Internet self-administration a la RIPE NCC: An oath of disclosure!

There are many examples of successful self-regulation in business life. One of them is age ratings for films and games. The rating processes are relatively quiet and, despite there being many ratings, there are very few complaints.
The reason for this could be the regulation of the self-regulation, which assigns duties and responsibilities to all parties involved.

RIPE NCC: Epic Fail
The exact opposite of this is self-regulation on the Internet. As early as spring 2018, this blog pointed out the failure of self-regulated services provided by RIPE NCC (Réseaux IP Européens). RIPE NCC is responsible for assigning numbers and names on the Internet for Europe and parts of Asia. Other parts of the world are represented by 4 others organizations of ICANN, the worldwide Internet self-government organization.

Although the article revealed that RIPE NCC provides services to criminal customers, the bad boys are still being served. These criminals pay for membership of RIPE NCC.

But today we have even more information at our disposal. On the website of RIPE NCC there is a presentation which describes the problem even more clearly and in depth: „Criminal Abuse in RIPE IP space„.
The presentation was given by Dhia Mahjoub, PhD, who is Head of Security R&D Cisco Umbrella, at the RIPE 77 Conference. According to his CV, he seems to be a proven expert who has given presentations at several conferences. His presentation was held on 18 October, 2018 and can be downloaded here.

Undoubtedly the most interesting thing about this presentation is the fact that it was held at a meeting of RIPE NCC. In other words: those responsible at RIPE NCC have been aware of the illegal activities of their members since October 2018 at the latest (in addition to the above-mentioned article from spring 2018). But RIPE NCC still allows them to use the Internet for criminal purposes.

In the 64-page presentation, Mahjoub describes how dubious data centers develop infrastructure for criminals with help from RIPE NCC. He examined 30 suspicious data centers of which 11 are in the care of RIPE NCC.

The variety of criminal activities in the network taking place is manifold:
botnets, sending spam, distributing malware, fake shops, fake software, phishing, money laundering, illegal video streaming, Bitcoin mining, Trojans, etc.

Mahjoub names three countries that are noticeable:
Switzerland, the Netherlands and Sweden.

He also gives examples of data centres whose business model is to support criminal activities in total or in part:
Private Layer PA/CH (which appeared in our 2018 blog post), Serverius NL, Worldstream NL, Altushost NL, Felicity NL, Portlane SE, etc.

Mahjoub gives a very detailed breakdown of how the participants are related to each other:

Illustration: Excerpt from the presentation – Private Layer network.

However, the German company Corebackbone is also involved:

Illustration: Excerpt from the presentation – Corebackbone, Germany.


The suspicious players have been well known for years and can pursue their business undisturbed.
The presentation also shows how companies are scattered across different countries which obviously hampers prosecution. The combination Offshore, RIPE NCC and Eastern Europe can be found in many of the companies mentioned in the presentation. It is no wonder that Mahjoub always references offshore letterbox companies that can be found in the Panama Papers:

Illustration: Excerpt from the presentation – How to make a business resilient on the Internet.

The presentation also describes how such businesses are rebuilt over and over again with low investments:

Illustration: Excerpt from the presentation – The recipe of a dedicated hoster.


RIPE NCC: Blind in both eyes – where is the regulation?

Anyone who thinks that the findings from the presentation have changed anything at RIPE NCC will be sadly mistaken. Although very many evil organizations and their criminal activities were clearly mentioned in October 2018, they are all still present and all this with the blessing of RIPE NCC. There is no better way to show that self-regulation of the Internet has failed completely.

RIPE’s refusal to take action against criminal members would be only understandable if RIPE itself were a part of organized crime.
(RIPE NCC’s Executive Board Treasurer, Remco van Mook, was country manager for Equinix in the Netherlands. Equinix provides a wide range of hosting services for Private Layer locations, Panama and Switzerland, as well as Peering in over 5 Data Centers in Europe.) 

Would it not be time for justice and politics to address this problem?
What a crazy world we actually live in, where you make it so easy for criminals. By regulating self-regulation, we could make the Internet much safer for everyone involved.

Volker Rieck is managing director of the content protection service provider File Defense Service (FDS), which works for numerous rights owners. The company also conducts studies on piracy and supports law enforcement agencies with its collected data. His articles occasionally appear on the FAZ,, Webschauder and sporadically on the US blogs The Trichordist and Musictecpolicy. This is always about the various aspects of unregulated content distribution.