News
Spam Wars: Where Are The Feds?
The FTC's HerbalKing operation grabbed a lot of headlines; the McColo takedown cut spam
By Robert McMillan, IDG News Service (San Francisco Bureau)
McColo was on the federal government's radar, as are dozens of other service providers worldwide that are known providers of so-called bulletproof hosting services, which are never taken down, despite complaints, according to a source in a federal law enforcement agency who spoke on condition of anonymity because he was not authorized to speak to the press.
While researchers may feel they have a case against McColo, it's another thing entirely to convince a U.S. Department of Justice attorney to ask for a warrant to seize hundreds of servers, and even harder to get a federal judge to authorize this. "There's a reason why we didn't just go and grab all the servers," he said. "If you want a warrant for hundreds of servers... that's very difficult."
The DOJ and the FBI declined to comment on McColo.
Another problem: The criminals associated with McColo are thought to live in Russia and eastern Europe, where computer crimes are rarely prosecuted. So a successful prosecution would require extradition and that could be very hard to pull off, observers say. "You take down McColo and what you've actually got is one hell of a load for the lawyers at the Department of Justice and very little return, because you've actually got to go outside of the U.S. to pick up the actual culprits," Cox said.
While there's no doubt that the activities associated with McColo are illegal under U.S. law, the idea that you could prosecute an ISP for abetting illegal activity is largely unproven, so any prosecutor that took on this case would be taking a big risk that the case would be tossed out of court.
There is at least one precedent however. On Feb. 14, 2004, the FBI shut down operations at a small Ohio ISP called Creative Internet Techniques in an event the FBI dubbed the Cyber Saint Valentine's Day Massacre. At the time, it was the largest FBI takedown in the organization's history. Nearly 300 servers were seized after Creative Internet, also known as FooNet, was linked to distributed denial of service attacks.
The reason why some security experts have called for a similar takedown at McColo has, in part, to do with the sneaky way that McColo's customers were disrupted. Researchers say that McColo computers weren't actually sending out spam, just running the command and control servers that marshalled an estimated half-million infected botnet computers. These infected machines would take their instructions from servers on McColo's network, but should those computers ever be knocked offline, they were given several other backup Internet domains to check for commands.
HerbalKing
Security Directions: A Virtual Conference
Available On Demand Sept. 30 - Dec. 30
Join us for a virtual event with candid, expert information on top security challenges and issues - all from the comfort of your desktop.
Protecting PII: How to Work with IT to Manage Risk
Understand the critical nature of the test data privacy problem and get tips on how to work with IT to implement a test data privacy program.
- Log Management in a Cyber World
- Implementing Best Practices for Web 2.0 Security
- Upgrading to VMware vSphere with vWire
- Removing Barriers To Better Server Virtualization Efficiency
- Practical Approaches for Securing Web Applications across the Software Delivery Lifecycle
- Staying A Step Ahead of the Hackers: The Importance of Identifying Critical Web Application Vulnerabilities
Get instant notifications when whitepapers, webcasts and case studies are added
to our library. Sign up for a Resource Alert now!
CSO Corporate Partners
CSO Perspectives
-
April 5-7, 2010Hyatt Regency Santa ClaraClick here for more information!
Santa Clara, California
(ISC)2 members can earn up to 24 CPE Credits!
