McColo takedown: Vigilantism or Neighborhood Watch?

Few tears were shed when McColo Corp., a San Jose-based ISP that allegedly hosted companies known to be prolific purveyors of spam and other malware, was suddenly taken offline last Tuesday by its upstream service providers.

McColo take down proves ISPs have the power to stamp out spam

The takedown in September of another company with a similar reputation -- this one named Intercage -- also evoked little sympathy from an Internet community that clearly is fed up with the massive volumes of spam and other crimeware flowing across the Web.

What's remarkable about the McColo and Intercage shutdowns is that they weren't initiated by law enforcement officials or via court order. Neither did they happen because either company was forced into bankruptcy or had other financial problems. Instead, both companies were forced offline when their upstream ISPs, acting upon information provided by security researchers, simply disconnected them and their customers from the Internet.

Behind the scenes of the McColo and Intercage cases, a ferocious struggle is taking place between the purveyors of Web-based malware and loosely aligned but highly committed groups of security researchers who are out to neutralize them.

Those who support these self-appointed Net police -- and many do -- dismiss any suggestions that the researchers are acting as online vigilantes and instead liken their efforts to Neighborhood Watch programs designed to keep city streets safe. Backers claim that the effort to shut down miscreant ISPs is needed because of the inability of law enforcement agencies to deal with a problem that is global in nature, as well as a lack of applicable laws both domestically and internationally.

A few people, though, do question whether there is a hint of vigilantism behind the takedowns -- even as they acknowledge that there may not be any other viable options for dealing with the problem at this point.

Soon after Intercage was forced offline, for instance, Earl Zmijewski, vice president and general manager at Internet monitoring company Renesys Corp., asked in a blog post why law enforcement officials hadn't been involved in the shutdown. "While I'm not a big fan of cyber-crime or the providers who knowingly host these activities, I can't help but wonder where law enforcement is in this story," Zmijewski wrote. "We still have laws, right?"

The shutdown of McColo prompted a similar reaction from Maxim Weinstein, manager of StopBadware.org, an anti-malware group that is spearheaded by Harvard University's Berkman Center for Internet & Society. In a blog post last week, Weinstein applauded the efforts that resulted in McColo being disconnected from the Internet. But he also expressed concern about innocent companies and individuals who might have been negatively affected by the move.

"Surely McColo and previously-taken-down Intercage had legitimate customers, owners of websites and or domain names that they used for their personal blogs, their small businesses, their family photo albums, and so on," Weinstein wrote. "What happened to those users when their providers and their sites suddenly became unavailable?"

For more enterprise computing news, visit Computerworld. Story copyright Computerworld, Inc.