Feeds

'Malware-friendly' Intercage back among the living

Net provider in deathbed conversion

Build a business case: developing custom apps

A day after security experts celebrated the death of a network provider accused of hosting a large concentration of the world's cybercrime, California-based Intercage appeared to be among the living again.

IP transit provider UnitedLayer agreed to provide upstream service to Intercage about 36 hours after its last transit provider pulled the plug. UnitedLayer's move, which is sure to prove unpopular in some circles, came after Intercage agreed to completely sever ties with Esthost, the Eastern European web host believed by many to be responsible for the lion's share of abusive traffic carried by Intercage.

The dumping of Esthost, if true, would mark a major turning point for Intercage. Esthost, which according to many researchers hosts a large number of sites engaged in phishing, malware propagation, and other illegal activities, has relied on Intercage since 2004 and is responsible for 25 percent to 50 percent of its revenue, according to Intercage president and owner Emil Kacperski.

"Unfortunately, they were a big client," he said in an interview Tuesday, about 12 hours after pulling the plug on the last Esthost server. "We put a lot of eggs in one basket, which I wish of course I did not do."

In addition to jettisoning Esthost, Intercage also plans to unveil a new system for the public to submit complaints about abusive sites carried on Intercage's IP space. Until now, the San Francisco-based provider has used email to field such reports. Similar to systems used by many other hosts, the new system will provide each user with a ticket number that can be used to track the status on the complaint.

At time of writing, the Intercage website remained offline, and an unknown number of its customers - Kacperski said he had "no idea" how many - were without service. But as this Autonomous System report made clear, UnitedLayer has already thrown the unpopular network provider a life raft. Kacperski says he hopes to be back up and running by Tuesday evening.

It didn't take long for people in the security world to criticize the move by UnitedLayer, and the risk the company faces should things go wrong is considerable. A few days after Pacific Internet Exchange agreed to provide transit service to Intercage, a block of some 1,000 of its IP addresses were added to the Spamhaus block list. PIE quickly reversed course and dumped Intercage.

"We'll be watching them very carefully, I can assure you," said Richard Cox, CIO of Spamhaus, whose real-time blacklist is used to block senders of spam from about 1.5 billion email boxes. "We are obviously prepared if the need is there to take the same approach" as was taken with PIE.

Spamhaus officials plan to speak with their counterparts from UnitedLayer soon to express their concerns about Intercage, Cox added.

For its part, UnitedLayer officials said they thought long and hard about the decision to take on Intercage as a customer, and based on the promises they got, they decided it made sense.

"We have been assured by Emil and Intercage that the customer in question that caused this firestorm has been removed," said UnitedLayer COO Richard Donaldson. "And we have said very unequivocally to Emil that when and if factual evidence is provided to us that puts him in violation of our AUP (acceptable use policy)...then we will terminate them like we would any other client."

Over the past few weeks, the Intercage saga has at times resembled the wild west, where justice is meted out by an informal network of power brokers rather than duly appointed officials. Given the frequent inability of today's law enforcement in overcoming a rat's nest of extra-territorial and technical issues, this form of frontier justice is probably unavoidable. And in any case, the vast majority of the white hats manning the system are honest and have netizens' best interests at heart.

Still, the arrangement has sometimes made us uncomfortable, because it seems fraught with the potential for abuse by copyright holders, repressive governments and others. One concern is that as vocal as white hats are in criticizing Intercage for the abusive packets carried over its networks, we've yet to see any empirical evidence that shows it hosts more phishing sites than, say, The Planet or other web hosts. Our other concern is that few white hats seem to take the time to report abusive sites they find hosted on Intercage.

Donaldson acknowledged that UnitedLayer's move may not be well received by some people but said the company's management was prepared to stand behind its decision.

"What we're not in the business of doing is succumbing to mob rule," Donaldson said. "If Emil has generated a bad karma online, that's one thing, but that's not a reason for us to terminate a client until we have facts otherwise substantiating that there's a case against him."

UnitedLayer's email address for reporting abusive customers is abuse at UnitedLayer dot com, and for the time being, abuse can be reported to Intercage using abuse at Intercage dot com. Operators are standing by. ®

The essential guide to IT transformation

More from The Register

next story
Rupert Murdoch says Google is worse than the NSA
Mr Burns vs. The Chocolate Factory, round three!
Microsoft cries UNINSTALL in the wake of Blue Screens of Death™
Cache crash causes contained choloric calamity
Know what Ferguson city needs right now? It's not Anonymous doxing random people
U-turn on vow to identify killer cop after fingering wrong bloke
Germany 'accidentally' snooped on John Kerry and Hillary Clinton
Dragnet surveillance picks up EVERYTHING, USA, m'kay?
Snowden on NSA's MonsterMind TERROR: It may trigger cyberwar
Plus: Syria's internet going down? That was a US cock-up
Who needs hackers? 'Password1' opens a third of all biz doors
GPU-powered pen test yields more bad news about defences and passwords
prev story

Whitepapers

Endpoint data privacy in the cloud is easier than you think
Innovations in encryption and storage resolve issues of data privacy and key requirements for companies to look for in a solution.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Solving today's distributed Big Data backup challenges
Enable IT efficiency and allow a firm to access and reuse corporate information for competitive advantage, ultimately changing business outcomes.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.