I got to think about this (dangerous thing :-( Ideally, law enforcement should have the smarts and tools to get involved in DDoS and other similar situations and have the power to compell upstream provider(s) to shut service to a suspect. The current situation appears to be more of a wild-west situation where everyone takes the law into their own hands. It sort of works but everyone knows this lead lead to abuses. If you start to tolerate falsifying BGP, it will likely lead to regular abuses (including intelligence agencies who stad to gain by redirecting traffic to their servers) as well as corporate spies etc. So mechanisms to enforce 0 tolerance are perhaps necessary, even if this means that a few legitimate BGP tricks to save customers from a failing ISP will no longer work. Falsifying BGP can be done by one person without any sanity checks. There is no check for evidence or whether this action is warranted. On the other hand, there is a sanity check if you have to convince an upstream provider to cut access to one of their customers.