US Federal Trade Commission shuts down ISP
Provider accused of harboring malware, child porn
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Federal authorities have shut down what they said was the worst US-based web hosting provider after convincing a judge it actively participated in the distribution of child pornography, spam, malware, and other net-based menaces.
The US Federal Trade Commission obtained the court order against 3FN.net, a service provider with servers mostly located in San Jose, California that also operated under the name Pricewert. Dated June 2, it commanded all companies providing upstream services to 3FN to immediately pull the plug. The order was issued in secret to prevent the operators from being able to destroy evidence or find new hosts, something FTC attorneys said was necessary given the extreme nature of the data it hosted.
"This content includes a witches' brew of child pornography, botnet command and control servers, spyware, viruses, trojans, phishing-related sites, and pornography featuring violence, bestiality, and incest," they wrote in court documents. "In addition to recruiting and willingly distributing this illegal, malicious and harmful content, Pricewert actively colludes with its criminal clientele in several areas, including the maintenance and deployment of networks of compromised computers known as botnets."
This week's action is the most significant shutdown since the shuttering in November of McColo, another Northern California-based service provider with ties to online crime. In the months following the takedown, spam volume dropped by as much as 40 percent.
So far, we're not seeing a similar decline in junk mail this time around, even though 3FN was a major provider for Cutwail, a notorious spam botnet with more than 1 million infected machines under its control, security analysts said.
"We suspect it's been programmed in such a way that when the command and control goes down it just continues to execute" old instructions, said Matt Sergeant, a senior antispam technologist at MessageLabs, which was recently purchased by Symantec. "That gives the spammers time to find a new command and control host. McColo taught spammers that they needed multiple command and controls and not to put all their eggs in one basket."
Court documents alleged a litany of illegal services that 3FN operators actively offered. They include:
- The site allegedly communicated with malicious software hosted McColo. Investigators who sifted through the contents of the latter shuttered provider found instant message logs in which high-level 3FN employees provided technical support to customers trying to configure botnets with as many as 200,000 nodes.
- A NASA investigator probing intrusions to the space agency's networks found 22 separate attacks on NASA computers originating from IP addresses controlled by 3FN, including five this year, one as recently as April. NASA estimates it has spent more than $14,000 to repair the damage.
- A separate investigator managed to peer inside 3FN after reverse engineering malware masquerading as a video player that was hosted by the provider. What he found were logs showing that thousands of computers had been compromised by the malicious code. He also located more than 40 websites hosted by 3FN that are possible hosts of child pornography, some with names such as little-incest.com and littles-raped.com. Using a text-only browser to visit some of the sites, he found text promising "illegal photos of little girls" and "very little schoolgirls raped."
One of the biggest complaints among white hat hackers is the difficulty of shutting down networks that flagrantly violate the law. This week's action is the first time the FTC has used its congressional mandate to protect US consumer to sever a service provider suspected of illegal activity.
The temporary restraining order, issued by US District Judge Ronald M. White of San Jose, also freezes all of the company's assets. A hearing in the case is scheduled for June 15.
Assistance in the case came from a variety of sources including , computer forensics expert Gary Warner from the University of Alabama at Birmingham, NASA's office of the inspector general, the National Center for Missing and Exploited Children, the Shadowserver Foundation, Symantec and the Spamhaus project.
Court documents are available here. ®
COMMENTS
@Greg Trocchia
Not to be deliberately antagonistic, but you rather confirmed one of my points!
Try reasoning with a total moron when he's thumping you to the ground and kicking you in the face! What's the probability that your efforts won't get you very far? You may be someone that says, "stop, this isn't achieving anything, can we talk through?" when someone is attacking you, but I don't fancy your chances much using this approach. Idealism is fine, but it doesn't always pan out practically, and if you cannot practically implement your ideals then you will fall victim to your own rigid principles of reason and fairness...when they patently do no one, including you, any good. You do not reason with an idiot, You do not use fairness to win a rigged game. Old clichés seem to work here: in extreme situations you sometimes need to fight fire with fire.
Our own laws are now protecting criminal elements. They often serve to work against our own objectives. Our own sense of fair play is in fact our weakness and this weakness is glaring and it allows amoral criminals to run amok.
Yes, I believe in reason, and fair play, but I also believe in laying aside those tools when needs must!
@Privateofcourse
"You simply cannot apply reason and fairness to every situation."
Yes you can, unless that is, you *want* results that are irrational and unfair by definition.
@Christopher Webb
Exactly! And I think some of us have become so open minded that our brains have fallen out.
@Graham Marsden
The rights of individuals are extremely important, of course they are, I totally agree, and only a fool would challenge that premise, but sometimes they simply don't take precedence of the rights of those who are more vulnerable.
Children have an absolute right not to be traded for the sexual gratification (and worse) of others, and those rights have to be rigidly enforced using definitive action. And our law enforcement agencies have the unenviable task of trying to stop these crimes, so almost inevitably people do occasionally get caught in the crossfire, but that should never be a reason not to do anything at all, even if we instinctively recoil at that idea - none of us wants to be one of the innocent victims caught in the crossfire, so we automatically want to protect every innocent bystander, which of course in our minds includes us. That's a normal human reaction as far as I see it. But if your own child had been abducted by a child porn ring and was being traded on the Internet I think you'd soon have a different view of things, and that's where I think we all have to take responsibility.
It is up to everyone else to support the efforts of those who try to stop this crap from happening, and if in the process someone's rights gets trampled on then we have to put that right, but carry on regardless.
Whilst it is completely normal to want to sure up our own rights, and try to protect ourselves from the possibility of ever becoming a victim, we have to be sure that be don't inadvertently deny others their rights by rigidly protecting our own, so there sometimes has to be a compromise. No system is perfect, we have to allow for this, and whilst this kind of abominable crime continues to flourish I for one am willing to say to the agencies who have to deal with these problems, just do what you need to do to get the job done. However, I would never have said this 10 or even 5 years ago, but the softly softly approach just isn't working, and the more procrastination the worse things get.
You simply cannot apply reason and fairness to every situation. In an ideal world that would be great, but to do so in this reality just gives carte blanche to predators, those with no conscience that don't have concerns about exploiting your weaknesses for their own gain.
Life's a bitch but I didn't make up the rules.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
