On Oct. 14, the U.S. Federal Trade Commission, with help from the U.S. Federal Bureau of Investigation and New Zealand police, announced that it had shut down a vast international spam network known as HerbalKing.
It was a triumphant moment for the FTC, which said that the group had been linked to as much as a third of the junk e-mail on the Internet. In an interview with The New York Times, FTC Commissioner Jon Leibowitz was modest in his appraisal of the situation. "They were sending extraordinary amounts of spam," he said. "We are hoping at some level that this will help make a small dent in the amount of spam coming into consumers' in-boxes."
The FTC's HerbalKing operation grabbed a lot of headlines, but it didn't do much to reduce the amount of spam on the Internet, researchers say. Within a week, spam was as big of a problem as ever.
Instead, it took another operation, two weeks later, against the ISP (Internet service provider) McColo in San Jose, California, to really reduce the amount of spam. But although McColo appears to have been a playground for Internet criminals, no federal agency, not the FTC, not the FBI, not the Secret Service or the Department of Justice, was involved in shutting it down.
With McColo, Internet researchers and Washington Post reporter Brian Krebs essentially shamed ISPs Global Crossing and Hurricane Electric into dropping service for McColo, whose network had been associated with a range of illegal activity from hacked botnet computers to spam and even child pornography.
Unlike HerbalKing, the results after McColo's takedown were dramatic. About half of the spam on the Internet disappeared.
Cisco Systems' IronPort division says that though there have been some brief spikes in activity, spam is still down significantly from where it was prior to the McColo takedown. McColo could not be reached for comment on this story.
But two weeks after McColo was dropped by its network providers, the company's data center remains untouched. That frustrates some security researchers who say that the servers used to control these operations could provide a treasure trove of evidence about cybercriminals.
"It doesn't surprise me, although it does disappoint me," said Richard Cox, CIO with the antispam group Spamhaus. Cox, who works with law enforcement on spam cases, says that while federal investigators may understand how an operation like McColo works, getting their bosses to agree to take action can be difficult. "The people in the trenches are being directed by people who think they're politicians," he said.
McColo was on the federal government's radar, as are dozens of other service providers worldwide that are known providers of so-called bulletproof hosting services, which are never taken down, despite complaints, according to a source in a federal law enforcement agency who spoke on condition of anonymity because he was not authorized to speak to the press.
While researchers may feel they have a case against McColo, it's another thing entirely to convince a U.S. Department of Justice attorney to ask for a warrant to seize hundreds of servers, and even harder to get a federal judge to authorize this. "There's a reason why we didn't just go and grab all the servers," he said. "If you want a warrant for hundreds of servers... that's very difficult."
Rss FeedRss Feed
The Leader in Network Knowledge
Comment