Feeds

'Malware-friendly' Intercage back among the living

Net provider in deathbed conversion

Choosing a cloud hosting partner with confidence

A day after security experts celebrated the death of a network provider accused of hosting a large concentration of the world's cybercrime, California-based Intercage appeared to be among the living again.

IP transit provider UnitedLayer agreed to provide upstream service to Intercage about 36 hours after its last transit provider pulled the plug. UnitedLayer's move, which is sure to prove unpopular in some circles, came after Intercage agreed to completely sever ties with Esthost, the Eastern European web host believed by many to be responsible for the lion's share of abusive traffic carried by Intercage.

The dumping of Esthost, if true, would mark a major turning point for Intercage. Esthost, which according to many researchers hosts a large number of sites engaged in phishing, malware propagation, and other illegal activities, has relied on Intercage since 2004 and is responsible for 25 percent to 50 percent of its revenue, according to Intercage president and owner Emil Kacperski.

"Unfortunately, they were a big client," he said in an interview Tuesday, about 12 hours after pulling the plug on the last Esthost server. "We put a lot of eggs in one basket, which I wish of course I did not do."

In addition to jettisoning Esthost, Intercage also plans to unveil a new system for the public to submit complaints about abusive sites carried on Intercage's IP space. Until now, the San Francisco-based provider has used email to field such reports. Similar to systems used by many other hosts, the new system will provide each user with a ticket number that can be used to track the status on the complaint.

At time of writing, the Intercage website remained offline, and an unknown number of its customers - Kacperski said he had "no idea" how many - were without service. But as this Autonomous System report made clear, UnitedLayer has already thrown the unpopular network provider a life raft. Kacperski says he hopes to be back up and running by Tuesday evening.

It didn't take long for people in the security world to criticize the move by UnitedLayer, and the risk the company faces should things go wrong is considerable. A few days after Pacific Internet Exchange agreed to provide transit service to Intercage, a block of some 1,000 of its IP addresses were added to the Spamhaus block list. PIE quickly reversed course and dumped Intercage.

"We'll be watching them very carefully, I can assure you," said Richard Cox, CIO of Spamhaus, whose real-time blacklist is used to block senders of spam from about 1.5 billion email boxes. "We are obviously prepared if the need is there to take the same approach" as was taken with PIE.

Spamhaus officials plan to speak with their counterparts from UnitedLayer soon to express their concerns about Intercage, Cox added.

For its part, UnitedLayer officials said they thought long and hard about the decision to take on Intercage as a customer, and based on the promises they got, they decided it made sense.

"We have been assured by Emil and Intercage that the customer in question that caused this firestorm has been removed," said UnitedLayer COO Richard Donaldson. "And we have said very unequivocally to Emil that when and if factual evidence is provided to us that puts him in violation of our AUP (acceptable use policy)...then we will terminate them like we would any other client."

Over the past few weeks, the Intercage saga has at times resembled the wild west, where justice is meted out by an informal network of power brokers rather than duly appointed officials. Given the frequent inability of today's law enforcement in overcoming a rat's nest of extra-territorial and technical issues, this form of frontier justice is probably unavoidable. And in any case, the vast majority of the white hats manning the system are honest and have netizens' best interests at heart.

Still, the arrangement has sometimes made us uncomfortable, because it seems fraught with the potential for abuse by copyright holders, repressive governments and others. One concern is that as vocal as white hats are in criticizing Intercage for the abusive packets carried over its networks, we've yet to see any empirical evidence that shows it hosts more phishing sites than, say, The Planet or other web hosts. Our other concern is that few white hats seem to take the time to report abusive sites they find hosted on Intercage.

Donaldson acknowledged that UnitedLayer's move may not be well received by some people but said the company's management was prepared to stand behind its decision.

"What we're not in the business of doing is succumbing to mob rule," Donaldson said. "If Emil has generated a bad karma online, that's one thing, but that's not a reason for us to terminate a client until we have facts otherwise substantiating that there's a case against him."

UnitedLayer's email address for reporting abusive customers is abuse at UnitedLayer dot com, and for the time being, abuse can be reported to Intercage using abuse at Intercage dot com. Operators are standing by. ®

Intelligent flash storage arrays

More from The Register

next story
Webcam hacker pervs in MASS HOME INVASION
You thought you were all alone? Nope – change your password, says ICO
You really need to do some tech support for Aunty Agnes
Free anti-virus software, expires, stops updating and p0wns the world
USB coding anarchy: Consider all sticks licked
Thumb drive design ruled by almighty buck
Attack reveals 81 percent of Tor users but admins call for calm
Cisco Netflow a handy tool for cheapskate attackers
Privacy bods offer GOV SPY VICTIMS a FREE SPYWARE SNIFFER
Looks for gov malware that evades most antivirus
Patch NOW! Microsoft slings emergency bug fix at Windows admins
Vulnerability promotes lusers to domain overlords ... oops
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
A strategic approach to identity relationship management
ForgeRock commissioned Forrester to evaluate companies’ IAM practices and requirements when it comes to customer-facing scenarios versus employee-facing ones.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
Managing SSL certificates with ease
The lack of operational efficiencies and compliance pitfalls associated with poor SSL certificate management, and how the right SSL certificate management tool can help.
Saudi Petroleum chooses Tegile storage solution
A storage solution that addresses company growth and performance for business-critical applications of caseware archive and search along with other key operational systems.