Interesting article about RBN, it's spin-offs and the global network
infrastructure used for cybercrime. Has a passing mention of Atrivo's place
in the global picture.
http://www.newsweek.com/id/228674
Reportedly started by someone operating under the name "Flyman," RBN is
known as the mother of cybercrime among online investigators. François
Paget, senior expert for the McAfee company, says that RBN began as an
Internet provider and offered "impenetrable" hosting for $600 a month. This
meant a guarantee that it would not give out information about its clients,
no matter what business they were in. Aleksandr Gostev, director of
Kaspersky Labs, a global research and threat analysis center, believes that
RBN's servers are located in Panama. "Confidential data about clients can be
obtained only by a court decision," a Newsweek source familiar with the
situation says. "But what court do you apply to if criminal ties are
discovered? A Panamanian court?"
-- Bruce Williams
“Discovering...discovering...we will never cease discovering...
and the end of all our discovering will be
to return to the place where we began
and to know it for the first time.”
-T.S. Eliot
Reportedly started by someone operating under the name "Flyman," RBN is
known as the mother of cybercrime among online investigators. François
Paget, senior expert for the McAfee company, says that RBN began as an
Internet provider and offered "impenetrable" hosting for $600 a month.
This meant a guarantee that it would not give out information about
its clients, no matter what business they were in.
This is a commendable position and one that should be the default for all businesses. Severe penalties (such as cutting out of the tongue or cutting off hands) should be dealt to anyone who releases private information without having first ensured that such disclosure is in accordance with a properly obtained court order issued by a competent court in a public hearing (and no, administrative tribunals are not courts of law).
Wow. I always knew there existed some alternate universe where the
RBN were actually the good guys. Didn't expect to find it so fast,
and on nanog at that.
Reportedly started by someone operating under the name
"Flyman," RBN is known as the mother of cybercrime among
online investigators. François Paget, senior expert for
the McAfee company, says that RBN began as an Internet
provider and offered "impenetrable" hosting for $600 a
month. This meant a guarantee that it would not give
out information about its clients, no matter what
business they were in.
This is a commendable position and one that should be the
default for all businesses. Severe penalties (such as cutting
out of the tongue or cutting off hands) should be dealt to
anyone who releases private information without having first
ensured that such disclosure is in accordance with a properly
obtained court order issued by a competent court in a public
hearing (and no, administrative tribunals are not courts of law).
Wow. I always knew there existed some alternate universe where the
RBN were actually the good guys. Didn't expect to find it so fast,
and on nanog at that.
Wasn't it Larry Flynt that said: "Because if its good enough to
protect a scumbag like me its sure darn good enough to protect
all of you".
Without a warrant, there is an absolute right to privacy.
It continues to exist right up until either (a) one party chooses
to give up that privacy or (b) a third party arrives with a Court
Order. This is simply a covenant between two parties to preserve
that "private" state unless lawfully compelled by lawful process
otherwise. In other words, a covenant to adhere to the rule of
law and the courts in the event of any dispute between the parties
or any third party. It sure seems like a good thing to me -- and a
covenant I would hope anyone I do business adheres to.
That's funny.
You're assuming that the MLAT [1] process works -- it doesn't.
- - ferg
[1] http://en.wikipedia.org/wiki/Mutual_Legal_Assistance_Treaty
It "worked" against Indymedia UK: http://www.indymedia.org/fbi/
William
Ferg nailed it. I'll shut up now as he's made my point and its new
year's eve ..
Hey, I am not sure if this is the question asked in the first email.
If I found a RBN fishing site, and ask RBN to shutdown the site, appears to
me that this will not be done...so I need to block all the RBN cyber space,
or initiate a fight for a warrant?
I would prefer just block RBN sites...
indymedia is in texas, no mlat required.
rbn was actually, for a good portion of their existence, in Russia (I
believe St Petersburg, but my memory is fuzzy).
-chris
It "worked" against Indymedia UK: http://www.indymedia.org/fbi/
indymedia is in texas, no mlat required.
Exactly.
rbn was actually, for a good portion of their existence, in Russia (I
believe St Petersburg, but my memory is fuzzy).
Yes, their original "bullet-proof" hosting was located there [AS40989]
until they received too much publicity, and then they "diversified" into
hosting facilities all over the world.
If anything, their criminal "partnerka" networks have grown and thrived,
for the most part out of the reach of the "long arm of the law"
enforcement, due to geopolitical issues, sheer protectionist corruption,
and clever (albeit illegal) business practices.
Brian Krebs at The Washington Post did an excellent job of reporting on the
ongoing Russkrainian organized online criminal operations, et al:
http://voices.washingtonpost.com/cgi-bin/mt/mt-search.cgi?search=russian+bu
siness+network&blog_id=66&MaxResults=100
...but as of the first of the year, alas, Krebs is no longer working for
WaPo:
http://voices.washingtonpost.com/securityfix/2009/12/farewell_2009_and_the_
washingt.html
- - ferg
It was an MLAT initiated by the Dutch government because someone posted
pictures of a Dutch policeman breaking the law that they wanted removed.
Yes, the M in MLAT stands for *Mutual*. As in, it goes both ways.
William
The IndyMedia incident illustrates the problem, in my opinion -- going
after child's play instead of hardcore criminals.
Que Sera...
- - ferg
I apologize for deviating from the original issue at hand -- which I almost
forgot. 
And (I believe) it had something to do with something along the lines of
(paraphrased) "What are ISPs supposed to do about $WHATEVER activities
within their realm of responsibility?" -- where $WHATEVER could be
spammers, criminal malware purveyors, or something else equally illegal.
I would suggest following the lead of two other ISPs who have found
themselves in similar positions in the past -- Hurricane Electric and GLBX
- -- that, when presented with hard, documented evidence of criminal
activity, disconnected downstream parties for violating their Term of
Service agreements.
You don't always have to have a Fed knocking on your door with a subpoena
to do The Right Thing.
- - ferg
He's also assuming that US on-shore law applies, which it doesn't when
any one party is a non-US person, at which point it passes to the real
of National Security.
Well, that's another issue entirely, but you are right.
Unfortunately, folks in charge of "national security" with regards to cyber
issues don't realize that if that they can't stop sophisticated Eastern
European criminals from their ongoing pillage & plunder, they will *never*
stop determined attempts at critical infrastructure, espionage, etc.,
because they will simply use similar techniques.
This is serious stuff, and it is so damned pervasive, and happening right
in plain sight.
- - ferg
You can continue to follow his work at http://www.krebsonsecurity.com/
Tony.