Home / Blogs

Internet Vigilantism

Earl Zmijewski

Atrivo (aka Intercage), a Concord, California-based Internet hosting service, disappeared from the Internet for around two days recently. They didn't go bankrupt or suffer a physical catastrophe. Their providers simply shut them down by refusing their traffic. This might very well be the first time in history that the Internet community, a cooperative association of networks with no governing body, has collectively put someone out of business, if only briefly. The alleged sins of Atrivo have been documented extensively, both in the popular media (e.g., the Washington Post) and in technical forums (e.g., Spamhaus and numerous postings to the NANOG mailing list). It is clear that emotions run high with respect to Atrivo, long accused of benefiting from cyber-crime by hosting purveyors of malware, adware, spam, viruses and other cyber-surges. In this blog, we'll take a quick look at their brief demise and make a few observations.

The following graph shows that Atrivo has had 10 different Internet providers over the past year. The number of Renesys peers selecting each provider is shown over time. Most providers didn't stick around for long, but a few like WV Fiber (AS 19151) did hang in there for much of the year. For a couple of days recently, Atrivo had zero providers and were hence effectively out of business, but then United Layer (AS 23342) became their latest — and currently only — provider. We'll see how long this lasts and if others step up to provide Atrivo with some redundancy. Of course, those who are convinced Atrivo is up to no good can simply block access to their IP addresses (prefixes) as they have a relatively modest allocation.

While I'm not a big fan of cyber-crime or the providers who knowingly host these activities, I can't help but wonder where law enforcement is in this story. We still have laws, right? There is a lot of questionable activity and content on the Internet that is thriving and has no shortage of suitors. Even the most cursory look of of what passes for "content" should convince anyone that it's pretty hard to get thrown off the Internet — it just doesn't happen. But since it just did, I have no trouble believing that Atrivo had it coming. It's tough to piss off the entire world, especially when you have the money to pay them off. I only wonder why the cops didn't get there first. I think we'd all be better off with criminals and those who abet them in jail, rather than free to roam around and snooker someone else. (Why do I keep thinking sub-prime here?) But for law enforcement to do its job, it needs both the laws and the expertise to do so. This became very clear to me when someone in law enforcement approached me at a conference, suggesting a hijack of a site providing illegal content, allowing the cops to both deny access and see who the "customers" were. I politely pointed out that this sort of vigilantism was probably not the best approach and that he might want to seek a court injunction and/or work in concert with the major carriers. But in the absence of effective modern international laws, maybe the next best thing to combating cyber-crime is cyber-vigilantism. Only in this case, it clearly didn't work as Atrivo seems adept at playing the mole in a cyber version of whack-a-mole.

This post has been reproduced here with kind permission from Renesys.

By Earl Zmijewski, VP and General Manager, Internet Data Services
Follow CircleID on
SHARE THIS POST

If you are pressed for time ...

... this is for you. More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Vinton Cerf, Co-designer of the TCP/IP Protocols & the Architecture of the Internet

Share your comments

There is a difference between Vigilantism as Gadi Evron  –  Sep 25, 2008 8:04 PM PST

There is a difference between Vigilantism as it is perceived today and Vigilantism as it is in the dictionary. It means neighborhood watch.

When the Police is not around, that is something you need. "It's for the children".

Then again, as someone else noted, there is a difference betwen vigilantism and shunning.

To post comments, please login or create an account.

Related

Topics

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byAfilias

DNS Security

Sponsored byAfilias

Cybercrime

Sponsored byThreat Intelligence Platform

Whois

Sponsored byWhoisXML API

IP Addressing

Sponsored byAvenue4 LLC

Cybersecurity

Sponsored byVerisign