Tech CEO Sentenced To 5 Years in IP Address Scheme - Slashdot
source link: https://yro.slashdot.org/story/23/10/17/1912243/tech-ceo-sentenced-to-5-years-in-ip-address-scheme
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
Tech CEO Sentenced To 5 Years in IP Address Scheme
Follow Slashdot stories on Twitter
binspamdupenotthebestofftopicslownewsdaystalestupid freshfunnyinsightfulinterestingmaybe offtopicflamebaittrollredundantoverrated insightfulinterestinginformativefunnyunderrated descriptive typodupeerror
Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today!
Tech CEO Sentenced To 5 Years in IP Address Scheme (krebsonsecurity.com) 30
Posted by msmash
on Tuesday October 17, 2023 @04:01PM from the time-to-face-music dept.In 2018, ARIN sued Golestan and Micfo, alleging they had obtained hundreds of thousands of IP addresses under false pretenses. ARIN and Micfo settled that dispute in arbitration, with Micfo returning most of the addresses that it hadn't already sold. ARIN's civil case caught the attention of federal prosecutors in South Carolina, who in May 2019 filed criminal wire fraud charges against Golestan, alleging he'd orchestrated a network of shell companies and fake identities to prevent ARIN from knowing the addresses were all going to the same buyer.
Do you have a GitHub project? Now you can sync your releases automatically with SourceForge and take advantage of both platforms.
Do you have a GitHub project? Now you can automatically sync your releases to SourceForge & take advantage of both platforms. The GitHub Import Tool allows you to quickly & easily import your GitHub project repos, releases, issues, & wiki to SourceForge with a few clicks. Then your future releases will be synced to SourceForge automatically. Your project will reach over 35 million more people per month and you’ll get detailed download statistics.
Sync Now
-
-
That's only 0.017% of the IPv4 addresses being returned. It's not really going to change the need for IPv6
-
Preach to the choir on that one my friend.
Now go convince my brain dead ISP [ziplyfiber.com] they need to support it. They have a subreddit [reddit.com] where their network types directly interact with customers and all requests for IPv6 are hand-waved away with stupid rationalizations like, "You don't need it for anything" or "We're more focused on expanding and upgrading our network" (because lots of consumers are clamoring for 10G service at $300/mo) while they retain right in fine print (not being implemented yet AFAIK) to put all customers behind CGN, which would be the one thing they could do that'd convince me to fire them in favor of Comcast.
What's particularly insulting is they can't be bothered to spin up a 6rd deployment [wikipedia.org], which can be done with existing provisioning systems, IPv4 only routers, etc., and was the path just about every ISP took before they offered dual stack. They stopped engaging with me after they claimed 6rd would not work on their network, I spun up an instance using resources from work, then sent them packet captures proving it worked just fine.
Since I'm on one of my favorite lonely hill soap boxes, a very special fuck you to Netflix for treating Hurricane Electric tunnels as geo-evasion and blocking them, when they are not useful for geo-evasion. It's trivial to ID the underlying IPv4 address that "owns" an HE tunnel and the IPv6 addresses also geo-locate to the relevant country of origin. No nice way to work around this. Pick one:
1) VLAN off your streaming devices onto a v4 only VLAN, at the expense of breaking Layer 2 functionality like AirPlay and Chromecast
2) Play kludgey DNS games to strip AAAA answers from Netflix owned domains, at the expense of complicating your DNS setup, having it all break when Netflix changes CDNs, etc.Seriously, fuck you for that move Netflix.
-
Having a dual stack requires us to get security right on both sides. We can't do 6-only. We can do 4-only. So we are doing that.
Not endorsing this, just saying out loud what the issue is. If 6 had been 4 compatible, this would already have been done and over with.
-
Making 6 compatible with 4 was never in the cards. The addresses went from 32 to 128 bits. By definition it was never going to be compatible. There was always going to be some sort of transition period where both had to be run side by side. The only thing that's going to put an expiration date on this transition is government/regulatory mandates OR the big boys in the CDN/Cloud space getting together and imposing it themselves. Amazon, Google, Microsoft, they have the collective gravitas to do it, bu
-
I think they could have done a lot more to make it compatible. For example they could have just tackled the address availability issue and not put the kitchen sink into the protocol on a mandatory basis.
I'd think that it would have been possible to keep most of the change to just affecting the core of the internet and boundary routers.
Once a packet gets to an organization, IPv4 address space is almost certainly sufficient. It just needed a new inter-organization addressing feature that defaulted to organiza
-
I believe it would have been completely possible to have modified v4 at the time to accomodate the larger addresses without doing massive surgery otherwise.
The point was that the authors of 6 wanted to fix internetworking as it existed at that moment of time in the mid 90s. Get rid of the dependencies on ARP, get rid of broadcasts, every itch they scratched. Everything works the way that the IPv6 people wanted it to work as opposed to how it worked in IPv4. So no wonder it's a pain in the ass to implemen
-
One great thing about dual stack is that it has hardly affected the good operation of IPv4 networks at all. Any breakage has been confined to the people running the new protocol with the bigger address space. In the alternate universe with two types of end system - "olde worlde" 32-bit IPv4 and "larger addresses" IPv4 - talking directly to each other, it seems like there is a lot more scope for widespread breakage. Dual stack allowed us to gradually (*) ramp up IPv6 and solve bugs going along. For example,
-
-
That sounds good at first glance, but all the networking equipment reading 4-byte addresses is still going to need to be updated and if you're already doing that, then why not add other improvements?
-
-
-
-
-
-
-
›
A lot of the sentencing in the US seems to be lacking a sense of proportion, although this is far from being an extreme example.
Whatever, Land of the Free and all that, and one of the those with the highest proportion of the population behind bars.-
I guess it depends on the IPv4 block. If he had stolen the 192.168.0.0/16 block, we would all be fucked!
-
That is why I use 10. on my internal network.:)
-
-
5 years for not being rich enough to get away with it. Or, rather, not knowing the right people.
Justice in the State seems as random as drawing a value out of a huge hat. Whatever number's written on it, that's how many years of jail you get. -
wait, it get's better, some people that screw others out of millions get 3 years, others get 20.... and murderers can get anything from getting no sentence to getting sentenced to death! we really are whacky the way we sentence people! I kid you not. It is crazy and we 'normal' citizens usually are freaked out over this stuff.
-
For inconveniencing mega corporations. This would've caused a lot of headaches to large enterprises.
-
A lot of the sentencing in the US seems to be lacking a sense of proportion, although this is far from being an extreme example.
Couple things,
1) Under the Federal sentencing guidelines [ussc.gov], the recommended range for a fraud sentence comes down to the monetary value obtained for the fraud. IPv4s are going for around $40 per IP [ipv4marketgroup.com] the last time I checked, which puts the value of this fraud at 29.4 Million.
2) Following the guidelines, assuming he has no criminal history, that dollar amount puts him at an offense level of 28 (pages 82 and 83 from the full PDF [ussc.gov])
3) We can probably subtract 2 levels, since he plead guilty, under acceptance of responsibility (page 376), so now we're at 26
4) Looking at the sentencing table, page 407, that gives a suggested sentence range of 63 to 78 months, or 5.25 to 6.50 years.tl;dr, he probably got a below guidelines range, which is pretty damned rare in the Federal system. It strongly implies he had exceptionally good lawyers (likely, he's rich), a sympathetic judge (unlikely for white collar fraud in Federal system), or he really assisted the Feds with the investigation and they joined defense counsel in asking for a downward departure (exceptionally rare but not unheard of).
Another thing to remember, if he behaves in prison -- "prison" being relative here, he'll be at a minimum security camp that probably won't have a fence -- he'll get credit and can anticipate serving roughly 85% of his sentence. 4 years and change for eight digits worth of fraud.
Now, should IP addresses be worth that much? Hell fucking no. See my IPv6 rant [slashdot.org] above. That's the only reason IPv4 addresses have this insane inflated value attached to them. This problem should have solved a full decade ago. Blame idiot ISPs like mine, idiot enterprise networks admins that are afraid of IPv6 and unwilling to bring it into their networks, and idiot well resourced organizations that should be doing better with IPv6 than they are, e.g., Microsoft, who only this year finally got around to offering geo-location support for IPv6 addresses [microsoft.com] within Azure.:(
-
-
Another poster said we "need IPv6". No, we don't. It's just one of several "hacks" to make it seem like we take IPv4 public address exhaustion seriously.
The original problem wasn't a lack of IPv4 addresses, it was a lack of routing table size. CIDR and BGP[4] made that 1993 problem go away.
Then it was that the powers that be were too much beholden to politically connected organizations so that the initial "stupid large" allocations they doled out they refused to claw back. Good on MIT for returning it'
-
You're totally wrong dude. There are more than four billion people on this planet. Boom, you've already exhausted the IPv4 pool. That's before you account for the fact that people own multiple devices, on multiple networks, e.g., smart phones, and those same people tend to work for employers that also have their own networks.
You can't solve the use case with NAT, there literally are not enough addresses in a 2^32, and it's worth remembering that NAT by design breaks end-to-end connectivity. You can work around this to an extent, UDP hole punching [wikipedia.org] and other kludgy hacks, but those don't always work (lots of NAT implementations break them) and should not be required in any case. If you've ever used FaceTime, to pick a main streamapp you've probably heard of, it prefers to establish a direct peer-to-peer connection and will do so where possible with UDP hole punching. If neither end will allow a UDP hole punch to succeed, it falls back onto a connection routed via Apple's servers, and because Apple doesn't have an infinite bandwidth and server budget, you get a considerably lower bitrate/video quality and non-zero amount of additional latency.
FaceTime is far from the only application that works like this, it's just one of the most mainstream ones, so don't take that explanation as an invitation to shit on Apple. Every outfit offering a video/audio communication solution is confronted with the same dilemma, peer to peer communication is best, but if you want consumers to use your app you need to provide the fallback path and you need to do it without bankrupting yourself in the process. IPv6 would greatly simplify this process even if you assume a large number of endpoints will be behind firewalls that filter inbound connections. (Also something that's arguably less important these days, since we all roam and can't control the firewall everywhere we go, your firewall and other security measures need to be done at the endpoint unless we're talking about a desktop or server that never moves, and even there, you still want an endpoint firewall)
-
NAT is a hack to get 16 more bits out of IPv4's address space for non-serving consumer addresses. Server Name Indication and HTTP Host headers are another hack to route multiple webservices behind a single address using the standard ports 80 and 443.
IPv6 is not just a hack, it's an actual different network protocol which is showing increasing adoption.Originally there wasn't a lack of IPv4 addresses, now there is, and staying on IPv4 defeats any notion that the Internet is a peer network.
Returning / reclass
-
I'm beginning to think that IPv6 was just created as a threat to get people to return the/8s they didn't need.
-
-
-
Compared to some of the crap that has been going down lately where some crooks got off with billions with barely a slap on the wrist if (big if) they got caught, this is the equivalent of putting someone in front of a firing squad for stealing an apple.
Who did that guy piss off, or forget to bribe, that he gets made an example?
-
he was an easy target for a quick conviction. Cops aren't there to keep you safe, they're there to arrest people and put them in jail. Those are the numbers people pay attention to. And crime is way, way down. But we keep throwing more money at them. They gotta do something to look productive.
It's almost as if having a large, militarized police backed by prosecutors with unlimited resources who often use their careers as a springboard into politics is a bad thing....-
If you think prosecutors -- even Federal ones -- have unlimited resources it's safe to assume you've never been a victim of a crime.
At the risk of bringing up politics and current events, one of the legitimate gripes Hunter Biden has, vis-à-vis his gun charge [apnews.com], while it technically is a Federal Felony, it is virtually never prosecuted as a standalone crime. Every single person in this country that smokes pot and owns a gun -- that's millions to tens of millions of people -- is guilty of this crime. Y
-
Crime is NOT way, way down. Prosecution is way, way down due to activist DAs. The best way to make it looks like crime is down is to pretend like it doesn't exist.
-
-
-
"Douche nozzle" is implied by "Tech CEO" aka "Tech Bro", IMHO. It's always sweet to see one of them learn the hard way that the Government's dick is bigger than theirs. I imagine this douche nozzle [wikipedia.org] will be learning that lesson very soon and will earn a lot more than 4 to 5 years in Club Fed for his arrogance. He won't be going to Federal White Collar Resort Prison, like this article's douche nozzle, he'll be going to Federal Pound Me In The Ass Prison.:-)
-
-
-
But it's too little too late.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK