In message <CAB69EHiS0dAFyrUQ0ajEc3+En8+ccCVNcPaXmFvwz1CjBNQ2WA@mail.gmail.com>, Eric Kuhnke <eric.kuhnke@gmail.com> wrote:
Looking at the AS adjacencies for Webzilla, what would prevent them from disconnecting all of their US/Western Euro based peers and transits, and remaining online behind a mixed selection of the largest Russian ASes? I do not think that any amount of well-researched papers and appeals to ethical ISPs on the NANOG mailing list will bring down those relationships.
Everything you say may be correct, but I personally would feel remiss if I failed to point out the facts of this case to an audience that has it within its power to do something about the issue. And the facts in this case could not be more plain. At best, it can only be said that Webzilla, and all of its various faces, simply doesn't care about the majority of us who just want to use the Internet in peace and security. (And that abundant lack of care seems to be the overriding message of the reports I have cited.) At worst, the company and its various nefarious customers present a clear and present danger, if not to Western democracies then perhaps just to anyone and anything that's connected to the Internet. And all of the companies peering with the various Webzilla companies have a choice -- to support Webzilla and the harmful activities of all of its customers, many of whom have proven themselves, time and again, to be outright dangerous to the rest of us, or alternatively, to take reasonable measures, and do what they can to save themselves, their customers, and people around the world from so easily, conveniently, and inexpensively being hacked, fiddled, hoodwinked and penetrated. So this is the question. Can Western companies really justify, to themselves, to their stockholders, and to their customers, their acts which make it easier than it has to be for the likes of Webzilla to have connectivity? Should these companies, whose profitability and mere existance rests on both the freedom and justice, such as they are, that is commonly available in Western liberal democracies... should these companies continue to support, even if only indirectly, those who would undermine that same freedom and justice on which the companies themselves depend? And even setting aside THAT consequential question, are the long term best interests of these same Western companies best served by an Internet that is known to the public at large as a place primarily characterized by scamming, scheming, and skulduggery? And finally, is it a persuasive arguement to say that because there is crime in the world, and always has been, and likely always will be, that we, and each of us, should harbor and abet criminals simply because it is convenient for us to do so, and perhaps even profitable in the short run? You may think me naive, but I say that the answer each and all of these questions is a resounding "no". It shall not profit any of these companies who provide peering to Webzilla, even if they gain the whole world, if they lose their souls. Will there still be a thriving and growing market for moving bits when nobody in his or her right mind trusts the Internet anymore? Although I am cloaking my arguments, at least to some extent, in moral and ethical terms, I do understand that such considerations are not at all likely to be persuasive when it comes to the world of commerce. That's perfectly OK, because in this instance I believe that I am also arguing in favor of enlightened self-interest. Are any of the customers of any of the companies that provide peering to Webzilla and/or its various parts and pieces better off or worse off because of that peering? I believe that sober and informed reflection on this simple question will yield the Right Answer. In the early years of the 20th century, Vladimir Lenin, leader of the Bolshevik, revolution, famously quipped to his communist collegues that "The capitalists will sell us the rope to hang them with." His prescient words have endured even the fall of the empire he founded because they clarify a simple and fundamental truth -- in capitalist systems, short term greed often overrides both rationality and simple common sense. My hope is that it will not be so on this occasion, and that enligtened long-term self interest will prevail, at least among those companies that are peering with any of Webzilla's ASNs. I would be happy to see Webzilla be given no choice other than to beat a retreat, back to Russia, and to have the company seek connectivity there and only there. If the company wishes to continue either its support for, or its abject tolerance of the kind of nefarious activities documented in detail in the report I cited, then I say let them do that, let them connect only via Russia, and let the company's true allegiances be revealed for all to see. If, as now seems evident, the company wants to continue to flaunt the norms and traditions of the civilized portions of the Internet, then I don't see it as being in anyone else's best interests for Webzilla to continue to be welcomed with open arms, as they currently are, in Dallas, in Singapore, or in any other place where democracy and the rule of law still hold sway. Regards, rfg P.S. For those of you who missed it, I would like to suggest to you all that you google the name "Spammy Bear" and start reading. The press reports on this case arose from my determined efforts to investigate the source of a large scale set of bitcoin extortion spams, which had been sent to tens or hundreds of thousands of recipients across the United States, Canada, Australia, New Zealand, and Hong Kong on December 13th, 2018. These scam-spams informed all those who received it that there was a bomb in their building, and that the bomb would detonante if a certain bitcoin ransom wasn't paid by the end of business on that same day. In te wake of this large scale scam-spam, police, first responders, and bomb squads were called out in innumerable locations throughout all of the affected countries. Innumerable businesses, schools, hospitals, universities, and government buildings were either evacuated or put on lockdown as a reasonable precaution. Even now, several months after the event, you can still get a sense of how widespread this event was by simply going to YouTube and searching for "bitcoin" and "bomb threat". You will then be able to see numerous local media reports from around the country describing the widespread mayhem. I expended some considerable time and effort to try to find out who and what was the source of this massively disruptive event. Although I was not able, in the end, to find a conclusive attribution to any specific individuals, I was at least able to track down the full set of IPv4 addresses that were the likely sources of these bogus bitcoin extortion threats. And in turn, I identified the full set of ASNs that were the likely sources. (I also found out that GoDaddy had a rather serious security problem, but that is and was another story.) Several Russian ASNs were the primary sources of these unambiguously criminal scam-spams. Also however, at least a few of the source IP addresses involved traced back to at least two different Webzilla ASNs. I may not know for certain who the specific criminals were who sent out those bomb threat spams, but Webzilla does, or should anyway. I would be more than happy to receive that information from them, as, I'm sure would any one of the countless law enforcement agencies that were called out, on an emergency basis, on December 13th, 2018, to investigate these bogus bomb threats. I feel sure that, like me, they too are all still hopping mad about this bogus waste of their time and resources. That having been said, I do not anticipate that Webzilla will so easily give up their criminal customers who did this anytime soon. I invite the company to prove me wrong about this. (Not that it would make much difference to anything anyway, in the end. The actual perps who sent those scam-spams are almost certainly located in Russia, and thus, not subject to extradition, even if they were proven to be serial killers.) P.P.S. In a simpler and less naive time, an event like the coast-to-coast wall of bomb threats that was unleashed against my country, the United States of America, on December 13th, 2018 might well have been considered an Act of War. These days, everyone just shrugs and goes back to work. It is left as an exercise for the reader to deduce which response is the more appropriate one, given the totality of present circumstances.