Interesting article about RBN, it's spin-offs and the global network infrastructure used for cybercrime. Has a passing mention of Atrivo's place in the global picture. http://www.newsweek.com/id/228674 Reportedly started by someone operating under the name "Flyman," RBN is known as the mother of cybercrime among online investigators. François Paget, senior expert for the McAfee company, says that RBN began as an Internet provider and offered "impenetrable" hosting for $600 a month. This meant a guarantee that it would not give out information about its clients, no matter what business they were in. Aleksandr Gostev, director of Kaspersky Labs, a global research and threat analysis center, believes that RBN's servers are located in Panama. "Confidential data about clients can be obtained only by a court decision," a Newsweek source familiar with the situation says. "But what court do you apply to if criminal ties are discovered? A Panamanian court?" -- Bruce Williams “Discovering...discovering...we will never cease discovering... and the end of all our discovering will be to return to the place where we began and to know it for the first time.” -T.S. Eliot
Reportedly started by someone operating under the name "Flyman," RBN is known as the mother of cybercrime among online investigators. François Paget, senior expert for the McAfee company, says that RBN began as an Internet provider and offered "impenetrable" hosting for $600 a month. This meant a guarantee that it would not give out information about its clients, no matter what business they were in.
This is a commendable position and one that should be the default for all businesses. Severe penalties (such as cutting out of the tongue or cutting off hands) should be dealt to anyone who releases private information without having first ensured that such disclosure is in accordance with a properly obtained court order issued by a competent court in a public hearing (and no, administrative tribunals are not courts of law).
On Thu, Dec 31, 2009 at 4:00 AM, Keith Medcalf <kmedcalf@dessus.com> wrote:
Reportedly started by someone operating under the name "Flyman," RBN is known as the mother of cybercrime among online investigators. François Paget, senior expert for the McAfee company, says that RBN began as an Internet provider and offered "impenetrable" hosting for $600 a month. This meant a guarantee that it would not give out information about its clients, no matter what business they were in.
This is a commendable position and one that should be the default for all businesses. Severe penalties (such as cutting out of the tongue or cutting off hands) should be dealt to anyone who releases private information without having first ensured that such disclosure is in accordance with a properly obtained court order issued by a competent court in a public hearing (and no, administrative tribunals are not courts of law).
Wow. I always knew there existed some alternate universe where the RBN were actually the good guys. Didn't expect to find it so fast, and on nanog at that. -- Suresh Ramasubramanian (ops.lists@gmail.com)
Reportedly started by someone operating under the name "Flyman," RBN is known as the mother of cybercrime among online investigators. François Paget, senior expert for the McAfee company, says that RBN began as an Internet provider and offered "impenetrable" hosting for $600 a month. This meant a guarantee that it would not give out information about its clients, no matter what business they were in.
This is a commendable position and one that should be the default for all businesses. Severe penalties (such as cutting out of the tongue or cutting off hands) should be dealt to anyone who releases private information without having first ensured that such disclosure is in accordance with a properly obtained court order issued by a competent court in a public hearing (and no, administrative tribunals are not courts of law).
Wow. I always knew there existed some alternate universe where the RBN were actually the good guys. Didn't expect to find it so fast, and on nanog at that.
Wasn't it Larry Flynt that said: "Because if its good enough to protect a scumbag like me its sure darn good enough to protect all of you". Without a warrant, there is an absolute right to privacy. It continues to exist right up until either (a) one party chooses to give up that privacy or (b) a third party arrives with a Court Order. This is simply a covenant between two parties to preserve that "private" state unless lawfully compelled by lawful process otherwise. In other words, a covenant to adhere to the rule of law and the courts in the event of any dispute between the parties or any third party. It sure seems like a good thing to me -- and a covenant I would hope anyone I do business adheres to. -- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Dec 30, 2009 at 8:05 PM, Keith Medcalf <kmedcalf@dessus.com> wrote:
Without a warrant, there is an absolute right to privacy. It continues to exist right up until either (a) one party chooses to give up that privacy or (b) a third party arrives with a Court Order. This is simply a covenant between two parties to preserve that "private" state unless lawfully compelled by lawful process otherwise. In other words, a covenant to adhere to the rule of law and the courts in the event of any dispute between the parties or any third party. It sure seems like a good thing to me -- and a covenant I would hope anyone I do business adheres to.
That's funny. You're assuming that the MLAT [1] process works -- it doesn't. - - ferg [1] http://en.wikipedia.org/wiki/Mutual_Legal_Assistance_Treaty -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLPCSVq1pz9mNUZTMRAmtnAKCMrUkoeVmgHf+4z5/os5zfuVKLkwCgkE1G cq4Iv0qlUZD6V6/txAPoh3Q= =4RZt -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
On Wed, 2009-12-30 at 20:12 -0800, Paul Ferguson wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Wed, Dec 30, 2009 at 8:05 PM, Keith Medcalf <kmedcalf@dessus.com> wrote:
Without a warrant, there is an absolute right to privacy. It continues to exist right up until either (a) one party chooses to give up that privacy or (b) a third party arrives with a Court Order. This is simply a covenant between two parties to preserve that "private" state unless lawfully compelled by lawful process otherwise. In other words, a covenant to adhere to the rule of law and the courts in the event of any dispute between the parties or any third party. It sure seems like a good thing to me -- and a covenant I would hope anyone I do business adheres to.
That's funny.
You're assuming that the MLAT [1] process works -- it doesn't.
It "worked" against Indymedia UK: http://www.indymedia.org/fbi/ William
On Wed, Dec 30, 2009 at 11:13 PM, William Pitcock <nenolod@systeminplace.net> wrote:
It "worked" against Indymedia UK: http://www.indymedia.org/fbi/
indymedia is in texas, no mlat required. rbn was actually, for a good portion of their existence, in Russia (I believe St Petersburg, but my memory is fuzzy). -chris
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Dec 30, 2009 at 8:25 PM, Christopher Morrow <morrowc.lists@gmail.com> wrote:
On Wed, Dec 30, 2009 at 11:13 PM, William Pitcock <nenolod@systeminplace.net> wrote:
It "worked" against Indymedia UK: http://www.indymedia.org/fbi/
indymedia is in texas, no mlat required.
Exactly.
rbn was actually, for a good portion of their existence, in Russia (I believe St Petersburg, but my memory is fuzzy).
Yes, their original "bullet-proof" hosting was located there [AS40989] until they received too much publicity, and then they "diversified" into hosting facilities all over the world. If anything, their criminal "partnerka" networks have grown and thrived, for the most part out of the reach of the "long arm of the law" enforcement, due to geopolitical issues, sheer protectionist corruption, and clever (albeit illegal) business practices. Brian Krebs at The Washington Post did an excellent job of reporting on the ongoing Russkrainian organized online criminal operations, et al: http://voices.washingtonpost.com/cgi-bin/mt/mt-search.cgi?search=russian+bu siness+network&blog_id=66&MaxResults=100 ...but as of the first of the year, alas, Krebs is no longer working for WaPo: http://voices.washingtonpost.com/securityfix/2009/12/farewell_2009_and_the_ washingt.html - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLPCpEq1pz9mNUZTMRAk9DAKCvwK5ZhVu/n1jBX9rcsFpG3uYmFQCdE5C7 eYDC7w8NXWD+0xJ9SpcR+xw= =l7A1 -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
On Wed, 30 Dec 2009, Paul Ferguson wrote:
...but as of the first of the year, alas, Krebs is no longer working for WaPo:
You can continue to follow his work at http://www.krebsonsecurity.com/ Tony. -- f.anthony.n.finch <dot@dotat.at> http://dotat.at/ GERMAN BIGHT HUMBER: SOUTHWEST 5 TO 7. MODERATE OR ROUGH. SQUALLY SHOWERS. MODERATE OR GOOD.
On Wed, 2009-12-30 at 23:25 -0500, Christopher Morrow wrote:
On Wed, Dec 30, 2009 at 11:13 PM, William Pitcock <nenolod@systeminplace.net> wrote:
It "worked" against Indymedia UK: http://www.indymedia.org/fbi/
indymedia is in texas, no mlat required.
It was an MLAT initiated by the Dutch government because someone posted pictures of a Dutch policeman breaking the law that they wanted removed. Yes, the M in MLAT stands for *Mutual*. As in, it goes both ways. William
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Dec 30, 2009 at 8:36 PM, William Pitcock <nenolod@systeminplace.net> wrote:
On Wed, 2009-12-30 at 23:25 -0500, Christopher Morrow wrote:
On Wed, Dec 30, 2009 at 11:13 PM, William Pitcock <nenolod@systeminplace.net> wrote:
It "worked" against Indymedia UK: http://www.indymedia.org/fbi/
indymedia is in texas, no mlat required.
It was an MLAT initiated by the Dutch government because someone posted pictures of a Dutch policeman breaking the law that they wanted removed.
Yes, the M in MLAT stands for *Mutual*. As in, it goes both ways.
The IndyMedia incident illustrates the problem, in my opinion -- going after child's play instead of hardcore criminals. Que Sera... - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLPCvKq1pz9mNUZTMRAtw+AKCYeFfcDgVjV+ORdarSX14s9+u5AACfQYFw L2ADUqhnIdTcTqFPGy6L+KE= =OpnR -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Dec 30, 2009 at 8:42 PM, Paul Ferguson <fergdawgster@gmail.com> wrote:
On Wed, Dec 30, 2009 at 8:36 PM, William Pitcock <nenolod@systeminplace.net> wrote:
On Wed, 2009-12-30 at 23:25 -0500, Christopher Morrow wrote:
On Wed, Dec 30, 2009 at 11:13 PM, William Pitcock <nenolod@systeminplace.net> wrote:
It "worked" against Indymedia UK: http://www.indymedia.org/fbi/
indymedia is in texas, no mlat required.
It was an MLAT initiated by the Dutch government because someone posted pictures of a Dutch policeman breaking the law that they wanted removed.
Yes, the M in MLAT stands for *Mutual*. As in, it goes both ways.
The IndyMedia incident illustrates the problem, in my opinion -- going after child's play instead of hardcore criminals.
Que Sera...
I apologize for deviating from the original issue at hand -- which I almost forgot. :-) And (I believe) it had something to do with something along the lines of (paraphrased) "What are ISPs supposed to do about $WHATEVER activities within their realm of responsibility?" -- where $WHATEVER could be spammers, criminal malware purveyors, or something else equally illegal. I would suggest following the lead of two other ISPs who have found themselves in similar positions in the past -- Hurricane Electric and GLBX - -- that, when presented with hard, documented evidence of criminal activity, disconnected downstream parties for violating their Term of Service agreements. You don't always have to have a Fed knocking on your door with a subpoena to do The Right Thing. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLPDNbq1pz9mNUZTMRAhlZAKD0AkSTnva4PCaMo1fawaid/aGfKgCg1qwG 7kiDiuflc4X6xeYJDBU4eYQ= =+kNv -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Ferg nailed it. I'll shut up now as he's made my point and its new year's eve .. On Thu, Dec 31, 2009 at 9:42 AM, Paul Ferguson <fergdawgster@gmail.com> wrote:
That's funny.
You're assuming that the MLAT [1] process works -- it doesn't.
- - ferg
[1] http://en.wikipedia.org/wiki/Mutual_Legal_Assistance_Treaty
-- Suresh Ramasubramanian (ops.lists@gmail.com)
He's also assuming that US on-shore law applies, which it doesn't when any one party is a non-US person, at which point it passes to the real of National Security. -----Original Message----- From: Paul Ferguson [mailto:fergdawgster@gmail.com] Sent: Wednesday, December 30, 2009 8:12 PM To: Keith Medcalf Cc: nanog@nanog.org Subject: Re: RBN and it's spin-offs -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Dec 30, 2009 at 8:05 PM, Keith Medcalf <kmedcalf@dessus.com> wrote:
Without a warrant, there is an absolute right to privacy. It continues to exist right up until either (a) one party chooses to give up that privacy or (b) a third party arrives with a Court Order. This is simply a covenant between two parties to preserve that "private" state unless lawfully compelled by lawful process otherwise. In other words, a covenant to adhere to the rule of law and the courts in the event of any dispute between the parties or any third party. It sure seems like a good thing to me -- and a covenant I would hope anyone I do business adheres to.
That's funny. You're assuming that the MLAT [1] process works -- it doesn't. - - ferg [1] http://en.wikipedia.org/wiki/Mutual_Legal_Assistance_Treaty -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLPCSVq1pz9mNUZTMRAmtnAKCMrUkoeVmgHf+4z5/os5zfuVKLkwCgkE1G cq4Iv0qlUZD6V6/txAPoh3Q= =4RZt -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 On Wed, Dec 30, 2009 at 9:47 PM, Tomas L. Byrnes <tomb@byrneit.net> wrote:
That's funny.
You're assuming that the MLAT [1] process works -- it doesn't.
He's also assuming that US on-shore law applies, which it doesn't when any one party is a non-US person, at which point it passes to the real of National Security.
Well, that's another issue entirely, but you are right. :-) Unfortunately, folks in charge of "national security" with regards to cyber issues don't realize that if that they can't stop sophisticated Eastern European criminals from their ongoing pillage & plunder, they will *never* stop determined attempts at critical infrastructure, espionage, etc., because they will simply use similar techniques. This is serious stuff, and it is so damned pervasive, and happening right in plain sight. - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.5.3 (Build 5003) wj8DBQFLPD2eq1pz9mNUZTMRAq7iAKCLDdKPRBp1EkrkIcQRG04pJZwmqgCfSA2k jmEF+raHPkEGUsp6n5ZfgoI= =UVPA -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawgster(at)gmail.com ferg's tech blog: http://fergdawg.blogspot.com/
Hey, I am not sure if this is the question asked in the first email. If I found a RBN fishing site, and ask RBN to shutdown the site, appears to me that this will not be done...so I need to block all the RBN cyber space, or initiate a fight for a warrant? I would prefer just block RBN sites... On Thu, Dec 31, 2009 at 2:05 AM, Keith Medcalf <kmedcalf@dessus.com> wrote:
Reportedly started by someone operating under the name "Flyman," RBN is known as the mother of cybercrime among online investigators. François Paget, senior expert for the McAfee company, says that RBN began as an Internet provider and offered "impenetrable" hosting for $600 a month. This meant a guarantee that it would not give out information about its clients, no matter what business they were in.
This is a commendable position and one that should be the default for all businesses. Severe penalties (such as cutting out of the tongue or cutting off hands) should be dealt to anyone who releases private information without having first ensured that such disclosure is in accordance with a properly obtained court order issued by a competent court in a public hearing (and no, administrative tribunals are not courts of law).
Wow. I always knew there existed some alternate universe where the RBN were actually the good guys. Didn't expect to find it so fast, and on nanog at that.
Wasn't it Larry Flynt that said: "Because if its good enough to protect a scumbag like me its sure darn good enough to protect all of you".
Without a warrant, there is an absolute right to privacy. It continues to exist right up until either (a) one party chooses to give up that privacy or (b) a third party arrives with a Court Order. This is simply a covenant between two parties to preserve that "private" state unless lawfully compelled by lawful process otherwise. In other words, a covenant to adhere to the rule of law and the courts in the event of any dispute between the parties or any third party. It sure seems like a good thing to me -- and a covenant I would hope anyone I do business adheres to.
-- () ascii ribbon campaign against html e-mail /\ www.asciiribbon.org
participants (9)
-
Bruce Williams -
Christopher Morrow -
Keith Medcalf -
Paul Ferguson -
Ricardo Tavares -
Suresh Ramasubramanian -
Tomas L. Byrnes -
Tony Finch -
William Pitcock