New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Comments
Huh? Are you nuts? I am not asking you this to insult you however everytime when I see how your big imagination work I remind myself that I am in discussion with a person with complete lack of common sense, person who fill gaps in own understading with imaginary things instead facts. Anyway, to correct you "Spirit" (this means me!) never said or meant this what you're claiming so please don't put words in my mouth with try to build argument with that. Its just ridiculous....
Who is this RBN company? Sounds like a quality outfit with a thrilling novel waiting to be written.
Indeed, it's quiet interesting. I can recommend reading this paper on them if you have some spare time
Killer @gsrdgrdghd. Thanks. A whole research paper about them. This is fabulous!
Russian business network. Related to @Maounique arguments:
http://en.wikipedia.org/wiki/Russian_Business_Network
If you mean that, no, that is no fairy tale, I was talking about legally registered businesses that maintain all required records and comply with all legal obligations.
If they didnt, they were never a suspect, they would have simply not been authorized to exist.
You try to say that a legally created and operated business in US can be used as a front for cyber-crime and police needs to pull some drives in a computer in Germany to get confirmation.
It is fun and made me laugh, but it is not possible.
No, that's what you're saying, that's how you simplified understand things + add a bit of your own. This example was strictly related to your unrealistic clamin that webpage, ASN, own IP space should make all things clear to police by default.
As I said, nobody needs clearing by default or not, they need first to be accused, based on some facts, then cleared in a court. If we find the facts AFTER the accusation and search based on accusation only, those facts whould not be admissible in court, because will set a simple precedent, that everyone's private domain can be intruded by the police at any time and without consequences.
This is the old mantra that everyone operating on the internet is guilty until proven innocent and they have to cooperate with police (read give them any data they want or even didnt ask for) in order to be "cleared".
Until we manage to understand that simple fact "everybody is innocent until proven guilty" on internet or not, we are discussing in vain.
Technicalities are used to cover that basic principle of the law, same as the other mantra, "you dont need privacy if you dont have anything to hide".
It amazes me how fast are people jumping in that boat. I guess there is not much hope left.
I just wanted to say @Maounique is a good person. Enjoy his writings. Even if at times, like me, we are idealistic purests.
There are hordes of frauds, fronts, etc. Both hiding behind shell companies as well as deeply entrenched in legitimate companies. Have we forgotten all the big banks and their looting? Enron? Every country has the corporatists who enable mass schemes. For examples the largest US banks laundering billions to trillions a year of drug money.
When we see these raids nearly always centered on small outsider fishies. Pure distraction from the major criminal enterprises. Be it drugs, child abduction and abuse, distressing porn, hacking, etc.
Small companies always get sh@ upon, treated differently, abused. It's part of the madness.
In a country like the US over half of all employed folks are employed by small businesses. All new growth in employment for decades running is in the small business sector, while big businesses get most of the government contracts and corporate handouts.
It's clear that globally, governments and police have about as much respect for small businesses as they do for individual citizens which is quickly approaching ZERO.
As providers and major buyers of services, we need to enact data handling standards, adopt encryption and self police better. Not to be a snitch or a rat, but to actually deal with issues in our own networks and servers. And, we must demand the same uniform treatment as the big companies or hell be it to them.
@Maounique - I am also amazed how you don't know what word "INVESTIGATION" means when you're talking about "accused" and "court".
@pubcrawler - I know, I know.. he's not bad guy at all. But sometimes his complete lack of understanding how things work + mixed with his own utopian ideas about that drive us crazy
That is in fact wrong. The person legally responsible for the server is the one that rented it from the DC and signed the contract, RamHost in this case. If it was prooven that illegal content was hosted on the RamHost server (e.g. by accessing an IP associated with the server) then, until otherwise confirmed, RamHost is the prime suspect and responsible for the actions.
If my IP is hosting illegal content, I'm guilty. The only investigation that needs to be done is to find out if I'm guilty of breaking the law or being used by a tenant. But you can't know which is true until you look.
The internet is often different from the world outside. There are more absolutes. If you trace a cable to the wall of my house and it's going inside, you can be sure that me or my house is involved. You don't need to first assume that there is no connection. I am guilty of whatever is on the other end of that cable until you come in and find out that I was on vacation and it goes through the floor and runs to someone else's house, and I had no idea
Sure it's a strange illustration, but what I'm saying is that if you're wondering who ate the pie and I'm standing over it with pie on my face, you'll assume it was me until I tell you that the culprit shoved my face into it, ate what was left, and ran. First, I'm guilty. Second, I provide a reason to suggest that I'm not. Third, you investigate.
@jarland, the internet is the rental unit model no matter how we look at it.
No idea of who lives in or uses the box in question (box could be computer, house or apartment).
Traditional policing of say a drug house involves monitoring the location, tracking in and out activity, identifying the owner, checking rental registry (if applicable), filming the clowns doing their biz, etc.)
The internet can and should be the same thing.
Obviously prior successful prosecutions or failures dictate in localities the method to the police madness. I think thats what we are all petrified of.
Establishing industry standards for this police and investigative interfacing should be long ago standardized.
Thanks @pubcrawler
If so, then they will get all their servers in an international operation as we hear about many times.
Trusting the provider, they can look much better at the customer's activities, they can obtain multiple copies of his VM, the keys for encryption, most of the time, log everything, etc.
Going after only one server's drives doesnt match either of the 2 possible situations and doesnt help the provider, nor the justice, only the alleged criminal which will undoubtedly know police is after him/her and carefully disposed of all the evidence he/she can think of.
What guys keep repeating? Do you read and see only things you want to see?
That's undeniable fact. What's so hard for you to understand here @Maounique?
Passed on October 12, 1998, by a unanimous vote in the United States Senate and signed into law by President Bill Clinton on October 28, 1998, the DMCA amended Title 17 of the United States Code to extend the reach of copyright, while limiting the liability of the providers of on-line services for copyright infringement by their users.
There are safe harbours in the law, same as renting your house to a criminal, you are not to be arrested because in your rented house there was a murder, only if you knew and helped the murderer, which has to be proven, first.
That dmca provision wasn't meant for that interpretation. If a house has one ISP account and multiple people inside sharing the connection, who is first responsible for the use of the ISP connection? Home owner and or contract holder.
The DMCA protects the provider, not the person reselling or redistributing the providers resources. The person that would protect is the upstream/dc, not the VPS provider.
That's it everyone. I'm out.
@Maounique - I asked you what's so hard for you to understand regarding "If it was prooven that illegal content was hosted on the RamHost server (e.g. by accessing an IP associated with the server) then, until otherwise confirmed, RamHost is the prime suspect and responsible for the actions."
I understand perfectly, only that it is wrong.
A hotel rents rooms and if a criminal rented a room there and shoot the president from the window, the hotel owners are never the prime suspects.
What are they doing for that ? Merely hang a sign at the door (rooms for rent), register as a business in the hospitality area and are known in the neighbourhood.
All those are done by ramhost, therefore they should not be the prime suspect unless the data police had for the warrant against them shows otherwise.
Hotel is zoned for its business, it has codes and permits. A house that you happen to rent out a bedroom of is not the same. It is not nor should it be assumed that a tenent then sub leases. Your analogy would be better if two people got a hotel room and you say the one who signed the papers and paid for the room can't be assumed guilty because its expected that he's going to rent out part of that hotel room, or he should be first asked if he does.
By your logic if I stay in a hotel, shoot the president from the window, I'm not to be considered guilty if I put a sign on the door saying I rented out the couch.
What are they doing for that ? Merely hang a sign at the door (rooms for rent), register as a business and are known in the neighbourhood.
You see and yet you're wrong in your own analogy. This part of a hotel will be closed by investigators. No operation (renting room) will be possible till investigation end. Room will be "confiscated" (ie. unavailable for hotel service) the same way as disks are.
That's why I am saying that your understanding how things work in life have nothing to do with reality...
Nobody said otherwise. The analogy will be that all rooms are locked and everyone in the hotel arrested for as long as police wants, as well as parts removed and taken to the police station for investigation instead of doing that in place.
In the digital world police can save the scene for further analysis almost instantanously without the criminal's knowledge and even more, follow him unseen for as long as they want documenting every step of the way with proof. Unless they suspect the hotel owner is the criminal, in which case saving the scene will be enough, even if the hotel owner will know, that will happen too late as the server is already powered off or at least disconnected from the network.
Instead, they send the SEALs in through the windows and take everyone hostage.
No, no, no... don't mix pears and apples now. We're talking about interrupted operations because police took evidence for investigation and nothing more than that. Your "hotel" analogy perfectly well describe what happens with hotel's room renting operation in case of criminal act in this room. You find it acceptable that police secure room for investigation but not that police secure disks for investigation. Strange views...
From that post it sounds like we agree. They can discuss it with the VPS provider and not make it the perfect shell company if they arrest the VPS provider or remove his access to the server immediately, pending investigation.
Although I still maintain that the accurate analogy is the hotel being the datacenter and the VPS provider being the tenant. Nothing about the relationship immediately demands that the tenant sub leases without requiring their tenants to sign a lease with the hotel owner. It's just like when sharing an apartment you put the other person on the lease or you're liable for everything. VPS providers don't do that, so they can't be expected to he treated as though they are equal suspects with their tenants on initial action, because their tenants have no petition with the property owner, the datacenter. For all legal purposes, the VPS provider is the tenant. To change that, their clients should enter into contracts with the datacenter.
Aha, now I see why you do not understand. There are more points here:
1. Whether ramhost is in need to be cleared or not;
2. Whether taking the disks instead of multiple copies or, why not, even the whole computer to be sure of data integrity, was a good move or not;
3. Whether providers can be prime suspects in investigations of suspicious online activities originating from their IP space or not and as a consequence if it is better to ask them to cooperate or simply snatch whatever evidence could be found at the moment of raid and disrupt operations, tip the real suspect and leave many other customers on the node offline;
4. Whether simple files on a disk/vm can be enough evidence to convict someone knowing that third parties such as friends which had access tot he box/service providers/customers of the tenant/users/hackers/staff/police can tamper with them;
5. Ultimately, was justice served by this action, was there no other way to get more evidence with less disruption ? Wasnt this part of a broader tactic to scare off and set an example out of smaller providers which have no resources to fight this off ?
There are many aspects involved here, and it isnt clear at times which is the main subject of the post so it is easy to get lost especially if English is not our main language.
If you own your own building for your business (hotels, datacenters, offices) you are less likely to be suspected of a crime, while it's still possible.
But we are too smart for the police whatever: take a lool at Tor, is beating China's firewall for example for years. And if I buy server parts, put it in a case, remove cases from drives etc and solder it ALL on the motherboard and solder the rackmount case they will have a hard time getting in it.
Now if I program a chip to detect if a security cord (that police would pull) is pulled out it will erease the drives. There is also a battery back-up unit in case they pull the power cord first. I also ship the server under fake name, adress and use a prepaid credit card on a random name. I also only access my server IP and e-mailbox that I use to have conact with the DC using Tor.
So they have nobody to be in court and no evidence, great, and that won't take more than a few cups of coffee, some DIY tutorials and some basic skills.
Good ideas @Mitchell
Tor though, don't do it, don't bank on it, don't trust it.
Who funded Tor
?
And I say it is still much easier to find IPs to do illegal stuff without all that work.
As I outlined in numerous posts, botnets, hacked boxes, open wifis, WEP wifis, stolen phones, stolen credit cards, identities, one-use debit cards, SIM cards sold by automatic distributors, a trojan in your neighbour's computer, your coleague at work, Tor, Freenet, i can put a wall of text of ways to do it which are safer, easier, free or all of the above.
This is not targeting crime fox, at least it looks that way, or they are really having the IQ of a plant which I dont buy because in other cases they were very good.
Let's just shutdown the internet and chase dealers again?