In the world of real estate (at least in the United States), rules and regulations have been put forth to deter property owners from renting to criminals. It is called the “Department of Justice Asset Forfeiture Program” [1]. To summarize how it works: “Imagine you are a homeowner, and you knowingly are renting to drug dealers. The government takes steps to ensure they are not inappropriately seizing your property, but when they find out you knew about the drug sales, kiss your property goodbye.”
On the “world wide web” there are no such rules. Many hosting companies, data transit providers, storage companies, and other “Internet of Whateverthing” corporations have little to worry about. This means they are free to allow spam, viruses, and malware to exit their network unchecked. No one is going to revoke their IP space unless everyone is losing a lot of money, which is rare.
Over the past two decades, I have seen many sides of the “abuse” spectrum, working at Internet Service, and Managed Service providers, and being the engineer fielding e-mails and calls about systems that fell within my scope of responsibilities. I have also been the one sending out information to other organizations: “Hey… Your machine is hacking me over here…” What I have found, and what has surely been seen by other individuals - and outside of mailing lists - is that no matter how many times one complains to “abuse” queues, so little is done, if anything more than a generic response is returned: “Thanks we’ll look into it.”
Countries can send probes to Mars, map the galaxies, create nanotechnologies to perform heart surgery [2] but we can’t seem to stop spam, cybercrime, and denial of service attacks. But is this really the case, can we not stop these attacks, or does money trump morals all the time. Denials service attacks, DoS, DDoS, pick your poison, it does not matter.
So can these be cybercrime actually be controlled? Sure it can. It can be controlled by every provider taking responsibility by ensuring that their networks behave responsibly. BCP38 [3] anyone? (RFC 2827 [4]). Spam? With BCP filtering enabled, spam would also be minimized. Cybercrime as a whole? It would go down as all providers would aim to take responsibility over what leaves their networks. See cyber attacks, kill the account performing the cyberattacks, and contact the local authorities. It is simple.
This would be an ideal situation (every provider taking responsibility), but can you imagine how Internet traffic would look without the filth? Imagine a world without spam, spoofed VoIP telemarketer calls, viruses, and malware. Traffic patterns would look like the EKG result of someone having multiple heart attacks. What is overlooked here outside of the malice, is the money. Not only are Internet scum (am I allowed to be human and speak frankly?) making money, but so too are transit providers.
Imagine a Tier1 [5] provider making the following statement: “Although we are peering with hundreds of providers, we will no longer make money from your traffic, as we have determined it is bad traffic.” Analogous to a highway owner saying: “Ok we can no longer collect your tolls, and we won’t let you drive on this highway Mr. Drug Dealer because it is the moral thing to do.” Of course highways are not private, so ask yourself, if the highways were, do you believe that a highway owner would not charge a premium to certain ‘autos’ that didn’t align with common sense or morals. Remember, companies aren’t a human, you can’t say: “Company has no morals/ethics…” since that could be marketed away rather quickly: “We fired Mr. SCAPEGOAT for this calamity.” Fines are paid, traffic keeps moving along.
So what can we do to tackle some of this crime via way of networking best practices? Simple re-invent the rules and regulate the hell out of everything. We already have seen that best practices/frameworks/guidelines are for sucker. People will check boxes swearing they follow the whatever you put in front of them. This is because most know they will not likely be audited against anything. Shift the problem to the network owner. Confiscate entire network blocks and de-peer networks. Then watch your revenue drop (if you work at a provider). Personally, I think the providers are just as guilty as the criminals.
[1] https://www.usmarshals.gov/assets/index.html
[2] http://onlinelibrary.wiley.com/doi/10.1002/bjs.7074/pdf
[3] http://www.bcp38.info/index.php/Main_Page
[4] https://tools.ietf.org/html/rfc2827.html
[5] https://en.wikipedia.org/wiki/Tier_1_network
