Slashdot Mirror

← Back to Stories (view on slashdot.org)

After Links To Cybercrime, Latvian ISP Cut Off

Posted by timothy on from the people-interpret-jerks-as-damage-and-route-around-them dept.

alphadogg writes with this Network World story, excerpting "A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers. Real Host, based in Riga, Latvia was thought to control command-and-control servers for infected botnet PCs, and had been linked to phishing sites, Web sites that launched attack code at visitors and were also home to malicious 'rogue' antivirus products, according to a researcher using the pseudonym Jart Armin, who works on the Hostexploit.com Web site. 'This is maybe one of the top European centers of crap,' he said in an e-mail interview. 'It was a cesspool of criminal activity,' said Paul Ferguson, a researcher with Trend Micro."

22 of 116 comments (clear)

  1. They'll move elsewhere by Canazza · · Score: 5, Interesting

    The questions that should be asked is "Are they closing in on the criminals who set up these sites?"

    Surely with all the information they can get from this rogue ISP they can track down the wankers who run them.

    --
    It pays to be obvious, especially if you have a reputation for being subtle.
    1. Re:They'll move elsewhere by Zocalo · · Score: 5, Informative

      Probably not. The ISP in question, Real Host, appears to have only had a single upstream to the Internet via the Scandinavia ISP TeliaSonera and it was TeliaSonera being threatened with sanctions if they continued to provide connectivity to Real Host that resulted in the disconnection. Chances are that the operators behind Real Host (there is evidence to suggest at least some are ex-RBN staffers) are looking for other ISPs to provide them connectivity at this moment and Real Host with be coming to an Internet Sewer near you Real Soon.

      --
      UNIX? They're not even circumcised! Savages!
    2. Re:They'll move elsewhere by Anonymous Coward · · Score: 5, Interesting

      Thing is rogue antivirus products and such isn't exactly illegal. In USA it can count as misleading advertisement but as we know USA laws dont apply everywhere. This case also is not police investigation, but their upstream provider TeliaSonera just cut them off because it made them look bad.

      We demand net neutrality for pirates and defend laws of other countries. Now botnets and phishing are really bad, but instead of getting to root of the problem these security researchers are purposely destroying net neutrality. TeliaSonera is also upstream provider for The Pirate Bay so they could just suddenly cut TPB's access to the internet. Then everyone would be saying how they're legal in Sweden and they should not be allowed to do that. Well, its the same issue here.

    3. Re:They'll move elsewhere by noundi · · Score: 2, Insightful

      Net neutrality is about isolating "independent" parts of the internet accessable only to those who sign up with a specific ISP, not about cutting off illegal activities entirely. E.g. you sign up with Comcast and you're allowed visit bbc.com, and if you don't you'll have to live without it.

      --
      I am the lawn!
    4. Re:They'll move elsewhere by AigariusDebian · · Score: 5, Informative

      That is not net neutrality.

      If you connect to the Internet you are an equal peer on it - you can receive and send data. You have the right to set up services just like bbc.co.uk can. If your ISP cuts you connection without a court order (a court that has jurisdiction over you), then it is a violation of net neutrality.

      Traffic shaping based on the destination (or source) of the traffic is also a violation of net neutrality, traffic shaping to prioritize some protocols over others is not (unless a phone company reduces the priority of all VoIP traffic to zero).

    5. Re:They'll move elsewhere by mikael_j · · Score: 4, Informative

      Actually, what happened was that Real Host was getting its connection from Junik which in turn gets its upstream from TeliaSonera and TeliaSonera pressured Junik into cutting off Real Host.

      /Mikael

      --
      Greylisting is to SMTP as NAT is to IPv4
    6. Re:They'll move elsewhere by Zocalo · · Score: 3, Informative

      Yep, my mistake. TeliaSonera was threatening Junik with sanctions if they didn't cut Real Host off. That's what happens when you go from memories of a late night... There's some more background info on the Zeus trojan that Real Host was running the C&C servers for, including a rather incriminating AS map, over at HostExploit. Given the nature of the last couple of hops and liklihood of some RBN involvement, I'm actually inclined to believe that Junik is either a front or is seriously in someone's pocket...

      --
      UNIX? They're not even circumcised! Savages!
  2. Re:It's not criminal activity when we do it by noundi · · Score: 4, Insightful

    Perhaps the malice these researchers feel towards Latvia is similar in some way to the anger the RIAA feels towards filesharers?

    Latvia? You're taking things out of context. This is not about Latvia in general, this is about a Latvian ISP responsible for a shitload of spam and botnets. You're free to replace Latvia for any country you wish and it wouldn't make a difference. Also I think it's fair to say that RIAA only serve their interests, whilst spam and botnets concern anybody who uses internet.

    --
    I am the lawn!
  3. Re:Censorship by Canazza · · Score: 4, Insightful

    So you'd prefer to be subjected to DDoS attacks, have your E-mail account hacked and used to send spam, be phished for your credit card details all in the name of Net Neutrality?

    These are harmful activities. Harmful to people, REAL PEOPLE. It is the definition, at least in my eyes, of what crime is: serious irreversable harm to a person or people.

    Botnets sending out DDoS attacks make the Server Admin's job harder. Whatever site it is running becomes locked, likely losing the business revenue they can never get back.
    Hacked Email accounts cause headaches for the person who's account was compromised, it causes headaches for those who recieve it, especially if it came from a white-listed friend, as it means wading through them and deleting them manually rather than have them caught by the filter. And again, most importantly, it makes the server admins job harder, as they have to devise work arounds and filters for Spam.
    And the most serious of all? Phishing for card details. Serious Monetery loss from an individual - they may be able to get it back, but not without a serious fight (My card got skimmed at a shop once, they managed to spend £700 before the bank stopped the card. It was a week before a new card was sent out, and 2 months before I got the money back)

    A whole industry has arisin around fighting these criminals. We're in a Broken Window situation and the only way to stop it is not to fix the window, but to remove the person throwing the stones.

    --
    It pays to be obvious, especially if you have a reputation for being subtle.
  4. Re:It's not criminal activity when we do it by cbhacking · · Score: 2, Interesting

    You may have noticed that there have been stories recently about ISPs who *do* cut off the access of copyright infringers. Without deep packet inspection (which I'm wholly opposed to without a warrant, just making that clear) it's not like they catch anywhere close to all of it, but if they do catch you the contract you signed lets them cut off your access, and they will.

    --
    There's no place I could be, since I've found Serenity...
  5. Centers of Crap by xtracto · · Score: 3, Funny

    This is maybe one of the top European centers of crap,'

    The server 216.178.38.116 is an American server known to have loads of crap too! I hope they also could get it!

    --
    Ubuntu is an African word meaning 'I can't configure Debian'
  6. Re:Censorship by cbhacking · · Score: 3, Insightful

    It's almost certainly against the contract terms that Real Host signed with their upstream provider. Net neutrality has nothing to do with this issue; this isn't packet injection or traffic shaping or anything like that. This is simply disconnecting a client who is in breach of contract and criminal law. In effect, blocking them (as you personally advocated).

    Do you honestly think it should be the responsibility of the rest of the world to deal with these attacks, just because they are sent over the Internet?

    --
    There's no place I could be, since I've found Serenity...
  7. Re:Censorship by X0563511 · · Score: 4, Insightful

    The "powers that be" didn't shut them down. Their upstream provider did.

    Take this analogy:

    --start-bad-analogy--
    I let you watch TV at my house. But, most of the time you are there, you leave trash and shit everywhere, and fail to clean up after yourself.

    So, after enough complaints from my other guests, I decide to kick your ass out.
    --end-bad-analogy--

    --
    For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
  8. Re:Censorship by BadAnalogyGuy · · Score: 2, Funny

    --start-bad-analogy--
    I let you watch TV at my house. But, most of the time you are there, you leave trash and shit everywhere, and fail to clean up after yourself.

    So, after enough complaints from my other guests, I decide to kick your ass out.
    --end-bad-analogy--

    Hey, fuck you. That's my shtick.

    What if I was the one providing everyone a ride that night? You just fucked over all your guests, you inconsiderate asshole.

  9. If there's one kind of cesspool I hate... by Jafafa+Hots · · Score: 4, Funny

    ...it's a cesspool of crap.

    the other kinds are ok.

    --
    This space available.
  10. Re:It's not criminal activity when we do it by Linker3000 · · Score: 4, Funny

    I thought xenophobia was a fear of virtualised environments?

    --
    AT&ROFLMAO
  11. Throw the baby out with the bathwater by cdrguru · · Score: 3, Insightful

    A real problem here is that if upstream providers do this sort of thing, there is no limit to their power. We're not talking about any court action, any due process or any other legal nicity. We are talking about vigilante action and mob rule.

    The idea of "net neutrality" pretty much can be agreed upon that upstream providers do not cut off users for actions that violate the laws of some jurisdiction on their own. Now this may not be a good idea, but if your ISP is prevented from cutting you off for downloading pirated music and movies then a rogue ISP better not be cut off for hosting botnet control centers and phishing web sites. Sorry, you can't have it both ways.

    Of course the real problem is that there is no force of law that can successfully prosecute folks like this. They might even be violating laws in their home country - but how do law enforcement agencies conduct a highly technical investigation when they have no facilities. Not only that, but the whole idea of the Internet makes it extremely difficult to conduct investigations without effectively wiretapping and requires the cooperation of a high level provider. It is difficult to see how such an investigation can be conducted by anyone without lots of resources and financial backing. And cooperation of providers, often at their own expense.

    No, prosecution of such crimes as are alleged on the Internet is very difficult without either inside information (usually bragging) or evidence collected for other court actions. For example, the ISP is sued for lack of tax payments and the servers are seized as part of discovery, which then uncovers further evidence.

    No I think this vigilante action is short lived and not in the best interests of people vitally concerned with the freedom of action on the Internet. Of course, freedom of action implies freedom to commit crimes on the Internet, like copyright violation and phishing.

    1. Re:Throw the baby out with the bathwater by houghi · · Score: 2, Interesting

      A real problem here is that if upstream providers do this sort of thing, there is no limit to their power.

      Well, all providers have this power and are using it. You bet that my (and hopefully your) upstream provider will cut me off very fast the moment I start spamming the world.

      What I then must do is either look for another (upstream) provider or stop spamming.

      If I would start moaning "but I was not accused by law of anything" they would just show me the AUP I agreed with. The same should be happening with anybodies provider. You spam? We disallow you to do that over our network.

      --
      Don't fight for your country, if your country does not fight for you.
    2. Re:Throw the baby out with the bathwater by dkf · · Score: 2, Informative

      A real problem here is that if upstream providers do this sort of thing, there is no limit to their power. We're not talking about any court action, any due process or any other legal nicity. We are talking about vigilante action and mob rule.

      You agreed to abide by your ISP's AUP when you signed up for their service. I know this because I'm damn sure that it's a condition of the service agreement, and I'm sure that any court would view that as a reasonable and proportionate thing to impose. Yes, there is collusion between ISPs on this; no legit ISP wants anything to do with the likes of the scum behind the RBN...

      --
      "Little does he know, but there is no 'I' in 'Idiot'!"
    3. Re:Throw the baby out with the bathwater by Bakkster · · Score: 2, Interesting

      If I would start moaning "but I was not accused by law of anything" they would just show me the AUP I agreed with. The same should be happening with anybodies provider. You spam? We disallow you to do that over our network.

      Exactly. Network Neutrality shouldn't (IMO) preclude ISPs from banning harmful acts over their networks through their contracts. You should be allowed to prohibit illegal activities and those whose primary purpose is to disrupt the service of others.

      Network Neutrality should simply say that you should be treated the same, no matter who you are and who you're talking to. It doesn't matter if you interrupt your neighbor's connection or a foreign connection, both are blocked. If they limit high-bandwidth applications, they do so for all customers evenly, regardless of whether the remote client is owned by themselves or a competitor, and enumerate it in their contract.

      That said, we also need the ability to choose amongst more than 2-3 (or fewer) broadband ISPs so that we can choose to avoid usage agreements we don't agree with, but that's separate from Net Neutrality.

      --
      Write your representatives! Repeal the 2nd Law of Thermodynamics!
  12. Real Host is not an ISP by ACS+Solver · · Score: 3, Informative

    The summary is quite wrong, though I do not blame the submitter. All English and Russian language sources that I can find state that supposedly Real Host, an ISP, got cut off. That is not actually so.

    Real Host is some company that is running fraudulent operations and other crap, making use of the Zeus botnet. Real Host rented servers from Junik, which is an ISP. They're a small ISP connected upstream via the Latvian branch of Telia. And the story now is that Junik cut off Real Host's access and revoked the servers they rented. Real Storm itself doesn't appear to be linked to Latvia in any real way. They use an address in Kazakhstan as the legal address from where the IP blocks are leased, the botnet itself is being linked to a Russian group of hackers. And they chose Latvian servers to rent, which doesn't make them a Latvia-based group.

  13. Re:Censorship by mcgrew · · Score: 2, Insightful

    You have to take the bad with the good. Nothing is 100% good.

    These are harmful activities. Harmful to people, REAL PEOPLE. It is the definition, at least in my eyes, of what crime is: serious irreversable harm to a person or people.

    That's not "criminal", it's "immoral". Posessing marijuana is a crime, but it's not harmful or immoral. Adultery is immoral and very painful to its victims (I can tell you from experience; Evil-X was a serial adultress), but it's perfectly legal. In Illinois it won't even do you any good in a divorce; I tell you that from experience, also.

    If a botnet in Latvia DDoSes a server in Canada, the Canadian government should go after them. That's what governments should be mainly for - protect their citizenry from malice, whether the malice of individuals or tha malice of other countries. If your government decides it can't put up with DDoS attacks from a country where DDoSing is legal, it has the right to declare war.

    --
    Free Martian Whores!