Feeds

'Malware-friendly' Intercage back among the living

Net provider in deathbed conversion

Beginner's guide to SSL certificates

A day after security experts celebrated the death of a network provider accused of hosting a large concentration of the world's cybercrime, California-based Intercage appeared to be among the living again.

IP transit provider UnitedLayer agreed to provide upstream service to Intercage about 36 hours after its last transit provider pulled the plug. UnitedLayer's move, which is sure to prove unpopular in some circles, came after Intercage agreed to completely sever ties with Esthost, the Eastern European web host believed by many to be responsible for the lion's share of abusive traffic carried by Intercage.

The dumping of Esthost, if true, would mark a major turning point for Intercage. Esthost, which according to many researchers hosts a large number of sites engaged in phishing, malware propagation, and other illegal activities, has relied on Intercage since 2004 and is responsible for 25 percent to 50 percent of its revenue, according to Intercage president and owner Emil Kacperski.

"Unfortunately, they were a big client," he said in an interview Tuesday, about 12 hours after pulling the plug on the last Esthost server. "We put a lot of eggs in one basket, which I wish of course I did not do."

In addition to jettisoning Esthost, Intercage also plans to unveil a new system for the public to submit complaints about abusive sites carried on Intercage's IP space. Until now, the San Francisco-based provider has used email to field such reports. Similar to systems used by many other hosts, the new system will provide each user with a ticket number that can be used to track the status on the complaint.

At time of writing, the Intercage website remained offline, and an unknown number of its customers - Kacperski said he had "no idea" how many - were without service. But as this Autonomous System report made clear, UnitedLayer has already thrown the unpopular network provider a life raft. Kacperski says he hopes to be back up and running by Tuesday evening.

It didn't take long for people in the security world to criticize the move by UnitedLayer, and the risk the company faces should things go wrong is considerable. A few days after Pacific Internet Exchange agreed to provide transit service to Intercage, a block of some 1,000 of its IP addresses were added to the Spamhaus block list. PIE quickly reversed course and dumped Intercage.

"We'll be watching them very carefully, I can assure you," said Richard Cox, CIO of Spamhaus, whose real-time blacklist is used to block senders of spam from about 1.5 billion email boxes. "We are obviously prepared if the need is there to take the same approach" as was taken with PIE.

Spamhaus officials plan to speak with their counterparts from UnitedLayer soon to express their concerns about Intercage, Cox added.

For its part, UnitedLayer officials said they thought long and hard about the decision to take on Intercage as a customer, and based on the promises they got, they decided it made sense.

"We have been assured by Emil and Intercage that the customer in question that caused this firestorm has been removed," said UnitedLayer COO Richard Donaldson. "And we have said very unequivocally to Emil that when and if factual evidence is provided to us that puts him in violation of our AUP (acceptable use policy)...then we will terminate them like we would any other client."

Over the past few weeks, the Intercage saga has at times resembled the wild west, where justice is meted out by an informal network of power brokers rather than duly appointed officials. Given the frequent inability of today's law enforcement in overcoming a rat's nest of extra-territorial and technical issues, this form of frontier justice is probably unavoidable. And in any case, the vast majority of the white hats manning the system are honest and have netizens' best interests at heart.

Still, the arrangement has sometimes made us uncomfortable, because it seems fraught with the potential for abuse by copyright holders, repressive governments and others. One concern is that as vocal as white hats are in criticizing Intercage for the abusive packets carried over its networks, we've yet to see any empirical evidence that shows it hosts more phishing sites than, say, The Planet or other web hosts. Our other concern is that few white hats seem to take the time to report abusive sites they find hosted on Intercage.

Donaldson acknowledged that UnitedLayer's move may not be well received by some people but said the company's management was prepared to stand behind its decision.

"What we're not in the business of doing is succumbing to mob rule," Donaldson said. "If Emil has generated a bad karma online, that's one thing, but that's not a reason for us to terminate a client until we have facts otherwise substantiating that there's a case against him."

UnitedLayer's email address for reporting abusive customers is abuse at UnitedLayer dot com, and for the time being, abuse can be reported to Intercage using abuse at Intercage dot com. Operators are standing by. ®

Choosing a cloud hosting partner with confidence

More from The Register

next story
Apple's new iPhone 6 vulnerable to last year's TouchID fingerprint hack
But unsophisticated thieves need not attempt this trick
SMASH the Bash bug! Red Hat, Apple scramble for patch batches
'Applying multiple security updates is extremely difficult'
Oracle SHELLSHOCKER - data titan lists unpatchables
Database kingpin lists 32 products that can't be patched (yet) as GNU fixes second vuln
Who.is does the Harlem Shake
Blame it on LOLing XSS terroristas
Researchers tell black hats: 'YOU'RE SOOO PREDICTABLE'
Want to register that domain? We're way ahead of you.
Stunned by Shellshock Bash bug? Patch all you can – or be punished
UK data watchdog rolls up its sleeves, polishes truncheon
Desperate VXers enslave FREEZERS in DDoS bot
Updated Spike malware targets Asia
Ello? ello? ello?: Facebook challenger in DDoS KNOCKOUT
Gets back up again after half an hour though
prev story

Whitepapers

Providing a secure and efficient Helpdesk
A single remote control platform for user support is be key to providing an efficient helpdesk. Retain full control over the way in which screen and keystroke data is transmitted.
Intelligent flash storage arrays
Tegile Intelligent Storage Arrays with IntelliFlash helps IT boost storage utilization and effciency while delivering unmatched storage savings and performance.
Beginner's guide to SSL certificates
De-mystify the technology involved and give you the information you need to make the best decision when considering your online security options.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.
Secure remote control for conventional and virtual desktops
Balancing user privacy and privileged access, in accordance with compliance frameworks and legislation. Evaluating any potential remote control choice.