European Internet “Self-Governing” Body Ignores Own Report and Continues to Serve Criminals

This article was written by my colleague Volker Rieck.  It has been translated from German. It originally appeared here.  While the failure of internet self governing bodies may seem far afield from my usual focus on artists’ rights, it is not.  Artist rights and royalties have been greatly diminished because of a market failure caused by lax enforcement of copyright protections on the internet. And the reason there is little enforcement of criminal activity on the internet is because the “self-government” of the internet, ICANN, and its regional affiliates are spectacularly inept or corrupt.  This article details how the RIPE (the European/Mideast arm of ICANN) has ignored its own internal reports and continues to provide services to criminal organizations. I am not an expert on US Treasury sanctions, but looking at RIPE’s own report it’s likely that RIPE is violating the US prohibitions against providing services to companies/individuals on the Office of Foreign Asset Control “Specially Designated Nationals and Blocked Persons List.”

-Dr. David Lowery

PS.  RIPE client CyberBunker was just taken down today by German police.  See here.

and Republic of CyberBunker?  Clearly RIPE does not give a shit about its responsibilities and duties here. Time to make RIPE and ICANN accountable to the rule of law.  Just like the rest of us. 

Internet self-administration a la RIPE NCC: An oath of disclosure!

There are many examples of successful self-regulation in business. One of them is the age ratings for films and games. The rating processes are relatively quiet and, despite there being many films and games to rate, there are very few complaints.

The reason for this could be that film and game self-regulation assigns duties and responsibilities to all parties involved.

RIPE NCC: Epic Fail

The exact opposite of this successful self-regulation is the sort of self-regulation you find on the internet. RIPE NCC (Réseaux IP Européens) is responsible for assigning numbers and names on the Internet for Europe and parts of Asia. Other parts of the world are represented by 4 others organizations of ICANN, the worldwide Internet self-government organization. As early as spring 2018, this blog pointed out the failure of RIPE NCC to abide by it’s responsibilities as required. Crucially my article revealed that RIPE NCC provides services to criminal customers. Conversely these criminals pay for membership in RIPE NCC and hence help fund RIPE.

While I’m not surprised that the internet overlords pay no attention to this blog, I am quite surprised to find they seem to have ignored their own internal reports.  Recently I discovered on RIPE’s own website a presentation which describes the problem even more clearly and in depth: “Criminal Abuse in RIPE IP space.”

The presentation was given by Dhia Mahjoub, PhD, who is Head of Security R&D Cisco Umbrella, at the RIPE 77 Conference. According to Mahjoub’s CV, he seems to be a proven expert who has given presentations at several conferences. His presentation was held on 18 October, 2018 and can be downloaded here.

Undoubtedly the most interesting thing about this presentation is the fact that it was held at a meeting of RIPE NCC. In other words: those responsible at RIPE NCC have been aware of the illegal activities of their members since October 2018 at the latest.  Yet, RIPE NCC still allows these companies to use the Internet for criminal purposes.

In the 64-page presentation, Mahjoub describes how dubious data centers develop infrastructure for criminals with the help of RIPE NCC. He examined 30 suspicious data centers of which 11 are in the care of RIPE NCC.

The variety of criminal activities taking place is manifold: botnets, sending spam, distributing malware, fake shops, fake software, phishing, money laundering, illegal video streaming, Bitcoin mining, Trojans, etc.

Mahjoub names three countries that stand out for :

Switzerland, the Netherlands and Sweden.

He also gives examples of data centres whose business model is to support criminal activities in total or in part. Specifically: Private Layer PA/CH (which appeared in our 2018 blog post), Serverius NL, Worldstream NL, Altushost NL, Felicity NL, Portlane SE, etc.

Mahjoub gives a very detailed breakdown of how the participants are related to each other:

Illustration: Excerpt from the presentation – Private Layer network.

The German company Corebackbone is also involved:

Illustration: Excerpt from the presentation – Corebackbone, Germany.

The dubious players in this space have been well known for years and have been left to pursue their business undisturbed.

The presentation also shows how these companiescompanies are scattered across different countries which obviously hampers prosecution. And is it any surprise thatIt Mahjoub’s presentation references offshore letterbox companies that can be found in the Panama Papers?

Illustration: Excerpt from the presentation – How to make a business resilient on the Internet.

The presentation also describes how such businesses are rebuilt over and over again with low investments:

Illustration: Excerpt from the presentation – The recipe of a dedicated hoster.

RIPE NCC: Blind in both eyes – where is the self regulation?

Anyone who thinks that the findings from the presentation have changed anything at RIPE NCC will be sadly mistaken. Although many evil organizations and their criminal activities were clearly described in the October 2018 presentation, they are all still present and all this with the blessing of RIPE NCC. There is no better way to show that self-regulation of the Internet has failed completely.

RIPE’s refusal to take action against criminal members would only be understandable if RIPE itself were a part of organized crime. RIPE NCC’s Executive Board Treasurer, Remco van Mook, was country manager for Equinix in the Netherlands. Equinix provides a wide range of hosting services for Private Layer locations, Panama and Switzerland, as well as peering in over 5 data centers in Europe. (Editor note: It’s also a US Government contractor! Yikes!) Let’s hope for the executive board members of RIPE this is simply incompetence and arrogance, not criminal conspiracy.

Is it time for law enforcement and politicians to address this problem? What a crazy world we live in, where powerful tech elites make it so easy for criminals. Perhaps by regulating the RIPE’s self-regulation, we could make the Internet much safer for everyone involved?