Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
The Internet Security

After Links To Cybercrime, Latvian ISP Cut Off 116

alphadogg writes with this Network World story, excerpting "A Latvian ISP linked to online criminal activity has been cut off from the Internet, following complaints from Internet security researchers. Real Host, based in Riga, Latvia was thought to control command-and-control servers for infected botnet PCs, and had been linked to phishing sites, Web sites that launched attack code at visitors and were also home to malicious 'rogue' antivirus products, according to a researcher using the pseudonym Jart Armin, who works on the Hostexploit.com Web site. 'This is maybe one of the top European centers of crap,' he said in an e-mail interview. 'It was a cesspool of criminal activity,' said Paul Ferguson, a researcher with Trend Micro."
This discussion has been archived. No new comments can be posted.

After Links To Cybercrime, Latvian ISP Cut Off

Comments Filter:
  • by Canazza ( 1428553 ) on Thursday August 06, 2009 @03:58AM (#28969363)

    The questions that should be asked is "Are they closing in on the criminals who set up these sites?"

    Surely with all the information they can get from this rogue ISP they can track down the wankers who run them.

    • by Zocalo ( 252965 ) on Thursday August 06, 2009 @04:21AM (#28969463) Homepage
      Probably not. The ISP in question, Real Host, appears to have only had a single upstream to the Internet via the Scandinavia ISP TeliaSonera and it was TeliaSonera being threatened with sanctions if they continued to provide connectivity to Real Host that resulted in the disconnection. Chances are that the operators behind Real Host (there is evidence to suggest at least some are ex-RBN staffers) are looking for other ISPs to provide them connectivity at this moment and Real Host with be coming to an Internet Sewer near you Real Soon.
      • by mikael_j ( 106439 ) on Thursday August 06, 2009 @05:41AM (#28969835)

        Actually, what happened was that Real Host was getting its connection from Junik which in turn gets its upstream from TeliaSonera and TeliaSonera pressured Junik into cutting off Real Host.

        /Mikael

        • by Zocalo ( 252965 ) on Thursday August 06, 2009 @06:34AM (#28970059) Homepage
          Yep, my mistake. TeliaSonera was threatening Junik with sanctions if they didn't cut Real Host off. That's what happens when you go from memories of a late night... There's some more background info on the Zeus trojan that Real Host was running the C&C servers for, including a rather incriminating AS map, over at HostExploit [hostexploit.com]. Given the nature of the last couple of hops and liklihood of some RBN involvement, I'm actually inclined to believe that Junik is either a front or is seriously in someone's pocket...
          • by richlv ( 778496 )

            interesting to see junik involved (i'm from latvia).
            i remember them as a shoddy provider back in nineties when internet just started picking up here. some cases of their customer mismanagement (even for that time, not that long after ussr breakup) floated on the public mailing lists.
            are they involved with rbn ? absolutely no idea, but they aren't a company i'd say "no way" regarding such accusations.

    • by Anonymous Coward on Thursday August 06, 2009 @04:22AM (#28969473)

      Thing is rogue antivirus products and such isn't exactly illegal. In USA it can count as misleading advertisement but as we know USA laws dont apply everywhere. This case also is not police investigation, but their upstream provider TeliaSonera just cut them off because it made them look bad.

      We demand net neutrality for pirates and defend laws of other countries. Now botnets and phishing are really bad, but instead of getting to root of the problem these security researchers are purposely destroying net neutrality. TeliaSonera is also upstream provider for The Pirate Bay so they could just suddenly cut TPB's access to the internet. Then everyone would be saying how they're legal in Sweden and they should not be allowed to do that. Well, its the same issue here.

      • Re: (Score:3, Insightful)

        by noundi ( 1044080 )
        Net neutrality is about isolating "independent" parts of the internet accessable only to those who sign up with a specific ISP, not about cutting off illegal activities entirely. E.g. you sign up with Comcast and you're allowed visit bbc.com, and if you don't you'll have to live without it.
        • by AigariusDebian ( 721386 ) <`gro.naibed' `ta' `suiragia'> on Thursday August 06, 2009 @05:14AM (#28969701) Homepage

          That is not net neutrality.

          If you connect to the Internet you are an equal peer on it - you can receive and send data. You have the right to set up services just like bbc.co.uk can. If your ISP cuts you connection without a court order (a court that has jurisdiction over you), then it is a violation of net neutrality.

          Traffic shaping based on the destination (or source) of the traffic is also a violation of net neutrality, traffic shaping to prioritize some protocols over others is not (unless a phone company reduces the priority of all VoIP traffic to zero).

          • by noundi ( 1044080 )
            We're both right.

            Limited discrimination and tiering
            This approach allows higher fees for QoS as long as there is no exclusivity in service contracts. According to Tim Berners-Lee: "If I pay to connect to the Net with a given quality of service, and you pay to connect to the net with the same or higher quality of service, then you and I can communicate across the net, with that quality of service."[1] "[We] each pay to connect to the Net, but no one can pay for exclusive access to me."

            Source [wikipedia.org]

            • Re: (Score:1, Insightful)

              by Anonymous Coward

              No, he was right and you, as well as the idiots who modded you up, were wrong.

              Net Neutrality is about the neutrality of a node on the network, it has all the same rights as every other node.
              What you said was AGAINST Net Neutrality!
              Isolating nodes on a network and limiting access is against it.

              Let me guess, you work for one of the ISPs that are trying to confuse people in to hating Network Neutrality?

              • by noundi ( 1044080 )

                No, he was right and you, as well as the idiots who modded you up, were wrong.

                Net Neutrality is about the neutrality of a node on the network, it has all the same rights as every other node. What you said was AGAINST Net Neutrality! Isolating nodes on a network and limiting access is against it.

                Let me guess, you work for one of the ISPs that are trying to confuse people in to hating Network Neutrality?

                I'm sorry, you must have misunderstood me. My point was that by indulging in said activities you break net neutrality. I didn't say that the example was net neutrality, and as I said it's about net neutrality. Meaning it can be both about maintaining it and breaking it, as long as it's about net neutrality. I felt it was easier to explain the concept of net neutrality using an example that breaks it.

                And no, I don't work for any ISP. And no I don't hate net neutrality, rather the contrary.

              • Which is why "Net Neutrality" is a meaningless phrase, which we should dump. I can't say I'm in favor of it without being misinterpreted.

                A better phrase would be "common carrier", which does imply the willingness to carry anybody's traffic. (Yes, I know it isn't legally applicable to ISPs in the US.)

          • That is not net neutrality.

            If you connect to the Internet you are an equal peer on it - you can receive and send data.

            Well, if their internet connection no longer exists...

          • by dkf ( 304284 )

            That is not net neutrality.

            If you connect to the Internet you are an equal peer on it - you can receive and send data. You have the right to set up services just like bbc.co.uk can. If your ISP cuts you connection without a court order (a court that has jurisdiction over you), then it is a violation of net neutrality.

            No, but it might be a violation of contract and a court might have something to say about consequences. If the ISP gives as a reason that you were violating the terms of service, then it's quite possible that you'll have no comeback at them at all (other than a return of potentially some of what you have paid; details matter there).

            Traffic shaping based on the destination (or source) of the traffic is also a violation of net neutrality, traffic shaping to prioritize some protocols over others is not (unless a phone company reduces the priority of all VoIP traffic to zero).

            Traffic-shaping based on source or destination is indeed the issue (unless either the source or the destination requested it specifically; shaping on an opt-in basis is fine and

          • Giving priority to one protocol over another is NOT net neutrality. Net neutrality, in a VERY short phrase, ensures that the end user can use his bandwidth as he see fit without conforming to other's expectations.

            To imply otherwise exposes an agenda. In the case of telcos, the agenda is pretty clear - they want to reserve the bulk of their bandwidth for traditional telephonic services because those services pay more than internet television, VoIP, and P2P.

            • by mjhorn ( 1440895 )
              You contradict yourself with your definition. If a user should be able to use their bandwidth as they see fit, by definition the ISP giving some protocols priority could very easily violate how the user wants to use their bandwidth. If priority given to voice services causes added latency to some users game playing when he doesn't care about voip, that is not allowing him to use his bandwidth as he sees fit. Now, I'm not saying that traffic shaping should necessarily be considered a violation of net neutral
              • Please, show me where I said that it was alright for ISP's to give priority to a protocol? I am studying very closely exactly what I typed. I believe that I CONDEMNED protocol priority as a poor practice put in place by money grubbing people who wish to maximize their profit, at my expense. Why don't you read my words again, to confirm that I said what I meant to say?

                Overselling bandwidth is the root cause for traffic shaping at the ISP level and higher. Traffic shaping at the user's level is reasonable

          • We need chainsaw neutrality. If a man walks into a hardware store wearing a hockey mask and a blood-soaked prison jumpsuit, and identifies himself as an axe-murdering serial killer; we should legally obligate store owners to sell that man a chainsaw.

      • Hrmm...cut off their connection, or ninja special-ops team to take them out...cut off their connection, or ninja special-ops team to take them out...tough decision.

        I'm guessing the U.S. doesn't have an extradition treaty with Latvia?

        • Let's do both. Kill their connection then let the ninja's go all "Mad Max Thunderdome" on them. Two men enter, one ninja leave.

          I have no qualms about kicking people off the net if they show they can't work and play well with others. The internet is a luxury, not a right. (at this point, that is indeed starting to change, but people can and have made out ok without it)

          Honestly, I'm so sick of the filthy underbelly of the internet being treated just as well as the rest of the world's (mostly) law-abiding

      • It counts as misleading advertising in the EU as well.

      • by Teun ( 17872 )

        but as we know USA laws dont apply everywhere.

        Reference please?

      • The Pirate Bay and others who believe they are doing no wrong are more likely to fight in court.

        Criminals are more likely to either walk away to avoid a government-issued ban-hammer or use illegal, er, I mean, extra-legal means of "persuasion" to make sure their next ISP won't cut them off.

      • Now botnets and phishing are really bad, but instead of getting to root of the problem these security researchers are purposely destroying net neutrality

        I think that word doesn't mean what you think it means.

        I see this as more a case of excising a tumor than anything else. And if it pops up again elsewhere, repeat. If the stakes are high enough, it will become much harder for such places to find a home.

  • Censorship (Score:1, Interesting)

    by Anonymous Coward
    Why is this being cast in a good light? We should demand net neutrality and not just when it suits us, but always. If you have an issue with their content: sue them, block them, ignore them. Also, how do we define "criminal activity" when talking about an ISP in Lativia? I'm no expert in Lativian law myself, but is spam or a command-and-control center illegal there? Bandwidth suppliers should be doing that, supplying bandwidth. Leave the politics and legal issues to the governments.
    • Re:Censorship (Score:5, Insightful)

      by Canazza ( 1428553 ) on Thursday August 06, 2009 @04:17AM (#28969443)

      So you'd prefer to be subjected to DDoS attacks, have your E-mail account hacked and used to send spam, be phished for your credit card details all in the name of Net Neutrality?

      These are harmful activities. Harmful to people, REAL PEOPLE. It is the definition, at least in my eyes, of what crime is: serious irreversable harm to a person or people.

      Botnets sending out DDoS attacks make the Server Admin's job harder. Whatever site it is running becomes locked, likely losing the business revenue they can never get back.
      Hacked Email accounts cause headaches for the person who's account was compromised, it causes headaches for those who recieve it, especially if it came from a white-listed friend, as it means wading through them and deleting them manually rather than have them caught by the filter. And again, most importantly, it makes the server admins job harder, as they have to devise work arounds and filters for Spam.
      And the most serious of all? Phishing for card details. Serious Monetery loss from an individual - they may be able to get it back, but not without a serious fight (My card got skimmed at a shop once, they managed to spend £700 before the bank stopped the card. It was a week before a new card was sent out, and 2 months before I got the money back)

      A whole industry has arisin around fighting these criminals. We're in a Broken Window [wikipedia.org] situation and the only way to stop it is not to fix the window, but to remove the person throwing the stones.

      • Re: (Score:1, Informative)

        by Anonymous Coward

        This has nothing to do with net neutrality anyway.

      • The Latvian ISP isn't throwing stones. It is the stone that is being thrown.

        A stone can be used to break a window, crack a head, or choke someone to death. But it can also be used to create a beautiful sculpture, make stone soup, or provide perfect oscillation for your CPU.

        The rock throwers are the ones misusing the ISP, not the ISP itself. I wouldn't stand for it for a second if the RIAA decided to sue Comcast out of business because my neighbor was sharing MP3s. Collective punishment is unwarranted and im

      • Re: (Score:1, Insightful)

        by Anonymous Coward

        That sounds very dramatic. The internet is going to end. Oh wait, no it won't.

        Cutting off an ISP does next to nothing. Those responsible will just move on, as has been demonstrated repeatedly in the past few months.

        The more problematic issue is: who defines what justifies disconnection? Maybe a consortium of providers decides that "immoral" content has to be disconnected or criticism of their actions or political dissent, etc. Who draws the line and what's their motivation?

      • You can never stop people throwing stones, so you have to put a board over the window...

      • Re: (Score:3, Insightful)

        by mcgrew ( 92797 )

        You have to take the bad with the good. Nothing is 100% good.

        These are harmful activities. Harmful to people, REAL PEOPLE. It is the definition, at least in my eyes, of what crime is: serious irreversable harm to a person or people.

        That's not "criminal", it's "immoral". Posessing marijuana is a crime, but it's not harmful or immoral. Adultery is immoral and very painful to its victims (I can tell you from experience; Evil-X was a serial adultress), but it's perfectly legal. In Illinois it won't even do you

        • Actually, adultery is illegal in many states in the US, and I would assume there are many other countries that also make adultery a crime. As for it being immoral? That really depends on the people involved; many couples are ok with their partner having sex with people other than themselves. While current mainstream US society might frown upon adultery, in some societies it is viewed as moral.
          • by mcgrew ( 92797 )

            many couples are ok with their partner having sex with people other than themselves

            In that case it's polygamy, not adultery. If one of your parents committed true adultery, you could wind up marrying your sister.

      • by jhol13 ( 1087781 )

        I am absolutely certain my "definition" for what is crime differs from yours.

        Mine has "until proven quilty" clause which yours apparently does not: there were no police nor court order, just a bunch of vigilantes (so called "security researchers", if you prefer).

      • OMG!

        He makes a valid point. I'm glad their gone, yet I too wonder about the method of taking them out.

    • by noundi ( 1044080 )
      While I'm not certain about Latvia (although my guess is that it obviously is) sending spam mail is illegal in most countries around the world, not to mention creating botnets. I think you've misunderstood the concept of net neutrality. Net neutrality is about preventing ISP cartels so that e.g. consumers aren't forced into signing up with an ISP simply because this ISP is the only one "licensed" to access certain hosts, such as e.g. a web TV service from a specific broadcasting network.
      • Sending spam is illegal under the EU's e-privacy directive. However the maximum punishment is a small fine, and nobody has been prosecuted yet as far as I'm aware.

        • Define "spam". Unfortunately, both the EU and the US have laws that are very generous in permitting bulk email: even if the blatantly illegal and fraudulent material is controlled, there remains a lot of protected material that can be and is sent.

          Is the EU law any better than the truly stupid US's 'CAN-SPAM' act?

    • Re:Censorship (Score:4, Insightful)

      by cbhacking ( 979169 ) <been_out_cruisin ... nospAM.yahoo.com> on Thursday August 06, 2009 @04:37AM (#28969547) Homepage Journal

      It's almost certainly against the contract terms that Real Host signed with their upstream provider. Net neutrality has nothing to do with this issue; this isn't packet injection or traffic shaping or anything like that. This is simply disconnecting a client who is in breach of contract and criminal law. In effect, blocking them (as you personally advocated).

      Do you honestly think it should be the responsibility of the rest of the world to deal with these attacks, just because they are sent over the Internet?

    • Because this IS a good thing.

      You do understand the purpose of a DoS attack don't you?

    • by muntis ( 1503471 )
      Yes, spam is illegal in Latvia.

      Information Society Services Act [likumi.lv])
      Paragraph 9.1 (google translated):
      Forbidden to use commercial communication sent into the automatic dialing (terminal) systems that operate without human intervention, electronic mail, or fax machines (facsimiles), which allow a single contact with a recipient if recipient has not previously been given a free and explicit consent .
      • by Hammer ( 14284 )

        And regardless. spam and phishing as well as distribution of rogue antivirus is illegal in Sweden so it seems appropriate that the Swedish ISP cuts them off.....

    • Net neutrality does not imply acceptance of illegal conduct. Please, install my bot, so that I can harvest all of your financial information, then buy myself a new electric automobile. Afterwards, you can come back and post here about net neutrality, mmmkay?

  • ...finds this situation most vexing.
  • by xtracto ( 837672 ) on Thursday August 06, 2009 @04:33AM (#28969531) Journal

    This is maybe one of the top European centers of crap,'

    The server 216.178.38.116 is an American server known to have loads of crap too! I hope they also could get it!

    • Re: (Score:1, Redundant)

      Fyi, 216.178.38.116 is "profile.myspace.com".
      • I think they know that, since MySpace is a huge centre of crap.

        Granted, it tends to be self-contained rather than aggressive (so it is crap you land in rather than crap that is thrown at you) but it's still home to a shitload of crap ;)

      • Eh, this is relevant, not redundant. There are plenty of NSFW sites that could have been referenced in that post, so many people can't safely check for themselves where that IP goes.
    • You seen this server 216.34.181.48?

      It's like a neverending stream of crap.

    • by eexaa ( 1252378 )
      To be honest, the term 'center of crap' totally got me. Pity there's no online location overview/trends/statistics site yet. Senderbase and alikes don't count, because there's no map with a big red cross captioned "CRAP IS HERE".
  • by account_deleted ( 4530225 ) on Thursday August 06, 2009 @05:22AM (#28969741)
    Comment removed based on user account deletion
  • Glad to see law enforcement is keeping up with this kind of activity. Use your talents for good...not evil!
  • That one's long overdue...

  • by cdrguru ( 88047 ) on Thursday August 06, 2009 @06:25AM (#28970013) Homepage

    A real problem here is that if upstream providers do this sort of thing, there is no limit to their power. We're not talking about any court action, any due process or any other legal nicity. We are talking about vigilante action and mob rule.

    The idea of "net neutrality" pretty much can be agreed upon that upstream providers do not cut off users for actions that violate the laws of some jurisdiction on their own. Now this may not be a good idea, but if your ISP is prevented from cutting you off for downloading pirated music and movies then a rogue ISP better not be cut off for hosting botnet control centers and phishing web sites. Sorry, you can't have it both ways.

    Of course the real problem is that there is no force of law that can successfully prosecute folks like this. They might even be violating laws in their home country - but how do law enforcement agencies conduct a highly technical investigation when they have no facilities. Not only that, but the whole idea of the Internet makes it extremely difficult to conduct investigations without effectively wiretapping and requires the cooperation of a high level provider. It is difficult to see how such an investigation can be conducted by anyone without lots of resources and financial backing. And cooperation of providers, often at their own expense.

    No, prosecution of such crimes as are alleged on the Internet is very difficult without either inside information (usually bragging) or evidence collected for other court actions. For example, the ISP is sued for lack of tax payments and the servers are seized as part of discovery, which then uncovers further evidence.

    No I think this vigilante action is short lived and not in the best interests of people vitally concerned with the freedom of action on the Internet. Of course, freedom of action implies freedom to commit crimes on the Internet, like copyright violation and phishing.

    • Re: (Score:3, Interesting)

      Comment removed based on user account deletion
      • Re: (Score:3, Interesting)

        by Bakkster ( 1529253 )

        If I would start moaning "but I was not accused by law of anything" they would just show me the AUP I agreed with. The same should be happening with anybodies provider. You spam? We disallow you to do that over our network.

        Exactly. Network Neutrality shouldn't (IMO) preclude ISPs from banning harmful acts over their networks through their contracts. You should be allowed to prohibit illegal activities and those whose primary purpose is to disrupt the service of others.

        Network Neutrality should simply say that you should be treated the same, no matter who you are and who you're talking to. It doesn't matter if you interrupt your neighbor's connection or a foreign connection, both are blocked. If they limit high-bandwidth a

    • Re: (Score:3, Informative)

      by dkf ( 304284 )

      A real problem here is that if upstream providers do this sort of thing, there is no limit to their power. We're not talking about any court action, any due process or any other legal nicity. We are talking about vigilante action and mob rule.

      You agreed to abide by your ISP's AUP when you signed up for their service. I know this because I'm damn sure that it's a condition of the service agreement, and I'm sure that any court would view that as a reasonable and proportionate thing to impose. Yes, there is collusion between ISPs on this; no legit ISP wants anything to do with the likes of the scum behind the RBN...

  • by ACS Solver ( 1068112 ) on Thursday August 06, 2009 @07:42AM (#28970585)
    The summary is quite wrong, though I do not blame the submitter. All English and Russian language sources that I can find state that supposedly Real Host, an ISP, got cut off. That is not actually so.

    Real Host is some company that is running fraudulent operations and other crap, making use of the Zeus botnet. Real Host rented servers from Junik, which is an ISP. They're a small ISP connected upstream via the Latvian branch of Telia. And the story now is that Junik cut off Real Host's access and revoked the servers they rented. Real Storm itself doesn't appear to be linked to Latvia in any real way. They use an address in Kazakhstan as the legal address from where the IP blocks are leased, the botnet itself is being linked to a Russian group of hackers. And they chose Latvian servers to rent, which doesn't make them a Latvia-based group.
  • Whenever I see such emotionally charged statements, I tend to take them with a grain or two of salt, especially when they're coming from people who are supposed to be rational, like security researchers...

Think of it! With VLSI we can pack 100 ENIACs in 1 sq. cm.!

Working...