| ▲ | supportengineer 11 hours ago |
| I will never understand why there isn’t an international law enforcement agency with teeth, which can get rid of the bad actors. |
|
| ▲ | dylan604 7 hours ago | parent | next [-] |
| Because every single nation would have to sign on to it allowing said agency to ignore sovereignty of each nation to come in and do their policing. You'd also need to have every country not actively involved in these types of schemes yet we know some governments are directly benefiting from the scams/theft their citizens are perpetrating. You'd also need to have every country think the things you want to police against are wrong. Again, we know that's just not true. |
| |
|
| ▲ | Aurornis 10 hours ago | parent | prev | next [-] |
| International DDoS busts and arrests do happen all the time. Law enforcement takes time. The perpetrators of these attacks aren't hanging out in the open with their full names shielded only by the hope that their country won't extradite for political favor. By the time the perpetrators are identified and a case is built, getting them charged isn't bottlenecked on the lack of an international agency. Any international law enforcement agency would be beholden to each country's own political wills and ideals, meaning any "teeth" they had would be no more effective than what we currenly have for extraditing people or cooperating with foreign police organizations. |
|
| ▲ | Y_Y 10 hours ago | parent | prev | next [-] |
| The international organisation for stopping wars, human trafficking, money laundering, drug distribution etc. however capable they might be, haven't managed to stamp out any of those things. I'd say a putative UN NetWatch would suffer from the same issues of funding and corruption and politics, but still we might have something better than this wild west lawlessness. |
| |
| ▲ | halapro 10 hours ago | parent | next [-] | | > have something better than this wild west lawlessness. Careful what you wish for. Before you know it you can't have an IP without your ID. | | |
| ▲ | immibis 10 hours ago | parent [-] | | This is already the case in Germany and many other countries. Same for phone numbers. On the other hand, I get no spam calls, and I can't access the sites on https://cuiiliste.de/domains - censorship is amazing. | | |
| ▲ | fc417fc802 5 hours ago | parent | next [-] | | If spam calls is the price I have to pay to avoid censorship then I'm okay with that. We need resilient decentralized protocols, not centralized authoritarian bodies. | |
| ▲ | bak3y 10 hours ago | parent | prev [-] | | Yes, surely the German government telling it's people what to do has never gotten them in trouble in the past... |
|
| |
| ▲ | mmooss 5 hours ago | parent | prev | next [-] | | > The international organisation for stopping wars, human trafficking, money laundering, drug distribution etc. however capable they might be, haven't managed to stamp out any of those things. They've never been expected to "stamp out" those things, any more than a city police department is expected to stamp out all crime and doctors are expected to stamp out all illness. Their mission is to reduce those things: For warfare, they have been extremely successful relative to human history. War has actually become taboo and illegal, and very few happen. Look at history before the UN - it's a miracle. Think of the vision and confidence of people who, looking at 10,000 years of human history, immediately after two world wars, thought it was even possible, came up with effective strategy, did the hard work, and accomplished it. I don't know the details of the other fields. > I'd say a putative UN NetWatch would suffer from the same issues of funding and corruption and politics, but still we might have something better than this wild west lawlessness. Politics and funding, and corruption, come with every human institution over a certain size, and especially with governments which can't exclude undesireable people: Democratic governments are the least corrupt, but if the people elect a corrupt representative or executive, then nobody can kick them out (unless they commit prosecutable crimes). And now imagine an association or confederation of governments, which is what the UN is. So yes, the goal is to make something better. Otherwise, we might as well quit on everything. | |
| ▲ | c0balt 10 hours ago | parent | prev | next [-] | | > putative UN NetWatch But who will suppress attempts to go beyond the blackwall then? | |
| ▲ | dingnuts 10 hours ago | parent | prev [-] | | [dead] |
|
|
| ▲ | miohtama 7 hours ago | parent | prev | next [-] |
| It's national interest of China and Russia to see the West to fail. Why would they co-operate? They are willing to murder people, West and their own, so "law" enforcement means a bit different in international context. |
| |
| ▲ | mkoubaa 7 hours ago | parent | next [-] | | It is absolutely not in China's interest to see the West fail. This is propaganda | | |
| ▲ | strangegecko 6 hours ago | parent [-] | | China (or at least the CCP, I find the equivocation of the CCP with the country disagreeable) has had the desire or even need to get revenge for their "century of humiliation" for a long time. They have a fundamentally different government and social model, basically a one person dictatorship that feels the need to micromanage and control their populace. They absolutely love seeing democracy and businesses associated with it fail because it reinforces their perspective of the CCP model being superior and thus strengthens their perceived legitimacy (or even inevitability) of CCP control over China. | | |
| ▲ | mkoubaa 6 hours ago | parent [-] | | A rivalry, wanting to score points, wanting to gain standing at the expense of another, are all things that do not have much to do with wanting your opponent to collapse |
|
| |
| ▲ | tw1984 3 hours ago | parent | prev [-] | | Typical brainwashed view. It is China's national interests to see a stable America that can continue to maintain the post WWII world order that benefited China so much for so long. Without the US, who is going to maintain peace in the middle east, Africa and other places? without such peace, how could China export its goods and services? "West" != America. Your claim also implies that China and Russia are operating on the same level. That is laughable at best - Russia is a failed rogue state with the economic size comparable only to a Chinese province, it is left behind in ALL modern techs and its military hardware are aging fast. It is the complete opposite of the path took by China. |
|
|
| ▲ | sva_ 10 hours ago | parent | prev | next [-] |
| Since this is a distributed attack, I'm not really sure how that enforcement would look like? Am I missing something, are all these bots/zombies easily selectable and blockable? |
| |
| ▲ | toast0 10 hours ago | parent [-] | | Investigative powers should be able to at least find and seize the command and control servers, and hopefully track down people operating the command and control servers. Some sort of international clearing house for ISPs to help identify and sequester compromised customers might be nice, too; but that doesn't need law enforcement powers; and maybe it already exists? |
|
|
| ▲ | 0xbadcafebee 2 hours ago | parent | prev | next [-] |
| > international law enforcement agency You mean Team America, World Police? Besides the fact that not much happens in the international public sector, law enforcement is more about deterrence than prevention. Criminals aren't deterred by law enforcement, so the bad actors never stop. Human nature's a bitch. If they did focus on prevention instead, most of this could be... prevented. Create a treaty that mandates how critical infrastructure technology is created/sold. Consumer routers will stop being shit at security, and home devices are slowed-down in upstream spamming. That's a good chunk of the denial-of-service market gone, with no need to police the world. ...but the criminals are smart and intentionally avoid attacking the powerful, so nobody cares. Same reason organized crime still exists. It's poor people caught up in gang violence and crime, not rich people, so it persists. |
|
| ▲ | zipy124 10 hours ago | parent | prev | next [-] |
| Because countries benefit from conducting cyber warfare, the most publicised of are north Korea and Russia which have large state sponsored hacking groups. |
|
| ▲ | bsder 7 hours ago | parent | prev | next [-] |
| If we were all running IPv6, we could just block this crap. But here we are in 2025 still running IPv4 with CGNAT, so we can't. |
| |
| ▲ | kundi 6 hours ago | parent [-] | | What difference would it make? | | |
| ▲ | bsder 6 hours ago | parent [-] | | You can block the specific offending IPs without collateral damage. CGNATs reuse IPs so any IP block rule fairly quickly becomes somebody else's IP that you shouldn't be blocking. If, however, you use IPv6, you don't need CGNAT and, while addresses may change, a blocked address won't suddenly get recycled to an unsuspecting user. In addition, if the allocation is static, you can block the whole network range and the problematic devices can't change their allocation sufficiently to escape the IP block. |
|
|
|
| ▲ | poszlem 10 hours ago | parent | prev | next [-] |
| Perhaps because, in many cases, the very governments responsible for enforcing it include the bad actors themselves. |
|
| ▲ | kachapopopow 10 hours ago | parent | prev | next [-] |
| the real reason why these are a problem in the first place is because of cgnat and transit providers not implementing flowspec. but these bad actors are not possible to track down in the first place since internet is unfortunately decentralized and things as simple as transactions submitted to bitcoin or etherium blockchain can be used as c&c |
|
| ▲ | Thaxll 10 hours ago | parent | prev | next [-] |
| Because it's not technicaly possible, I mean we're on HN, we all know how internet works. |
| |
| ▲ | dijit 10 hours ago | parent | next [-] | | You should talk to a network engineer before making claims like this. There are mechanisms to curtail DDOS attacks at origin. For a few reasons (political, economical) there’s little will to enact them, these attacks are so few and far between and you can pay your way out of them in most cases, so the incentives aren’t there for ISPs (whom are a commodity judged primarily on price and bandwidth) | | |
| ▲ | m00x 10 hours ago | parent [-] | | How exactly would you keep the origin from sending a command to a botnet? | | |
| ▲ | dijit 10 hours ago | parent [-] | | you don’t stop the message to the botnet, thats impossible: You detect the behaviour downstream and send a signal to the ISP that there is traffic that needs to he rate limited. One mechanism for this is called RTBH (Remote Triggered BlackHole) which relies on community tagged prefixes of addresses exceeding rate limited to be blackholed from
forwarding traffic further in to the internet. There’s also things like flowspec but a lot of things rely on proper trust between ASNs. | | |
| ▲ | Thaxll 9 hours ago | parent | next [-] | | How do you know where it comes from, if they use UDP and change the src of the packets. | | |
| ▲ | Fabricio20 8 hours ago | parent | next [-] | | IP spoofing is pretty uncommon nowadays because everyone has anti-spoofing mechanisms in place and most ASNs often don't forward spoofed addresses outbound. But as the sibling mentioned, even with spoofing, you can still follow the packet trail from your border routers upstream. I think the main thing we are lacking is just responsibility on the ISP side, if someone reaches out complaining that half of your customers are sending ddos attacks, maybe you need to do something about it. Most of these huge attacks are compromised routers or IoT devices (remember Mirai Botnet?). | | |
| ▲ | esseph 7 hours ago | parent [-] | | This is clearly not true, or the CAIDA anti-spoofer project wouldn't exist. https://spoofer.caida.org/summary.php | | |
| ▲ | Fabricio20 7 hours ago | parent [-] | | Just because SOME ASNs don't have it in place doesn't mean it's not uncommon. In the link provided, 80% of all tracked network blocks for ipv4 are blocking spoofing. Though they only track 1000 ipv4 /24 blocks and their data is highly biased towards having spoofable ranges, considering their end goal is identifying spoofable networks! |
|
| |
| ▲ | toast0 9 hours ago | parent | prev [-] | | The Microsoft blog suggests there was miminal source spoofing (although I don't know how they determine that). But if you can't trust the IP source, packet samples from your border router should indicate which upstream is sending those packets ... then you ask them to find the source... eventually you'll get somewhere ... but when the sources are distributed, it's not so helpful to find the source, unless there's a mechanism to stop the source from sending it. When I was running servers that would routinely attract DDoSed at ~ 10 Gbps, I ended up always running a low sample rate packet capture. Anytime I noticed a DDoS, I could go and look at the packets. If you've got connectivity to sink and measure 15 Tbps of DDoS, you can probably influence your providers to take some sampled packet captures and look at them too. Even without clear information from packet captures, 15 Tbps is going to make an impact on traffic graphs, and you can figure out sources from those, although it might be a bit tricky because the attack duration was reported at only 40 seconds, so if someone only has hourly stats, it might be too small to be noticed; but once a minute stats are pretty common. |
| |
| ▲ | esseph 7 hours ago | parent | prev [-] | | It's not that simple and hasn't been for awhile. There's layer upon layer of relays now, and meshed C2C networks. Lots of DNS fastflux too |
|
|
| |
| ▲ | SirMaster 10 hours ago | parent | prev [-] | | I heard it's a series of tubes. |
|
|
| ▲ | m00x 11 hours ago | parent | prev | next [-] |
| How would you even enforce this if the offending country doesn't agree? |
| |
| ▲ | dijit 10 hours ago | parent | next [-] | | Limit their upstream connection to the rest of the internet via allied countries. Literally the same as economic sanctions. The internet is a network of peers “trading” bits and bytes after all. | | |
| ▲ | m00x 10 hours ago | parent | next [-] | | This won't do anything. The attacks are not from the offending countries they're from botnets of compromised devices. North Korea doesn't care if you limit their internet they already allow people to go outside their own. | | |
| ▲ | dijit 10 hours ago | parent [-] | | perfect, then we just nullroute at source with Flowspec, even if we change the goalposts a thousand times in this thread there does exist a technical solution to this problem. Just not enough economic or political incentive to pay for it. | | |
| ▲ | m00x 5 hours ago | parent [-] | | It's not changing the goalpost. You're just describing a solution that are heavy-handed, yet incredibly easy to circumvent. |
|
| |
| ▲ | immibis 10 hours ago | parent | prev | next [-] | | America already limits its upstream to China and Russia through a private companies such as Cloudflare and Spamhaus. It's often the case that for Chinese users seeking to escape censorship, once they've worked their way through the Chinese Great Firewall, they find themselves in front of the American one. | |
| ▲ | 7 hours ago | parent | prev [-] | | [deleted] |
| |
| ▲ | Drunkfoowl 10 hours ago | parent | prev [-] | | [dead] |
|
|
| ▲ | discordance 6 hours ago | parent | prev | next [-] |
| Who would they take orders from? |
| |
| ▲ | unnouinceput 6 hours ago | parent [-] | | from those who pay them. They are a service for hire. you can hire them if you want and have the dough. |
|
|
| ▲ | stackedinserter 3 hours ago | parent | prev | next [-] |
| Who is going to elect and oversee them? I don't want to be governed by China or Russia. |
|
| ▲ | daedrdev 6 hours ago | parent | prev | next [-] |
| many countries sponsor these attackers |
|
| ▲ | victorbjorklund 7 hours ago | parent | prev | next [-] |
| do you really think for example America would allow say Chinese prosecutors to arrest Americans on American soil and take them abroad to sentence them in a court that America has no influence over and then throw them in a prison which America doesn’t control? |
| |
| ▲ | Aachen 7 hours ago | parent [-] | | When the deed is illegal in both places, they can be tried under either jurisdiction and convicted instead of continuing to roam free and fuck up the open web for everyone else. Yes I do think we'd want that Borders currently get in the way but we needn't have law enforcement on foreign soil to solve that. Exchanging information and reliably acting upon it could be all these agencies need to do in their respective countries. When this proves effective aside from crime states that have no interest in upholding even their own laws (since dual illegality would probably be a prerequisite for any of this), they may eventually find themselves increasingly cut off and distrusted until they, too, cooperate or self-isolate like NK | | |
| ▲ | anonym29 6 hours ago | parent [-] | | Bad news, implied criticism of CCP policy (by acknowledging you'd change it) is an imprisonable offense. You're under arrest for violating the laws of China. You are not granted a trial. A joint unit comprised of the Ministry of State Security and the FBI will be at your house to pick you up and fly you to a Chinese black site tomorrow morning. |
|
|
|
| ▲ | morkalork 11 hours ago | parent | prev | next [-] |
| I'm sure you could come up with at least few ideas why it hasn't happened |
|
| ▲ | 2OEH8eoCRo0 7 hours ago | parent | prev | next [-] |
| What countries do you think these bad actors reside? Russia, China, Iran, and NK will wipe their ass with any law enforcement request. |
|
| ▲ | mkoubaa 7 hours ago | parent | prev | next [-] |
| Those exist but they might have a different idea of what makes an actor bad than you and I. Just look at what happened to Julian Assange. |
|
| ▲ | mihaaly 9 hours ago | parent | prev | next [-] |
| Legal systems are so convoluted and so colossally heterogenous - also very protective of their ways - around the globe that miniscule collaborations require grandiose efforts to initiate and maintain. No chance these fast paced adversaries will be caught by the interplay of several dozens of reluctant dinosaur legal systems. Tangential: once I was targeted by a pretty primitive scam. More than 10 years ago (after someone I love was naive and inexperienced, having a medium amount stolen in a sensitive and stressful time of this person's life). I recognised fast and having time and will I sarted to play along, pretending I bite the bait. Collecting info while acting. In parallel trying to connect local and international authorities to report an ongoing scam effort. I believe I tried 4 organizations in 3 different countries apparently involved, I believe one was dedicated to online scams, also trying to warn Western Union, they are about to be used for scam. I even went personally to a police station locally to get some advice on how to assist catching the criminals. Since all I encountered insisted to report my damages, so they could start an investigation on an actual loss happened, I furiously gave up and decided whenever I will be having financial trouble I will invest my efforts in scamming others. No-one cares catching those in act! So the thugs can be incredibly bold and dumb, like the one I encountered, it is no effort doing better. |
|
| ▲ | Hikikomori 10 hours ago | parent | prev | next [-] |
| America gonna allow someone else to regulate them? |
|
| ▲ | trollbridge 11 hours ago | parent | prev [-] |
| I mean, America can’t do anything about scam phone calls aimed at seniors who forge caller ID of local hospitals. |
| |
| ▲ | lossyalgo 10 hours ago | parent | next [-] | | As alluded to by morkalork, they definitely could if they wanted to, as the (most? of the) rest of the world doesn't seem to have this problem. As long as spammers keep paying telecoms & no law(s) forbidding this exist, it will continue. edit: grammar | | |
| ▲ | toast0 9 hours ago | parent [-] | | > As long as spammers keep paying telecoms & no law(s) forbidding this exist, it will continue. That's the trick. A lot of countries bill calls to cell phones at 10 cents a minute; in the US, calling is near zero cost. The US makes a great market for scammers to target because of low operating costs, penetration of globally usable payment cards, minimal language diversity. Of course, these scams are forbidden by law, but that doesn't change the economics. Very few scam shops get busted; especially when most of them run from outside the US. STIR/SHAKEN helps a bit, but not much... without a effective mechanism to report unwanted calls that leads to those callers being ejected from the network as well as ejecting providers that are unresponsive to reports, there's not really hope of progress. |
| |
| ▲ | morkalork 10 hours ago | parent | prev [-] | | Can't or won't? | | |
|
