New hijacking - Done via via good old-fashioned Identity Theft

Ronald F. Guilmette rfg at
Wed Oct 6 17:01:45 CDT 2010

In message <AANLkTi=rH=kXm6ksK1gkyfu=nh4oazW=c+66Meo5HL+H at>, 
Heath Jones <hj1980 at> wrote:

>> Certainly, fine folks at Reliance Globalcom Services, Inc. could tell
>> us who is paying them to connect these hijacked blocks to their network,
>> but I rather doubt that they are actually going to come clean and do
>> that.
>Ron, I haven't been following this anti-spam stuff much since it went
>political with ARIN but I do have a few quick questions (relating to
>US law and spam).
>1) Is spamming from within the US criminal activity?

Sadly, it appears not.

In many cases it is however actionable.  (And in other cases involving
actual criminal activity, e.g. as prohibited by 18 USC 1030, `Fraud and
related activity in connection with computers', it may, I think, be
considered as an aggravating factor in determining punishments.)

>What constitutes spam in that case?

Are you asking what I think?  Or what the majority of netizens think?
Or are you asking what U.S. courts think?

Those are three different answers.

>2) If you could justify the incoming spam as a DOS, is that criminal
>activity? Could you justify it as a DOS?

Yes.  No.

>3) Is providing ARIN with bogus information just to get around their
>processes criminal activity?

In this case, nobody provided ARIN with *any* bogus information, ever.
(So your question is utterly irrelevant to this particular case.)

>4) Is obtaining disused IP space / AS allocations from assigned
>entity, and not updating ARIN criminal activity?

In this particular case, nobody appears to have ``obtained'' IP space
from the various High Schools, Middle Schools, and Elementary schools
involved, other than via deceit, trickery, and fraud.  Were the various
schools involved here ripped off?  I would say yes.  Does the fraud in
this case rise to the level of being either criminal or actionable?
I am not a lawyer, but my guess is that the answer is probably yes to
both... *IF* anybody cared enough to persue it.  I base that opinion
stictly and only on the definition of the English language word `fraud'
as given at

As regards to updating ARIN, or the lack thereof, the _absence_ of such
``updating'', in this case... i.e. the absence of any notice to ARIN
that these blocks were being glomed onto... is part of the overall
pattern of fraud in this case which, as I have said, I believe to be
potentially both criminal and actionable... if anybody cared enough to
persue it.

But that's just my opinion, and I am not a lawyer.

>5) Is advertising Prefixes or AS number assigned to another entity
>criminal activity?

If it constitutes criminal fraud which deprives some party of some property,
or some right, or the full enjoyment of some property or some right, to which
they are otherwise entitled, under law, then yes, although I am not a
lawyer, my limited understanding of the law in these United States indicates
to me that yes, most probably such activity may well be considered criminal,
in at least some circumstances, perhaps including the ones being discussed
in this thread.

>6) If any of the above could be classed as criminal activity, are
>Reliance Globalcom (in this case) legally obligated to cut them off?,

The answer to that depends, I think, upon whether they are _knowing_
participants in the fraud.  If they merely got duped... which is indeed
what is suggested by that fact that somebody paid $4,000 to get a specific
domain name so that they could then dupe _somebody_ (where that somebody
who was to be duped, in this case was clearly _not_ ARIN)... then in
that case, Reliance Globalcom is just another one of the victims, and not
one of the perpetrators.

Hypothetically, if, once they have been duly informed that this particular
fraud is ongoing, they do nothing, and continue announcing the routes even
after allowing them a reasonable amount of time to properly investigate what
is going on here, then at that point I think that yes, then they might in
fact be criminally liable, civilly liable, or both.

>or just help by switching on a packet capture

What would be the point of that??

I can already tell you what the blocks in question are most probably being
used for, and have done so already, I think.


More information about the NANOG mailing list