I can come up with at least 3 distinct meanings for “amassed VPN clients” and I’m still not 100% sure which is correct in this context. I take it that clients here refers to “paying customers”?
> He said Micfo provides a legitimate service to VPNs, adding that whatever his customers or their users do through Micfo servers is none of his business.
From what I understand he was attributed many IPs by creating shell companies and rented these IPs to VPN providers.
I'd guess he pissed off some important people... If this prosecution doesn't succeed, you can bet every tax return of his for the last 20 years will suddenly be randomly checked, and he'll be prosecuted for claiming a Starbucks coffee as an expense during a business meeting when he actually took half the coffee away after the meeting making it not an allowable expense, and therefore technically fraud.
That's what I've been thinking as well. Creating "shell companies" (aka "Special Purpose Entities/Vehicles") is not illegal per se.
Perhaps he violated the terms and conditions of his contract with ARIN and should have had the assignments cancelled but where does the criminality come in?
If he misrepresented himself in order to gain a financial advantage then that is fraud.
Creating shell companies is not illegal, using a name fir yourself that isn’t your legal name is not illegal, doing either of those things in order to trick people into giving you money is.
Not just financial advantage, all deceit where you intend to gain from it is fraud. Money just makes it more obvious what the gain was.
Are there grey areas? Sure. In particular there's a passive sort of deceit in which you let people assume things that you know aren't true, to your benefit. Mostly the law holds that it's their mistake for not asking, and anyway they'd usually be far too embarrassed to make a fuss if they realise their error.
I don't see that here, the plan was explicitly to trick the RIR into giving them resources they were otherwise not entitled to. Those resources were for everybody to share, they're stealing from you and it's appropriate to prosecute for fraud.
> I don't see that here, the plan was explicitly to trick the RIR into giving them resources they were otherwise not entitled to. Those resources were for everybody to share, they're stealing from you and it's appropriate to prosecute for fraud.
The last time I looked which was a couple of years ago there was nothing in the ARIN TOS that said "you can only control one entity that applies for resources".
Joe Schmoe Enterprises, Inc, Joe Schmoe, LLC, Joe Shmoe Fishing Services, Inc are different legal entities even if Joe Schmoe, Jr owns all of them.
The TOS only entitles you to keep the service you already have, you need more paperwork to get more resources assigned.
I presume the specific problem will have been when Joe Schmoe lied on the paperwork for IPv4 delegation to Joe Shmoe Fishing Services not mentioning that Joe Schmoe, LLC already has also applied, as has Joe Schmoe Enterprises, Inc. I'm not in ARIN's region, so I haven't seen their paperwork, but analogous paperwork in RIPE for example asks you about Related Entities because you're not entitled to duplicate resources just by asking more than once.
One of the things Teller (the magician) talks about is that while obviously you do want the audience to be "fooled" in some sense - that's what they're paying you for - you don't want to do that by straight lying to them. Where's the fun in that?
The goal is to create a scenario in which the audience knows they were tricked but can't figure out how. So you don't lie and say this is a random audience member when it's actually an employee "stooge". But when you're giving the genuinely random audience member a "free choice" of cards you don't need to explicitly tell the audience that, duh, as a magician you're not giving anybody a truly "free choice" of anything actually and you knew immediately which card they picked even without seeing it. That sort of thing.
> Creating shell companies is not illegal, using a name fir yourself that isn’t your legal name is not illegal, doing either of those things in order to trick people into giving you money is.
Have you seen a list of list of all telco companies that are together AT&T which exist solely to allow AT&T to limit liability, create a separation of entities for qualify under some rules for some other entities, etc?
When MCI Worldcom filed for bankruptcy the list of the entities that it covered took a couple of pages in major newspapers.
A former employer used to rent IPs, the person renting ranges had different companies own each block to reduce abuse report blast radius. We also owned a ton of IPs and never really had to prove utilization when requesting new blocks from ARIN as of 2011.
I would expect a database of valid email addresses had been compromised. Context of what is being “obtained” matters, of course. But the sum total of valid IP addresses is a fixed, finite, and well-known value. Can you write a script to generate all valid email addresses?
The concept of ownership of an IP address, implied by “obtains”, is pretty clear and well-understood. The story was exactly what I imagined after reading the headline. Rather than making an obtuse joke, how would you suggest it be improved?
consider the headline "obtained 800k email addresses illegitimately". would you really assume that this meant they were able to receive email at those addresses, or just that they'd obtained the addresses?
The writing is quite confusing in trying to explain things but the gist of it appears to be that the person in question (1) applied for IP addresses through numerous companies created just for this purpose in order to bypass ARIN's restriction on the number of addresses it was willing to allocate to a single entity, and (2) made the obtained IP address ranges available to serve as VPN endpoints, so that "huge amount of traffic—some of it illicit or criminal—passed through its computer servers but wasn't traceable to the true originators."
He did keep track though of which VPN operator used which range at any given time, so perhaps the "true originators" could be traceable after all, assuming the VPN owners were willing to co-operate. In any case, he is only being prosecuted for (1), and the immediate reason for this is that a couple of US politicians were hacked with attacks originating from these addresses.
A prosecution seems a bit over the top for this... Setting up multiple companies to meet some rule isnt against said rule. And anyway, it's a company policy not the law.
I've looked up wire fraud in the US and it seems to come with some properly serious penalties:
Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both. If the violation affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.[4]
You going to work also serves the purpose "to get somebody to [give you] money they otherwise wouldn't have". So that definition is obviously too broad, and different from the definition of fraud mentioned above.
Advertisement tends to deal in opinions, not facts. And where specific factual claims are made against better knowledge it does constitute fraud, and is occasionally prosecuted. See Volkswagen's emissions claims, for example. Or, just this week, some hand sanitiser got hit by the FDA for claiming protection against Ebola and Coronavirus.
Advertising has specific legal limits on what is deceptive. You can say ‘worlds best’ because that’s considered a subjective and meaningless statement, but lying about objective facts gets you into hot water. For example, peanut butter is legally required to have been made from peanuts.
To be more precise, the elements of fraud include a false statement, made knowingly, upon which someone else reasonably relies, to their detriment. To prosecute, this pattern must not be merely plausibly true but persuasively true in the face of a motivated, skilled defense. That set of circumstances is only rarely true in advertising. It is clearly true here.
People get sued for false advertising al the time. I feel like people on hacker news are continuously surprised to discover that laws exist and are enforced.
Shell companies are not normally used for structuring. That's a different matter entirely. A shell company is usually a holding company, not a company created in order to deceive or to bypass a hard cap on some scarce resource.
Well, there are the fake registrars, such as DropCatch 345, DropCatch 346, DropCatch 347, ... DropCatch 1545. Those are all ICANN-accredited registrars.[1] ICANN parcels out dropped domains among all the registrars who want them at random. Having a thousand dummy registrars improves the odds. That's definitely "structuring" to hog Internet assets.
This is possible only because, while ICANN charges each registry when they acquire a domain, ICANN refunds that if they give the domain back within some time period.
It's both. You could say that the .org debacle more strongly indicates corruption than dysfunction, but it's definitely both with strong ties between them.
The fact that they knew exactly what they were doing does not contradict that what they were doing is dysfunctional. If anything, it is the dysfunction.
As strange and dysfunctional as that is, DropCatch isn't trying to deceive ICANN into thinking those registrars are unrelated companies, so it's not fraud.
Yes. For example, someone signed up for 58,000 accounts and used them to receive micro deposits (those small sums that are deposited into an account to validate that two accounts are linked correctly). They had their time in court: https://www.wired.com/2008/05/man-allegedly-b/
These companies often times were bought shelf companies with history so as to have credibility. The goal was selling up blocks to prohibited locations and enabling spamming. This guy spent a lot of time in Tunisia with spam Kong’s and accepted up front money to build infrastructure.
The publicly discussed components here are but a small piece of a complex and sloppily run scam organization.
Look up the judgements under these businesses over the years at various web hosts. These companies would enter long contracts and eventually stop paying.
Hmm, GDPR thought experiment: I make a database of public IPv4s by running a couple for-loops and subtracting private spaces. Can an EU guy who owns an IPv4 request to have it removed?
Regarding GDPR, I think IPs are considered “personal data” if you can identify the user from it.
Well, my understanding is any data is ‘personal data’ if you can use it to identify a user, can be combined to identify a user or can be aggregated to an identified user.
For example, list of addresses themselves are not personal data. Everybody has access to addresses, you can get them at the post office for example when you try to look up code for the address.
But a list of addresses of creditors (ie. address + some non-identifying context information) is personal data.
I do not know GDPR well but given just that example I would say there is some more nuance.
AG Barr will not resign. Not before the President does. AG Barr is the same as Mueller, Schiff, Nadler, Pelosi: feign opposition to cover the true motive of obstruction to keep Trump and in power. Wray and Alito on board also.
\\$Download the video-audio file, put on headphones and turn up the volume. You will hear these people committing these crimes. Audio was broadcast into my apartment by outdated surveillance equipment illegally embedded within my walls. This very same technology was being used to broadcast me to the internet for five years without my consent. I own this footage. Please use this to prosecute all found within. Note:: I am obliviously speaking throughout the video, and it can be quite loud at times relative to the desired content. The are dozens more links, including these, that can be found in this 163 page PDF doc, last updated Feb15'20:
-Accepts a $3 billion dollar bribe at 10:33am on the 17Jan2019 to ensure Asian boys can get through the border at "Monterrey" undocumented to be raped:
Speaker Nancy Pelosi also "preps" boys with First Lady Melania Trump, defined as in she performs oral sex on the boys’ penis and anus, just as a child rapist like Henry Porter would, while trying to remove fecal matter from the boy prior to handing them over to be raped and then subsequently murdered, for Supreme Court Justice Samuel Alito, who apparently decides he would rather just have ten billion dollars instead. US Attorney for Western New York James Kennedy rapes boys also:
81 comments
[ 3.0 ms ] story [ 108 ms ] threadFrom what I understand he was attributed many IPs by creating shell companies and rented these IPs to VPN providers.
Perhaps he violated the terms and conditions of his contract with ARIN and should have had the assignments cancelled but where does the criminality come in?
Creating shell companies is not illegal, using a name fir yourself that isn’t your legal name is not illegal, doing either of those things in order to trick people into giving you money is.
Are there grey areas? Sure. In particular there's a passive sort of deceit in which you let people assume things that you know aren't true, to your benefit. Mostly the law holds that it's their mistake for not asking, and anyway they'd usually be far too embarrassed to make a fuss if they realise their error.
I don't see that here, the plan was explicitly to trick the RIR into giving them resources they were otherwise not entitled to. Those resources were for everybody to share, they're stealing from you and it's appropriate to prosecute for fraud.
The last time I looked which was a couple of years ago there was nothing in the ARIN TOS that said "you can only control one entity that applies for resources".
Joe Schmoe Enterprises, Inc, Joe Schmoe, LLC, Joe Shmoe Fishing Services, Inc are different legal entities even if Joe Schmoe, Jr owns all of them.
I presume the specific problem will have been when Joe Schmoe lied on the paperwork for IPv4 delegation to Joe Shmoe Fishing Services not mentioning that Joe Schmoe, LLC already has also applied, as has Joe Schmoe Enterprises, Inc. I'm not in ARIN's region, so I haven't seen their paperwork, but analogous paperwork in RIPE for example asks you about Related Entities because you're not entitled to duplicate resources just by asking more than once.
Except if you're a magician, of course!
The goal is to create a scenario in which the audience knows they were tricked but can't figure out how. So you don't lie and say this is a random audience member when it's actually an employee "stooge". But when you're giving the genuinely random audience member a "free choice" of cards you don't need to explicitly tell the audience that, duh, as a magician you're not giving anybody a truly "free choice" of anything actually and you knew immediately which card they picked even without seeing it. That sort of thing.
Have you seen a list of list of all telco companies that are together AT&T which exist solely to allow AT&T to limit liability, create a separation of entities for qualify under some rules for some other entities, etc?
When MCI Worldcom filed for bankruptcy the list of the entities that it covered took a couple of pages in major newspapers.
Pull down the whole court doc, it’s pretty clear his intentions.
I "obtained" 2^32 IPv4 addresses pretty easily; not sure if it's legitimate or not:
Edit: Well, this was unpopular. In case it's too subtle, my point is that the title is terrible.Think about if the title said "800K email addresses obtained illegitimately", and what you would interpret the meaning of that to be.
This seems like a particularly weird hill for you to repeatedly die on.
>printf("$100");
For IPs addresses, I would think they got an assignation as well, because IPs numbers without assignations are worthless.
It all depends on the context.
consider the headline "obtained 800k email addresses illegitimately". would you really assume that this meant they were able to receive email at those addresses, or just that they'd obtained the addresses?
He did keep track though of which VPN operator used which range at any given time, so perhaps the "true originators" could be traceable after all, assuming the VPN owners were willing to co-operate. In any case, he is only being prosecuted for (1), and the immediate reason for this is that a couple of US politicians were hacked with attacks originating from these addresses.
I've looked up wire fraud in the US and it seems to come with some properly serious penalties:
Whoever, having devised or intending to devise any scheme or artifice to defraud, or for obtaining money or property by means of false or fraudulent pretenses, representations, or promises, transmits or causes to be transmitted by means of wire, radio, or television communication in interstate or foreign commerce, any writings, signs, signals, pictures, or sounds for the purpose of executing such scheme or artifice, shall be fined under this title or imprisoned not more than 20 years, or both. If the violation affects a financial institution, such person shall be fined not more than $1,000,000 or imprisoned not more than 30 years, or both.[4]
Advertisement tends to deal in opinions, not facts. And where specific factual claims are made against better knowledge it does constitute fraud, and is occasionally prosecuted. See Volkswagen's emissions claims, for example. Or, just this week, some hand sanitiser got hit by the FDA for claiming protection against Ebola and Coronavirus.
The wikipedia page says a "puff piece" is journalistic puffery. Neat, I hadn't made that connection.
[0] https://en.m.wikipedia.org/wiki/Puffery
I didn't know there was a formal term for this. Splitting up money transfers to avoid detection of large sums moving around.
This is possible only because, while ICANN charges each registry when they acquire a domain, ICANN refunds that if they give the domain back within some time period.
[1] https://www.icann.org/registrar-reports/accreditation-qualif...
They knew exactly what they were doing.
The legal system does not operate like a computer program.
The publicly discussed components here are but a small piece of a complex and sloppily run scam organization.
Look up the judgements under these businesses over the years at various web hosts. These companies would enter long contracts and eventually stop paying.
Well, my understanding is any data is ‘personal data’ if you can use it to identify a user, can be combined to identify a user or can be aggregated to an identified user.
For example, list of addresses themselves are not personal data. Everybody has access to addresses, you can get them at the post office for example when you try to look up code for the address.
But a list of addresses of creditors (ie. address + some non-identifying context information) is personal data.
I do not know GDPR well but given just that example I would say there is some more nuance.
\\$Download the video-audio file, put on headphones and turn up the volume. You will hear these people committing these crimes. Audio was broadcast into my apartment by outdated surveillance equipment illegally embedded within my walls. This very same technology was being used to broadcast me to the internet for five years without my consent. I own this footage. Please use this to prosecute all found within. Note:: I am obliviously speaking throughout the video, and it can be quite loud at times relative to the desired content. The are dozens more links, including these, that can be found in this 163 page PDF doc, last updated Feb15'20:
https://drive.google.com/file/d/1S7T_kDv48E40eHzus6CTXHxcm0W...
All members of the "Illuminati"; "....an underground organization of homosexuals and child rapists..." (page 26: Barack Obama with Jack Dorsey).
President Donald Trump:
Demands $4 billion dollar bribe here at 10:18am on the 4Jan2019:
3JanCh3_900-1100.avi
https://drive.google.com/file/d/1Grdr8xF2psKNsuYlEnl9dIRV-77...
3JanCh2_900-1100.avi
https://drive.google.com/file/d/1LUmVygl_q0XVs8h2cWr8jZl-24f...
3JanCh4_1000-1100.mp3
https://drive.google.com/file/d/1ZpP1pJbJakBgg-y-MWNozTxp3wJ...
President Trump rapes and kills a 12 boys, including f5 boys in a 'who can rape 5 boys to death the fastest' game:
14JanCh3_600.mp3
https://drive.google.com/file/d/1ufPmglde9Mep0m6xYMJ9c4TWTjj...
14JanCh2_600-700.mp3
https://drive.google.com/file/d/136qLJdEn8eCs9tI4QtIxl4opW_L...
Speaker of the House Nancy Pelosi:
-Accepts a $3 billion dollar bribe at 10:33am on the 17Jan2019 to ensure Asian boys can get through the border at "Monterrey" undocumented to be raped:
17JanCh3_949-1100.avi
https://drive.google.com/file/d/1eodHu4o5Cm3xEWhDqipSuTj-M1C...
17JanCh4_1017-1100.avi
https://drive.google.com/file/d/1y-nWEQbempkVZSz230j9wTyduZN...
Speaker Nancy Pelosi also "preps" boys with First Lady Melania Trump, defined as in she performs oral sex on the boys’ penis and anus, just as a child rapist like Henry Porter would, while trying to remove fecal matter from the boy prior to handing them over to be raped and then subsequently murdered, for Supreme Court Justice Samuel Alito, who apparently decides he would rather just have ten billion dollars instead. US Attorney for Western New York James Kennedy rapes boys also:
12JanCh3_1533-1638.mp3
This is in the FAQ at https://news.ycombinator.com/newsfaq.html and there's more explanation here:
https://news.ycombinator.com/item?id=10178989
https://hn.algolia.com/?sort=byDate&dateRange=all&type=comme...