Internet Shuns U.S. Based ISP Amid Fraud, Abuse Allegations
A California based commercial Internet service provider whose clients included a laundry list of spammers and scammers is now offline, after the last of the company's upstream Internet providers decided to the pull the plug.
Atrivo, a.k.a "Intercage," of Northern California, ceased to be reachable from any points on the Internet early Sunday morning when the ISP's sole remaining provider - Pacific Internet Exchange (PIE) - stopped routing traffic for the troubled company.
The final blow comes just weeks after Security Fix joined several researchers in publishing evidence that major portions of Atrivo's network were being used to foist fake security software, Trojan horse programs, and other nastiness. As a result of those reports, several of Atrivo's upstream providers dropped the company as a client.
PIE agreed to provide routing for Atrivo after three other major upstream providers apparently decided it wasn't worthy the negative publicity of being associated with the company. I spoke with PIE president David Grieshaber a week ago Friday, asking him why he chose to take Atrivo on as a client when all other providers were ostracizing the company.
Grieshaber said he and Atrivo's founder Emil Kacperski had been good friends for several years, and that PIE and Atrivo also share the same building in San Francisco. Grieshaber confided that while he thought Kacperski was treated unfairly, he nevertheless decided to lay some ground rules as a precondition of their agreement.
"I told him, you've got to put up a Web site, an official abuse reporting and ticketing system, and some real contact information so that people can get in touch with you and know their complaints are being heard," Grieshaber said.
For all its years of operation, Atrivo's Web site consisted of little more than a blue background adorned with a simple "Web Site Launching Soon" banner. Critics took this as evidence that Kacperksi earned the majority of his customers via shady, underground channels.
In an interview last week, Kacperski said to the extent that there were bad apples hosted on his network, few of them were ever directly reported in e-mailed complaints. Kacperski claims he receives an average of just five complaints about abusive domains hosted on his network each week.
"The truth is that nobody's been reporting this stuff, but it's illegal for me to just sniff around each and every site on my network and say, 'Hey, what are you up to?,'" Kacperski said. "But if there's a complaint, then I can deal with it, I have to deal with it. Instead of complaints, I get people labeling me as some kind of mafia kingpin or crime boss."
On Sunday, PIE abruptly reversed course and pulled the plug on Atrivo, effectively knocking offline all of the sites hosted with Atrivo (including its biggest and most vilified client - EstDomains.com). Kacperski says PIE's Grieshaber took action due to pressure from his other clients. Grieshaber did not immediately respond to requests for comment.
In the meantime, a lively debate on Atrivo's demise has lit up the the mailing list of ISP operators known as the North American Network Operators Group (NANOG), with Kacperski defending his company's record and vowing to find another upstream provider.
Some have suggested that ISPs and Internet backbone providers should not be allowed to serve as judge, jury and executioner of problematic customers. Dan Goodin of TheRegister.com opined that the multilateral actions against Atrivo amounted to "a temporary and highly imperfect stopgap" orchestrated by "ad hoc malware police."
Goodin's stance was echoed by Marcus Sachs, director of the SANS Internet Storm Center.
"There are others out there who need to be cut off but we've got to find a better way to do it than by creating the virtual equivalent of a lynch mob," Sachs wrote in a e-mail to Security Fix.
Until that "better way" gains traction, however, it is all but certain that self-interested network providers will persist in efforts to string up the perceived bad actors, said Paul Ferguson, senior researcher at security firm Trend Micro.
"The community must police itself, and this is a fine example of purging badness," Ferguson said. "Of course, it will pop up elsewhere, but we're watching."
September 22, 2008; 1:12 PM ET
Categories: Cyber Justice , Fraud , From the Bunker
Save & Share: Previous: Apple Pushes New Patches
Next: Fake Facebook 'Add Friends' E-Mail Adds Malware
Posted by: TeMerc | September 22, 2008 1:34 PM | Report abuse
Posted by: Mdkm | September 22, 2008 2:17 PM | Report abuse
Posted by: Nandor Orban | September 22, 2008 2:18 PM | Report abuse
Posted by: Anonymous | September 22, 2008 3:33 PM | Report abuse
Posted by: chuck | September 22, 2008 4:10 PM | Report abuse
Posted by: Nandor Orban | September 22, 2008 4:13 PM | Report abuse
Posted by: suzi | September 22, 2008 4:15 PM | Report abuse
Posted by: chuck | September 22, 2008 4:20 PM | Report abuse
Posted by: Peter | September 22, 2008 4:30 PM | Report abuse
Posted by: Anonymous | September 22, 2008 4:37 PM | Report abuse
Posted by: Kfritz | September 22, 2008 5:15 PM | Report abuse
Posted by: James McQuaid | September 22, 2008 7:34 PM | Report abuse
Posted by: friend | September 23, 2008 6:52 AM | Report abuse
Posted by: David Leach | September 23, 2008 7:11 AM | Report abuse
Posted by: JZP | September 23, 2008 8:12 AM | Report abuse
Posted by: J. Warren | September 23, 2008 8:13 AM | Report abuse
Posted by: Eponymous | September 23, 2008 9:45 AM | Report abuse
Posted by: hotezzy | September 23, 2008 11:24 AM | Report abuse
Posted by: GoogleUser | September 23, 2008 11:36 AM | Report abuse
Posted by: askgees | September 23, 2008 11:56 AM | Report abuse
Posted by: Pete from Arlington | September 23, 2008 12:28 PM | Report abuse
Posted by: Nym | September 23, 2008 3:42 PM | Report abuse
Posted by: JBE | September 23, 2008 4:33 PM | Report abuse
Posted by: Anonymous | September 24, 2008 8:57 AM | Report abuse
Posted by: DLU | September 24, 2008 10:17 PM | Report abuse
Posted by: DLU | September 24, 2008 10:20 PM | Report abuse
Posted by: Rich Kulawiec | September 25, 2008 9:52 PM | Report abuse
Posted by: WallyG | September 26, 2008 2:11 AM | Report abuse
The comments to this entry are closed.