Slashdot Mirror

← Back to Stories (view on slashdot.org)

After Links To Cybercrime, Latvian ISP Cut Off

Posted by timothy on from the people-interpret-jerks-as-damage-and-route-around-them dept.

alphadogg writes with this Network World story, excerpting "A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers. Real Host, based in Riga, Latvia was thought to control command-and-control servers for infected botnet PCs, and had been linked to phishing sites, Web sites that launched attack code at visitors and were also home to malicious 'rogue' antivirus products, according to a researcher using the pseudonym Jart Armin, who works on the Hostexploit.com Web site. 'This is maybe one of the top European centers of crap,' he said in an e-mail interview. 'It was a cesspool of criminal activity,' said Paul Ferguson, a researcher with Trend Micro."

7 of 116 comments (clear)

  1. Re:They'll move elsewhere by Zocalo · · Score: 5, Informative

    Probably not. The ISP in question, Real Host, appears to have only had a single upstream to the Internet via the Scandinavia ISP TeliaSonera and it was TeliaSonera being threatened with sanctions if they continued to provide connectivity to Real Host that resulted in the disconnection. Chances are that the operators behind Real Host (there is evidence to suggest at least some are ex-RBN staffers) are looking for other ISPs to provide them connectivity at this moment and Real Host with be coming to an Internet Sewer near you Real Soon.

    --
    UNIX? They're not even circumcised! Savages!
  2. Re:Censorship by Anonymous Coward · · Score: 1, Informative

    This has nothing to do with net neutrality anyway.

  3. Re:They'll move elsewhere by AigariusDebian · · Score: 5, Informative

    That is not net neutrality.

    If you connect to the Internet you are an equal peer on it - you can receive and send data. You have the right to set up services just like bbc.co.uk can. If your ISP cuts you connection without a court order (a court that has jurisdiction over you), then it is a violation of net neutrality.

    Traffic shaping based on the destination (or source) of the traffic is also a violation of net neutrality, traffic shaping to prioritize some protocols over others is not (unless a phone company reduces the priority of all VoIP traffic to zero).

  4. Re:They'll move elsewhere by mikael_j · · Score: 4, Informative

    Actually, what happened was that Real Host was getting its connection from Junik which in turn gets its upstream from TeliaSonera and TeliaSonera pressured Junik into cutting off Real Host.

    /Mikael

    --
    Greylisting is to SMTP as NAT is to IPv4
  5. Re:They'll move elsewhere by Zocalo · · Score: 3, Informative

    Yep, my mistake. TeliaSonera was threatening Junik with sanctions if they didn't cut Real Host off. That's what happens when you go from memories of a late night... There's some more background info on the Zeus trojan that Real Host was running the C&C servers for, including a rather incriminating AS map, over at HostExploit. Given the nature of the last couple of hops and liklihood of some RBN involvement, I'm actually inclined to believe that Junik is either a front or is seriously in someone's pocket...

    --
    UNIX? They're not even circumcised! Savages!
  6. Re:Throw the baby out with the bathwater by dkf · · Score: 2, Informative

    A real problem here is that if upstream providers do this sort of thing, there is no limit to their power. We're not talking about any court action, any due process or any other legal nicity. We are talking about vigilante action and mob rule.

    You agreed to abide by your ISP's AUP when you signed up for their service. I know this because I'm damn sure that it's a condition of the service agreement, and I'm sure that any court would view that as a reasonable and proportionate thing to impose. Yes, there is collusion between ISPs on this; no legit ISP wants anything to do with the likes of the scum behind the RBN...

    --
    "Little does he know, but there is no 'I' in 'Idiot'!"
  7. Real Host is not an ISP by ACS+Solver · · Score: 3, Informative

    The summary is quite wrong, though I do not blame the submitter. All English and Russian language sources that I can find state that supposedly Real Host, an ISP, got cut off. That is not actually so.

    Real Host is some company that is running fraudulent operations and other crap, making use of the Zeus botnet. Real Host rented servers from Junik, which is an ISP. They're a small ISP connected upstream via the Latvian branch of Telia. And the story now is that Junik cut off Real Host's access and revoked the servers they rented. Real Storm itself doesn't appear to be linked to Latvia in any real way. They use an address in Kazakhstan as the legal address from where the IP blocks are leased, the botnet itself is being linked to a Russian group of hackers. And they chose Latvian servers to rent, which doesn't make them a Latvia-based group.