanned for viruses and spam by Viatel MailControl - www.viatel.com
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
* a. harrowell: > It ought to be superfluous to point out that the only effective > action taken against RBN was by the Internet community in getting > all their upstreams to null route them. As is blindingly obvious, > SOCA would never have been granted a warrant by the Russians. Ugh, in reality, they needed a warrant from the Metropolitan Police (which could have been equally problematic).
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
On Oct 24, 2009, at 9:00 AM, Suresh Ramasubramanian wrote: http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-accused-of-aiding-cybercrime-2165 With more on that: http://www.ripe.net/news/rbn.html "Press coverage this week portrayed the RIPE NCC as being involved with the criminal network provider Russian Business Network (RBN). Any connection with criminal activity, or with RBN itself, is completely unfounded. The press coverage arose from a speech given by the Serious Organised Crime Agency (SOCA) in the UK. SOCA has since contacted the RIPE NCC with an apology. The RIPE NCC will continue to work with SOCA and other bodies to ensure criminal investigations can be carried out in an efficient manner within established laws and guidelines." MarcoH
RE: Interesting Point of view - Russian police and RIPE accused of aiding RBN
I'd like to apologise in advance for SOCA. Frankly, I am surprised that they are even aware of RIPE or its role in life. They have done so poorly since subsuming the old National Hi-Tech Crime Unit that the other police forces want NHTCU back. It ought to be superfluous to point out that the only effective action taken against RBN was by the Internet community in getting all their upstreams to null route them. As is blindingly obvious, SOCA would never have been granted a warrant by the Russians. Pathetic to take it out on RIPE. -original message- Subject: RE: Interesting Point of view - Russian police and RIPE accused of aiding RBN From: "Martin, Paul" Date: 24/10/2009 9:23 am So considering they're widely regarded as a criminal network hosting the more dodgy/dangerous stuff on the net, surely we could 'protect' our customers by blocking the 91.202.60.0/22 range? Consider that can of worms opened :o) Paul -Original Message- From: Jeffrey Lyon [mailto:jeffrey.l...@blacklotus.net] Sent: 24 October 2009 08:18 To: Suresh Ramasubramanian Cc: nanog@nanog.org Subject: Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN Since we're on the subject, here is where RBN went: inetnum: 91.202.60.0 - 91.202.63.255 netname: AKRINO-NET descr: Akrino Inc country: VG org: ORG-AI38-RIPE admin-c: IVM27-RIPE tech-c: IVM27-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-HM-PI-MNT mnt-by: MNT-AKRINO mnt-lower: RIPE-NCC-HM-PI-MNT mnt-routes: MNT-AKRINO mnt-domains: MNT-AKRINO source: RIPE # Filtered organisation:ORG-AI38-RIPE org-name:Akrino Inc org-type:OTHER address: Akrino Inc. address: P.O.Box 146 Trident Chambers address: Road Town, Tortola address: BVI e-mail: noc.akr...@gmail.com mnt-ref: MNT-AKRINO mnt-by: MNT-AKRINO source: RIPE # Filtered person: Igoren V Murzak address: Akrino Inc address: P.O.Box 146 Trident Chambers address: Road Town, Tortola address: BVI phone: +1 914 5952753 e-mail: noc.akr...@gmail.com nic-hdl: IVM27-RIPE mnt-by: MNT-AKRINO source: RIPE # Filtered % Information related to '91.202.60.0/22AS44571' route: 91.202.60.0/22 descr: AKRINO BLOCK origin: AS44571 mnt-by: MNT-AKRINO source: RIPE # Filtered On Sat, Oct 24, 2009 at 3:00 AM, Suresh Ramasubramanian wrote: > http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-a ccused-of-aiding-cybercrime-2165 > > Some quotes from the article - > > Internet registry RIPE NCC turned a blind eye to cybercrime, and Russian police > corruption helped the perpetrators get away with it, according to the UK > Serious Organised Crime Agency > > [...] > > "RIPE was being paid by RBN for that service, for its IP allocation," he said. > "Essentially what you have - and I make no apologies for saying this is - if > you were going to interpret this very harshly RIPE as the IP allocation body > was receiving criminal funds and therefore RIPE was involved in money > laundering offences," said Auld. > > [...] > > "All we could get there was a disruption, we weren't able to get a prosecution > in Russia," admitted Auld. "Our biggest concern is where did RBN go? Our > information suggests that RBN is back in business but now pursuing a slightly > different business model which is bad news." > > [...] > > "Where you have got LIRs (Local Internet Registries) set up to run a criminal > business- that is criminal actvity being taken by the regional internet > registries themselves. "So what we are trying to do is work with them to make > internet governance a somewhat less permissive environment for criminals and > make it more about protecting consumers and individuals," added Auld. > RBN looked legitimate, says RIPE NCC > > In response to the comments that it could be accused of being involved in > criminal activity, Paul Rendek, head of external relations and communications > at RIPE NCC said that the organisation has very strict guidelines for dealing > with LIRs. > > "The RBN was accepted as an LIR based on our checklists," he said." Our > checklists include the provision of proof that a prospective LIR has the > necessary legal documentation, which proves that a business is bona fide." > > etc > > -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to
RE: Interesting Point of view - Russian police and RIPE accused of aiding RBN
So considering they're widely regarded as a criminal network hosting the more dodgy/dangerous stuff on the net, surely we could 'protect' our customers by blocking the 91.202.60.0/22 range? Consider that can of worms opened :o) Paul -Original Message- From: Jeffrey Lyon [mailto:jeffrey.l...@blacklotus.net] Sent: 24 October 2009 08:18 To: Suresh Ramasubramanian Cc: nanog@nanog.org Subject: Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN Since we're on the subject, here is where RBN went: inetnum: 91.202.60.0 - 91.202.63.255 netname: AKRINO-NET descr: Akrino Inc country: VG org: ORG-AI38-RIPE admin-c: IVM27-RIPE tech-c: IVM27-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-HM-PI-MNT mnt-by: MNT-AKRINO mnt-lower: RIPE-NCC-HM-PI-MNT mnt-routes: MNT-AKRINO mnt-domains: MNT-AKRINO source: RIPE # Filtered organisation:ORG-AI38-RIPE org-name:Akrino Inc org-type:OTHER address: Akrino Inc. address: P.O.Box 146 Trident Chambers address: Road Town, Tortola address: BVI e-mail: noc.akr...@gmail.com mnt-ref: MNT-AKRINO mnt-by: MNT-AKRINO source: RIPE # Filtered person: Igoren V Murzak address: Akrino Inc address: P.O.Box 146 Trident Chambers address: Road Town, Tortola address: BVI phone: +1 914 5952753 e-mail: noc.akr...@gmail.com nic-hdl: IVM27-RIPE mnt-by: MNT-AKRINO source: RIPE # Filtered % Information related to '91.202.60.0/22AS44571' route: 91.202.60.0/22 descr: AKRINO BLOCK origin: AS44571 mnt-by: MNT-AKRINO source: RIPE # Filtered On Sat, Oct 24, 2009 at 3:00 AM, Suresh Ramasubramanian wrote: > http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-a ccused-of-aiding-cybercrime-2165 > > Some quotes from the article - > > Internet registry RIPE NCC turned a blind eye to cybercrime, and Russian police > corruption helped the perpetrators get away with it, according to the UK > Serious Organised Crime Agency > > [...] > > "RIPE was being paid by RBN for that service, for its IP allocation," he said. > "Essentially what you have - and I make no apologies for saying this is - if > you were going to interpret this very harshly RIPE as the IP allocation body > was receiving criminal funds and therefore RIPE was involved in money > laundering offences," said Auld. > > [...] > > "All we could get there was a disruption, we weren't able to get a prosecution > in Russia," admitted Auld. "Our biggest concern is where did RBN go? Our > information suggests that RBN is back in business but now pursuing a slightly > different business model which is bad news." > > [...] > > "Where you have got LIRs (Local Internet Registries) set up to run a criminal > business- that is criminal actvity being taken by the regional internet > registries themselves. "So what we are trying to do is work with them to make > internet governance a somewhat less permissive environment for criminals and > make it more about protecting consumers and individuals," added Auld. > RBN looked legitimate, says RIPE NCC > > In response to the comments that it could be accused of being involved in > criminal activity, Paul Rendek, head of external relations and communications > at RIPE NCC said that the organisation has very strict guidelines for dealing > with LIRs. > > "The RBN was accepted as an LIR based on our checklists," he said." Our > checklists include the provision of proof that a prospective LIR has the > necessary legal documentation, which proves that a business is bona fide." > > etc > > -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty." For more information about the Viatel Group, please visit www.viatel.com VTL (UK) Limited Registered in England and Wales Registered Address: Inbucon House, Wick Road, Egham, Surrey TW20 0HR Company Registration No: 04287100 VAT Registration Number: 781 4991 88 THIS MESSAGE IS INTENDED ONLY FOR THE USE OF THE INTENDED RECIPIENT TO WHICH IT IS ADDRESSED AND MAY CONTAIN INFORMATION THAT IS PRIVILEGED, CONFIDENTIAL AND EXEMPT FROM DISCLOSURE. If the reader of this message is not the intended recipient, or an employee or agent responsible for delivering the message to the intended recipient, you are notified that any dissemination, distribution or copying of this e-mail is prohibited, and you should delete this e-mail from your system. This message has been scanned for viruses and spam by Viatel MailControl - www.viatel.com
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
I think the larger point is that ripe turned a blind eye to an internationally recognized criminal network. On Oct 24, 2009 2:01 AM, "Suresh Ramasubramanian" wrote: http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-accused-of-aiding-cybercrime-2165 Some quotes from the article - Internet registry RIPE NCC turned a blind eye to cybercrime, and Russian police corruption helped the perpetrators get away with it, according to the UK Serious Organised Crime Agency [...] "RIPE was being paid by RBN for that service, for its IP allocation," he said. "Essentially what you have - and I make no apologies for saying this is - if you were going to interpret this very harshly RIPE as the IP allocation body was receiving criminal funds and therefore RIPE was involved in money laundering offences," said Auld. [...] "All we could get there was a disruption, we weren't able to get a prosecution in Russia," admitted Auld. "Our biggest concern is where did RBN go? Our information suggests that RBN is back in business but now pursuing a slightly different business model which is bad news." [...] "Where you have got LIRs (Local Internet Registries) set up to run a criminal business- that is criminal actvity being taken by the regional internet registries themselves. "So what we are trying to do is work with them to make internet governance a somewhat less permissive environment for criminals and make it more about protecting consumers and individuals," added Auld. RBN looked legitimate, says RIPE NCC In response to the comments that it could be accused of being involved in criminal activity, Paul Rendek, head of external relations and communications at RIPE NCC said that the organisation has very strict guidelines for dealing with LIRs. "The RBN was accepted as an LIR based on our checklists," he said." Our checklists include the provision of proof that a prospective LIR has the necessary legal documentation, which proves that a business is bona fide." etc
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
That's what I thought. I still see the author's point =)
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
Indeed. If they bought fries and a drink that's two counts. Jeff On Sat, Oct 24, 2009 at 3:20 AM, Benjamin Billon wrote: > Accusing RIPE of complicity is in my opinion abusive. So when a RBN member > buys a burger at MacDonald's, should we consider MacDo accepts money from > RBN while helping them to run their "business" as they feed the criminal > member? > > -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
Accusing RIPE of complicity is in my opinion abusive. So when a RBN member buys a burger at MacDonald's, should we consider MacDo accepts money from RBN while helping them to run their "business" as they feed the criminal member?
Re: Interesting Point of view - Russian police and RIPE accused of aiding RBN
Since we're on the subject, here is where RBN went: inetnum: 91.202.60.0 - 91.202.63.255 netname: AKRINO-NET descr: Akrino Inc country: VG org: ORG-AI38-RIPE admin-c: IVM27-RIPE tech-c: IVM27-RIPE status: ASSIGNED PI mnt-by: RIPE-NCC-HM-PI-MNT mnt-by: MNT-AKRINO mnt-lower: RIPE-NCC-HM-PI-MNT mnt-routes: MNT-AKRINO mnt-domains: MNT-AKRINO source: RIPE # Filtered organisation:ORG-AI38-RIPE org-name:Akrino Inc org-type:OTHER address: Akrino Inc. address: P.O.Box 146 Trident Chambers address: Road Town, Tortola address: BVI e-mail: noc.akr...@gmail.com mnt-ref: MNT-AKRINO mnt-by: MNT-AKRINO source: RIPE # Filtered person: Igoren V Murzak address: Akrino Inc address: P.O.Box 146 Trident Chambers address: Road Town, Tortola address: BVI phone: +1 914 5952753 e-mail: noc.akr...@gmail.com nic-hdl: IVM27-RIPE mnt-by: MNT-AKRINO source: RIPE # Filtered % Information related to '91.202.60.0/22AS44571' route: 91.202.60.0/22 descr: AKRINO BLOCK origin: AS44571 mnt-by: MNT-AKRINO source: RIPE # Filtered On Sat, Oct 24, 2009 at 3:00 AM, Suresh Ramasubramanian wrote: > http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-accused-of-aiding-cybercrime-2165 > > Some quotes from the article - > > Internet registry RIPE NCC turned a blind eye to cybercrime, and Russian > police > corruption helped the perpetrators get away with it, according to the UK > Serious Organised Crime Agency > > [...] > > "RIPE was being paid by RBN for that service, for its IP allocation," he said. > "Essentially what you have - and I make no apologies for saying this is - if > you were going to interpret this very harshly RIPE as the IP allocation body > was receiving criminal funds and therefore RIPE was involved in money > laundering offences," said Auld. > > [...] > > "All we could get there was a disruption, we weren't able to get a prosecution > in Russia," admitted Auld. "Our biggest concern is where did RBN go? Our > information suggests that RBN is back in business but now pursuing a slightly > different business model which is bad news." > > [...] > > "Where you have got LIRs (Local Internet Registries) set up to run a criminal > business- that is criminal actvity being taken by the regional internet > registries themselves. "So what we are trying to do is work with them to make > internet governance a somewhat less permissive environment for criminals and > make it more about protecting consumers and individuals," added Auld. > RBN looked legitimate, says RIPE NCC > > In response to the comments that it could be accused of being involved in > criminal activity, Paul Rendek, head of external relations and communications > at RIPE NCC said that the organisation has very strict guidelines for dealing > with LIRs. > > "The RBN was accepted as an LIR based on our checklists," he said." Our > checklists include the provision of proof that a prospective LIR has the > necessary legal documentation, which proves that a business is bona fide." > > etc > > -- Jeffrey Lyon, Leadership Team jeffrey.l...@blacklotus.net | http://www.blacklotus.net Black Lotus Communications of The IRC Company, Inc. Platinum sponsor of HostingCon 2010. Come to Austin, TX on July 19 - 21 to find out how to "protect your booty."
