Internet Vigilantism

September 24, 2008 Earl Zmijewski

Atrivo (aka Intercage), a Concord, California-based Internet hosting service, disappeared from the Internet for around two days recently. They didn’t go bankrupt or suffer a physical catastrophe. Their providers simply shut them down by refusing their traffic. This might very well be the first time in history that the Internet community, a cooperative association of networks with no governing body, has collectively put someone out of business, if only briefly. The alleged sins of Atrivo have been documented extensively, both in the popular media (e.g., the Washington Post) and in technical forums (e.g., Spamhaus and numerous postings to the NANOG mailing list). It is clear that emotions run high with respect to Atrivo, long accused of benefiting from cyber-crime by hosting purveyors of malware, adware, spam, viruses and other cyber-surges. In this blog, we’ll take a quick look at their brief demise and make a few observations.

The following graph shows that Atrivo has had 10 different Internet providers over the past year. The number of Renesys peers selecting each provider is shown over time. Most providers didn’t stick around for long, but a few like WV Fiber (AS 19151) did hang in there for much of the year. For a couple of days recently, Atrivo had zero providers and were hence effectively out of business, but then United Layer (AS 23342) became their latest — and currently only — provider. We’ll see how long this lasts and if others step up to provide Atrivo with some redundancy. Of course, those who are convinced Atrivo is up to no good can simply block access to their IP addresses (prefixes) as they have a relatively modest allocation.

While I’m not a big fan of cyber-crime or the providers who knowingly host these activities, I can’t help but wonder where law enforcement is in this story. We still have laws, right? There is a lot of questionable activity and content on the Internet that is thriving and has no shortage of suitors. Even the most cursory look of of what passes for “content” should convince anyone that it’s pretty hard to get thrown off the Internet — it just doesn’t happen. But since it just did, I have no trouble believing that Atrivo had it coming. It’s tough to piss off the entire world, especially when you have the money to pay them off. I only wonder why the cops didn’t get there first. I think we’d all be better off with criminals and those who abet them in jail, rather than free to roam around and snooker someone else. (Why do I keep thinking sub-prime here?) But for law enforcement to do its job, it needs both the laws and the expertise to do so. This became very clear to me when someone in law enforcement approached me at a conference, suggesting a hijack of a site providing illegal content, allowing the cops to both deny access and see who the “customers” were. I politely pointed out that this sort of vigilantism was probably not the best approach and that he might want to seek a court injunction and/or work in concert with the major carriers. But in the absence of effective modern international laws, maybe the next best thing to combating cyber-crime is cyber-vigilantism. Only in this case, it clearly didn’t work as Atrivo seems adept at playing the mole in a cyber version of whack-a-mole.

The post Internet Vigilantism appeared first on Dyn Research.


About the Author

Earl leads a peerless team of data scientists who are committed to analyzing Dyn’s vast Internet Performance data resources and applying their expertise to continually improve upon Dyn’s products and services.

More Content by Earl Zmijewski
Previous Article
Wrestling With the Zombie: Sprint Depeers Cogent, Internet Partitioned

A special Halloween edition of the Renesys Blog: That which was whole is now...

Next Article
Ike Brings Biggest Multi-State Internet Outage since 2003
Ike Brings Biggest Multi-State Internet Outage since 2003

Ike swept across Texas on Saturday, devastating Galveston and severely...