Feeds

'Malware-friendly' Intercage back among the living

Net provider in deathbed conversion

SANS - Survey on application security programs

A day after security experts celebrated the death of a network provider accused of hosting a large concentration of the world's cybercrime, California-based Intercage appeared to be among the living again.

IP transit provider UnitedLayer agreed to provide upstream service to Intercage about 36 hours after its last transit provider pulled the plug. UnitedLayer's move, which is sure to prove unpopular in some circles, came after Intercage agreed to completely sever ties with Esthost, the Eastern European web host believed by many to be responsible for the lion's share of abusive traffic carried by Intercage.

The dumping of Esthost, if true, would mark a major turning point for Intercage. Esthost, which according to many researchers hosts a large number of sites engaged in phishing, malware propagation, and other illegal activities, has relied on Intercage since 2004 and is responsible for 25 percent to 50 percent of its revenue, according to Intercage president and owner Emil Kacperski.

"Unfortunately, they were a big client," he said in an interview Tuesday, about 12 hours after pulling the plug on the last Esthost server. "We put a lot of eggs in one basket, which I wish of course I did not do."

In addition to jettisoning Esthost, Intercage also plans to unveil a new system for the public to submit complaints about abusive sites carried on Intercage's IP space. Until now, the San Francisco-based provider has used email to field such reports. Similar to systems used by many other hosts, the new system will provide each user with a ticket number that can be used to track the status on the complaint.

At time of writing, the Intercage website remained offline, and an unknown number of its customers - Kacperski said he had "no idea" how many - were without service. But as this Autonomous System report made clear, UnitedLayer has already thrown the unpopular network provider a life raft. Kacperski says he hopes to be back up and running by Tuesday evening.

It didn't take long for people in the security world to criticize the move by UnitedLayer, and the risk the company faces should things go wrong is considerable. A few days after Pacific Internet Exchange agreed to provide transit service to Intercage, a block of some 1,000 of its IP addresses were added to the Spamhaus block list. PIE quickly reversed course and dumped Intercage.

"We'll be watching them very carefully, I can assure you," said Richard Cox, CIO of Spamhaus, whose real-time blacklist is used to block senders of spam from about 1.5 billion email boxes. "We are obviously prepared if the need is there to take the same approach" as was taken with PIE.

Spamhaus officials plan to speak with their counterparts from UnitedLayer soon to express their concerns about Intercage, Cox added.

For its part, UnitedLayer officials said they thought long and hard about the decision to take on Intercage as a customer, and based on the promises they got, they decided it made sense.

"We have been assured by Emil and Intercage that the customer in question that caused this firestorm has been removed," said UnitedLayer COO Richard Donaldson. "And we have said very unequivocally to Emil that when and if factual evidence is provided to us that puts him in violation of our AUP (acceptable use policy)...then we will terminate them like we would any other client."

Over the past few weeks, the Intercage saga has at times resembled the wild west, where justice is meted out by an informal network of power brokers rather than duly appointed officials. Given the frequent inability of today's law enforcement in overcoming a rat's nest of extra-territorial and technical issues, this form of frontier justice is probably unavoidable. And in any case, the vast majority of the white hats manning the system are honest and have netizens' best interests at heart.

Still, the arrangement has sometimes made us uncomfortable, because it seems fraught with the potential for abuse by copyright holders, repressive governments and others. One concern is that as vocal as white hats are in criticizing Intercage for the abusive packets carried over its networks, we've yet to see any empirical evidence that shows it hosts more phishing sites than, say, The Planet or other web hosts. Our other concern is that few white hats seem to take the time to report abusive sites they find hosted on Intercage.

Donaldson acknowledged that UnitedLayer's move may not be well received by some people but said the company's management was prepared to stand behind its decision.

"What we're not in the business of doing is succumbing to mob rule," Donaldson said. "If Emil has generated a bad karma online, that's one thing, but that's not a reason for us to terminate a client until we have facts otherwise substantiating that there's a case against him."

UnitedLayer's email address for reporting abusive customers is abuse at UnitedLayer dot com, and for the time being, abuse can be reported to Intercage using abuse at Intercage dot com. Operators are standing by. ®

High performance access to file storage

More from The Register

next story
Obama allows NSA to exploit 0-days: report
If the spooks say they need it, they get it
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Snowden-inspired crypto-email service Lavaboom launches
German service pays tribute to Lavabit
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Canadian teen accused of raiding tax computers using OpenSSL bug
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Heartbleed exploit, inoculation, both released
File under 'this is going to hurt you more than it hurts me'
Arts and crafts store Michaels says 3 million credit cards exposed in breach
Meanwhile, Target investigators prepare for long process in nabbing hackers
prev story

Whitepapers

SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
3 Big data security analytics techniques
Applying these Big Data security analytics techniques can help you make your business safer by detecting attacks early, before significant damage is done.