Feeds

Rise in Latvian botnets prompts Spamhaus row

Small nation battles rudeness

The Power of One eBook: Top reasons to choose HP BladeSystem

Concerns over the rising tide of nuisance and malicious email from Latvia have sparked an acrimonious dispute between anti-spam organisation Spamhaus and the country's top-level domain registry.

NIC.LV, which administers .lv web addresses, has branded Spamhaus "impolite, arrogant and even rude" after it added a large chunk of Latvian IP addresses to its anti-spam list. As a result "thousands of Internet users – academic users, state and municipal institutions, non-profit organisations, companies, and individuals" were cut off, it claimed.

For its part, a bemused Spamhaus says it merely followed its normal procedures, and the allegations of rudeness are the result of language barriers.

The row dates back to June. Over the previous year, Spamhaus' monitoring staff had measured a steady increase in Latvian spam and DDOS traffic, particularly from a small ISP called Microlines.

It's unclear who the offending cybercriminals were, but in common with its normal practice, Spamhaus contacted Microlines' abuse address to ask them to take down the relevant servers. When no response came, researchers added the firm's IP range to Spamhaus blocklist which is used by ISPs to cut the volume of spam entering their networks.

Spamhaus next followed its escalation procedures, which involve using RIPE data to discover who is routing the spam and reporting it to their abuse department. The aim is to force cybercriminals to at least keep hopping ISPs, a ruse that often means they leave tell-tales identifying evidence for law enforcement agencies to trace.

Microlines' spam-filled traffic was being routed by Latnet Serviss, a larger ISP. Spamhaus contacted the RIPE-registered abuse address and again received no response. It added part of what it believed was Latnet's IP range to the blocklist, based on a traceroute of the abuse address.

Unbeknown to Spamhaus, however, Latnet Serviss had effectively outsourced management of its abuse department to the University of Latvia's Institute of Mathematics and Computer Science, which houses both NIC.LV and the country's Computer Emergency Response Team (CERT).

As a result, the Institute and many other organisations were effectively cut off from the internet. This got the attention of the NIC.LV, and it wasn't happy.

Although the block on the Institute's IP addresses was removed within hours following an exchange of emails, earlier this month it released a furious open letter to mailing lists accusing Spamhaus of incompetence and protesting at the perceived injustice.

"No internet user should be punished for the actions of another internet user," it wrote. "As nations around the globe recognise that access to the internet is a basic human right it is unnacceptable to block access of those who have not committed any illegal or improper acts."

David, a Spamhaus researcher (they do not publicise their full identities), blamed NIC.LV's problems on its failure to update the RIPE records, and Latnet Serviss' failure to promptly deal with Microlines' spam.

"Spamhaus... thinks nic.lv, latnet.lv and their one-man 'CERT team' are cluelessly negligent in their handling of Latvian criminal botnet controllers we continually brought to their attention and which they ignored for so long," added Steve Linford, the founder of Spamhaus.

Once the block had been switched to its IP addresses, during its own spiky email exchange with Spamhaus, Latnet Serviss protested it should not be blocklisted because "we are one of the biggest internet providers in Latvia".

Spamhaus replied: "Ok. And Latvia is one of the smallest nations in the world."

NIC.LV perceived a slight against Latvia and wrote: "This sentence graphically illustrates the attitude of Spamhaus. It seems unbelievable that someone like Spamhaus treats incidents depending on the size of the internet user community."

According to David, Spamhaus was merely trying to say that it doesn't care what country spam is coming from or who is routing it: it will block anyone.

Nevertheless, NIC.LV is now calling for an "independent adjudicator to mediate on issues of disagreement between any entity exercising its power in an unjust way and the internet user community". ®

Designing a Defense for Mobile Applications

More from The Register

next story
Mozilla fixes CRITICAL security holes in Firefox, urges v31 upgrade
Misc memory hazards 'could be exploited' - and guess what, one's a Javascript vuln
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
Top 8 considerations to enable and simplify mobility
In this whitepaper learn how to successfully add mobile capabilities simply and cost effectively.
Seven Steps to Software Security
Seven practical steps you can begin to take today to secure your applications and prevent the damages a successful cyber-attack can cause.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.