New hijacking - Done via via good old-fashioned Identity Theft

Heath Jones hj1980 at gmail.com
Wed Oct 6 22:23:46 UTC 2010


>>1) Is spamming from within the US criminal activity?
>
> Sadly, it appears not.
>
> In many cases it is however actionable.  (And in other cases involving
> actual criminal activity, e.g. as prohibited by 18 USC 1030, `Fraud and
> related activity in connection with computers', it may, I think, be
> considered as an aggravating factor in determining punishments.)

Wouldn't it have to be illegal before punishments could be determined?
Isn't this kind of key to the whole issue of fighting spam?? (Is there
even a point if you cant nail them for it?)


>>What constitutes spam in that case?
>
> Are you asking what I think?  Or what the majority of netizens think?
> Or are you asking what U.S. courts think?
>
> Those are three different answers.

With regards to US court.


>>2) If you could justify the incoming spam as a DOS, is that criminal
>>activity? Could you justify it as a DOS?
>
> Yes.  No.

Ok.


>>3) Is providing ARIN with bogus information just to get around their
>>processes criminal activity?
>
> In this case, nobody provided ARIN with *any* bogus information, ever.
> (So your question is utterly irrelevant to this particular case.)

Not at all irrelevant, I'm talking generically here (not specific to
this case). Trying to cover all bases.


>>4) Is obtaining disused IP space / AS allocations from assigned
>>entity, and not updating ARIN criminal activity?
>
> In this particular case, nobody appears to have ``obtained'' IP space
> from the various High Schools, Middle Schools, and Elementary schools
> involved, other than via deceit, trickery, and fraud.  Were the various
> schools involved here ripped off?  I would say yes.  Does the fraud in
> this case rise to the level of being either criminal or actionable?
> I am not a lawyer, but my guess is that the answer is probably yes to
> both... *IF* anybody cared enough to persue it.  I base that opinion
> stictly and only on the definition of the English language word `fraud'
> as given at www.merriam-webster.com.
>
> As regards to updating ARIN, or the lack thereof, the _absence_ of such
> ``updating'', in this case... i.e. the absence of any notice to ARIN
> that these blocks were being glomed onto... is part of the overall
> pattern of fraud in this case which, as I have said, I believe to be
> potentially both criminal and actionable... if anybody cared enough to
> persue it.
>
> But that's just my opinion, and I am not a lawyer.

Perhaps there is a method of class action, as opposed to individual
companies trying to sue?


>>5) Is advertising Prefixes or AS number assigned to another entity
>>criminal activity?
>
> If it constitutes criminal fraud which deprives some party of some property,
> or some right, or the full enjoyment of some property or some right, to which
> they are otherwise entitled, under law, then yes, although I am not a
> lawyer, my limited understanding of the law in these United States indicates
> to me that yes, most probably such activity may well be considered criminal,
> in at least some circumstances, perhaps including the ones being discussed
> in this thread.

Well that might possibly be a start of a legal avenue..?


>>6) If any of the above could be classed as criminal activity, are
>>Reliance Globalcom (in this case) legally obligated to cut them off?,
>
> The answer to that depends, I think, upon whether they are _knowing_
> participants in the fraud.  If they merely got duped... which is indeed
> what is suggested by that fact that somebody paid $4,000 to get a specific
> domain name so that they could then dupe _somebody_ (where that somebody
> who was to be duped, in this case was clearly _not_ ARIN)... then in
> that case, Reliance Globalcom is just another one of the victims, and not
> one of the perpetrators.
>
> Hypothetically, if, once they have been duly informed that this particular
> fraud is ongoing, they do nothing, and continue announcing the routes even
> after allowing them a reasonable amount of time to properly investigate what
> is going on here, then at that point I think that yes, then they might in
> fact be criminally liable, civilly liable, or both.

Might be worth pointing that out to them? Most companies don't like risk..


>>or just help by switching on a packet capture
>
> What would be the point of that??
>
> I can already tell you what the blocks in question are most probably being
> used for, and have done so already, I think.

I was referring to new legislation coming into effect that gives the
FBI? the power to say 'flick the switch on now' and they then can log
traffic..

All in all, it just seems pretty pointless trying to fight spam if the
law isnt backing you. Filtering yes, fighting no.. Perhaps the law is
what needs to be worked on? (As a general comment to all)


Cheers
Heath




More information about the NANOG mailing list