The Federal Trade Commission (FTC) announced yesterday that a federal judge shut down a rogue ISP (Internet Service Provider), that knowingly participated in a wide array of illegal activity.
Pricewert LLC, which operates under several names like 3FN and APS Telecom, was allegedly colluding with and catering to criminals who distribute a wide range of malicious content fueled by botnets. These spam e-mails contained illegal porn, spyware and phishy e-mails containing malicious code (malware, crimeware). So far as the illegal porn, it included pictures of minors, bestiality, violence and incest.
The company allegedly even advertised in underground Internet forums set up to facilitate communication between cyber criminals. The FTC also alleges that shielded their clients by ignoring take-down requests by the online security community and shifting activity to their other Internet protocol addresses to hide it.
Although the service is registered in Oregon, the ISP is believed to actually be based in Eastern Europe and operated out of California. It is unknown at this point if the owners will be extradited to face justice here in the United States.
The FTC also alleges in the complaint that Pricewert LLC recruited bot herders and deployed botnets – large numbers of compromised computers formed into a supercomputer – by hosting the command and control servers that send instructions to the compromised computers (zombies). The filing also alleges that 3FN controlled more than 4500 malicious software programs capable of logging key strokes, stealing passwords, stealing data and (of course) sending out a lot of spam. There is little doubt that these people are responsible for stealing a lot of money and catering to undesirable members of society.
The NASA Office of the Inspector General (one of the victims); University of Alabama; The National Center for Missing and Exploited Children, The Shadowserver Foundation; Symantec and the Spamhaus Project all were credited with assisting in the investigation.
Security Fix (Washington Post) and the Sunbelt blog mentioned tracking malicious activity back to Pricewert LLC or one of their affiliates in the past several months. Information Week was able interview Vincent Weafer, VP at Symantec Security Response, about Symantec's involvement in the investigation. Brian Krebs at Security Fix interviewed Christopher Barton at McAfee about his perspective on the case. Both Weafer and Barton said they were seeing the criminals move to other ISPs.
To highlight this, Krebs provided a post from a Russian blog that indicates the criminals are moving to other ISPs. 3FN is also allegedly telling their "customers" they will be up and running soon at a new (undisclosed) location.
We might have already seen the precedent of criminals simply moving to "greener pastures" after an ISP take down. Last year, two other ISPs (McColo and Atrivo/Intercage) were taken down. In the aftermath of McColo, spam volumes fell 50 percent. Sadly enough, the spammers and other criminals simply moved to other ISPs (outside the U.S.) and the spam levels have returned to pre-McColo levels.
According to Symantec's most recent monthly report, spam levels are up to 94 percent of pre-McColo levels and it is estimated that 90 percent of all e-mail is spam. This extremely high percentage of spam causes legitimate e-mail to get caught in spam filters, according to Symantec. I have seen this occurring on my personal accounts, more and more, frequently.
While shutting down rogue ISPs is a good thing and is a trend I hope will continue, catching a few of the human rogues behind this activity might lead to a more permanent fix. We need to remember that these people are responsible for abusing people (notably children), larceny on a grand scale and making everyone's Internet experience less pleasant.
One of the reasons cyber crime has grown into such a big problem is that consequences seem to be lacking for those directly involved in it. Of course, some might point the finger at those who enable it, too. Computers and the Internet do not commit crime, people do! Likewise, most of the enablers are people, too.
Until we address the root of the problem and the people behind it, It will be hard to make much progress by simply shutting down an ISP or two. Of course, this doesn't mean that shutting them down isn't a large step in the right direction.
Extradition and aggressive prosecution would greatly complement this latest take down.