After Links To Cybercrime, Latvian ISP Cut Off

alphadogg writes with this Network World story, excerpting "A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers. Real Host, based in Riga, Latvia was thought to control command-and-control servers for infected botnet PCs, and had been linked to phishing sites, Web sites that launched attack code at visitors and were also home to malicious 'rogue' antivirus products, according to a researcher using the pseudonym Jart Armin, who works on the Hostexploit.com Web site. 'This is maybe one of the top European centers of crap,' he said in an e-mail interview. 'It was a cesspool of criminal activity,' said Paul Ferguson, a researcher with Trend Micro."

They'll move elsewhere

[Canazza]

The questions that should be asked is "Are they closing in on the criminals who set up these sites?"

Surely with all the information they can get from this rogue ISP they can track down the wankers who run them.

Re:They'll move elsewhere

[Zocalo]

Probably not. The ISP in question, Real Host, appears to have only had a single upstream to the Internet via the Scandinavia ISP TeliaSonera and it was TeliaSonera being threatened with sanctions if they continued to provide connectivity to Real Host that resulted in the disconnection. Chances are that the operators behind Real Host (there is evidence to suggest at least some are ex-RBN staffers) are looking for other ISPs to provide them connectivity at this moment and Real Host with be coming to an Internet Sewer near you Real Soon.

Re:They'll move elsewhere

Thing is rogue antivirus products and such isn't exactly illegal. In USA it can count as misleading advertisement but as we know USA laws dont apply everywhere. This case also is not police investigation, but their upstream provider TeliaSonera just cut them off because it made them look bad.

We demand net neutrality for pirates and defend laws of other countries. Now botnets and phishing are really bad, but instead of getting to root of the problem these security researchers are purposely destroying net neutrality. TeliaSonera is also upstream provider for The Pirate Bay so they could just suddenly cut TPB's access to the internet. Then everyone would be saying how they're legal in Sweden and they should not be allowed to do that. Well, its the same issue here.

Re:They'll move elsewhere

[AigariusDebian]

That is not net neutrality.

If you connect to the Internet you are an equal peer on it - you can receive and send data. You have the right to set up services just like bbc.co.uk can. If your ISP cuts you connection without a court order (a court that has jurisdiction over you), then it is a violation of net neutrality.

Traffic shaping based on the destination (or source) of the traffic is also a violation of net neutrality, traffic shaping to prioritize some protocols over others is not (unless a phone company reduces the priority of all VoIP traffic to zero).

Re:They'll move elsewhere

[mikael_j]

Actually, what happened was that Real Host was getting its connection from Junik which in turn gets its upstream from TeliaSonera and TeliaSonera pressured Junik into cutting off Real Host.

/Mikael

Re:It's not criminal activity when we do it

[noundi]

Perhaps the malice these researchers feel towards Latvia is similar in some way to the anger the RIAA feels towards filesharers?

Latvia? You're taking things out of context. This is not about Latvia in general, this is about a Latvian ISP responsible for a shitload of spam and botnets. You're free to replace Latvia for any country you wish and it wouldn't make a difference. Also I think it's fair to say that RIAA only serve their interests, whilst spam and botnets concern anybody who uses internet.

Re:Censorship

[Canazza]

So you'd prefer to be subjected to DDoS attacks, have your E-mail account hacked and used to send spam, be phished for your credit card details all in the name of Net Neutrality?

These are harmful activities. Harmful to people, REAL PEOPLE. It is the definition, at least in my eyes, of what crime is: serious irreversable harm to a person or people.

Botnets sending out DDoS attacks make the Server Admin's job harder. Whatever site it is running becomes locked, likely losing the business revenue they can never get back.
Hacked Email accounts cause headaches for the person who's account was compromised, it causes headaches for those who recieve it, especially if it came from a white-listed friend, as it means wading through them and deleting them manually rather than have them caught by the filter. And again, most importantly, it makes the server admins job harder, as they have to devise work arounds and filters for Spam.
And the most serious of all? Phishing for card details. Serious Monetery loss from an individual - they may be able to get it back, but not without a serious fight (My card got skimmed at a shop once, they managed to spend £700 before the bank stopped the card. It was a week before a new card was sent out, and 2 months before I got the money back)

A whole industry has arisin around fighting these criminals. We're in a Broken Window situation and the only way to stop it is not to fix the window, but to remove the person throwing the stones.

Re:Censorship

[X0563511]

The "powers that be" didn't shut them down. Their upstream provider did.

Take this analogy:

--start-bad-analogy--
I let you watch TV at my house. But, most of the time you are there, you leave trash and shit everywhere, and fail to clean up after yourself.

So, after enough complaints from my other guests, I decide to kick your ass out.
--end-bad-analogy--

If there's one kind of cesspool I hate...

[Jafafa+Hots]

...it's a cesspool of crap.

the other kinds are ok.

Re:It's not criminal activity when we do it

[Linker3000]

I thought xenophobia was a fear of virtualised environments?