http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-accused-of-aiding-cybercrime-2165
Some quotes from the article -
Internet registry RIPE NCC turned a blind eye to cybercrime, and Russian police
corruption helped the perpetrators get away with it, according to the UK
Serious Organised Crime Agency
[...]
"RIPE was being paid by RBN for that service, for its IP allocation," he said.
"Essentially what you have - and I make no apologies for saying this is - if
you were going to interpret this very harshly RIPE as the IP allocation body
was receiving criminal funds and therefore RIPE was involved in money
laundering offences," said Auld.
[...]
"All we could get there was a disruption, we weren't able to get a prosecution
in Russia," admitted Auld. "Our biggest concern is where did RBN go? Our
information suggests that RBN is back in business but now pursuing a slightly
different business model which is bad news."
[...]
"Where you have got LIRs (Local Internet Registries) set up to run a criminal
business- that is criminal actvity being taken by the regional internet
registries themselves. "So what we are trying to do is work with them to make
internet governance a somewhat less permissive environment for criminals and
make it more about protecting consumers and individuals," added Auld.
RBN looked legitimate, says RIPE NCC
In response to the comments that it could be accused of being involved in
criminal activity, Paul Rendek, head of external relations and communications
at RIPE NCC said that the organisation has very strict guidelines for dealing
with LIRs.
"The RBN was accepted as an LIR based on our checklists," he said." Our
checklists include the provision of proof that a prospective LIR has the
necessary legal documentation, which proves that a business is bona fide."
etc
Since we're on the subject, here is where RBN went:
inetnum: 91.202.60.0 - 91.202.63.255
netname: AKRINO-NET
descr: Akrino Inc
country: VG
org: ORG-AI38-RIPE
admin-c: IVM27-RIPE
tech-c: IVM27-RIPE
status: ASSIGNED PI
mnt-by: RIPE-NCC-HM-PI-MNT
mnt-by: MNT-AKRINO
mnt-lower: RIPE-NCC-HM-PI-MNT
mnt-routes: MNT-AKRINO
mnt-domains: MNT-AKRINO
source: RIPE # Filtered
organisation: ORG-AI38-RIPE
org-name: Akrino Inc
org-type: OTHER
address: Akrino Inc.
address: P.O.Box 146 Trident Chambers
address: Road Town, Tortola
address: BVI
e-mail: noc.akrino@gmail.com
mnt-ref: MNT-AKRINO
mnt-by: MNT-AKRINO
source: RIPE # Filtered
person: Igoren V Murzak
address: Akrino Inc
address: P.O.Box 146 Trident Chambers
address: Road Town, Tortola
address: BVI
phone: +1 914 5952753
e-mail: noc.akrino@gmail.com
nic-hdl: IVM27-RIPE
mnt-by: MNT-AKRINO
source: RIPE # Filtered
% Information related to '91.202.60.0/22AS44571'
route: 91.202.60.0/22
descr: AKRINO BLOCK
origin: AS44571
mnt-by: MNT-AKRINO
source: RIPE # Filtered
Accusing RIPE of complicity is in my opinion abusive. So when a RBN member buys a burger at MacDonald's, should we consider MacDo accepts money from RBN while helping them to run their "business" as they feed the criminal member?
Indeed. If they bought fries and a drink that's two counts.
Jeff
That's what I thought.
I still see the author's point =)
I think the larger point is that ripe turned a blind eye to an
internationally recognized criminal network.
So considering they're widely regarded as a criminal network hosting the
more dodgy/dangerous stuff on the net, surely we could 'protect' our
customers by blocking the 91.202.60.0/22 range?
Consider that can of worms opened :o)
Paul
With more on that:
http://www.ripe.net/news/rbn.html
"Press coverage this week portrayed the RIPE NCC as being involved with the criminal network provider Russian Business Network (RBN). Any connection with criminal activity, or with RBN itself, is completely unfounded.
The press coverage arose from a speech given by the Serious Organised Crime Agency (SOCA) in the UK. SOCA has since contacted the RIPE NCC with an apology. The RIPE NCC will continue to work with SOCA and other bodies to ensure criminal investigations can be carried out in an efficient manner within established laws and guidelines."
MarcoH
We already filter this network but the move is largely symbolic. This needs
to be done by eyeball networks, not just hosting networks.
In filtering 91.202.60.0/22 we primarily keep our reverse proxies from
serving up their "content" and keep them from offering proxies on our
network.
Its pretty rare that we will filter any network as a whole but in this case
the need is pretty blatent.
Jeff
\>> http://www.eweekeurope.co.uk/news/russian-police-and-internet-registry-accused-of-aiding-cybercrime-2165
With more on that:
http://www.ripe.net/news/rbn.html
I am glad this ugly situation has been resolved - and I do wish the
resolution gets better coverage than this.
suresh
That may be a point but not a convincing one.
Imagine the outcry on this list if ARIN were to deny some organisation
address space or ASNs just because they are "internationally recognised"
criminals. Wouldn't we demand a little more due process?
Especially since the alternatives are not as easy as walking to the
next fastfood joint.
The RIPE NCC operates in a region where whole sovereign states call each
other criminals or worse on a daily basis.
The only tenable position for each RIR is to strictly apply the
policies developed in its bottom-up self-regulatory process. Doing
anything else would require intervention via a proper legal process,
e.g. a *judge* with appropriate jurisdiction telling the RIR that
its actions are unlawful.
Frustration is a bad advisor when trying to stop crime, unrelenting
application of due process is the only way ... frustrating as it may be.
Daniel Karrenberg
Chief Scientist RIPE NCC
Speaking only for himself as is customary here.
PS: This is old news, compare
http://www.h-online.com/security/news/item/Security-expert-calls-for-IP-address-ranges-of-criminal-providers-to-be-sent-direct-to-the-police-737905.html
And see the press release that Marco pointed out.
Daniel
The decision to filter networks should remain with the collective
network operators. Everyone, even criminals, has a "right" to
distribute content but it's up to each operator to decide if that
content will be allowed to transit their network. Personally, if an
entire /22 does not have a single legitimate resource on it in the
case of 91.202.60.0/22 *and* is widely suspected of being
owned/operated by a criminal enterprise then filtering makes sense.
Historically it takes a few pioneers to present a case for filtering
specific networks before larger networks will begin to see the light.
Jeff