, SecurityFocus 2009-06-05
A federal district court in San Jose shut down an alleged rogue Internet service provider, after the Federal Trade Commission documented the ISP's cooperation with online criminals and child pornographers, the agency announced on Thursday.
The takedown of the Internet service provider, Triple Fiber Network, comes after a months-long investigation by the FTC in collaboration with other government agencies and industry. The court ordered the ISP's upstream providers on Tuesday to disconnect Triple Fiber Network from their systems, cutting it off from the Internet, without notifying the company.
The FTC's complaint against Triple Fiber Network, and it's Belize-based parent company Pricewert LLC, states that the ISP hosted little legitimate content, instead selling its services to botnet operators, phishing scammers, and child pornographers.
"Pricewert is fully aware that it it hosting huge volumes of illegal, malicious, and harmful content," the FTC argue in its complaint filed with the court. "Moreover, Pricewert actively shields its criminal clientele by either ignoring takedown requests issued by the online security community or shifting its criminal clients to other Internet protocol addresses controlled by Pricewert so that they may evade detection."
The takedown is an unprecedented move by the FTC and marks an escalation of the government and security community's investigations of the Internet service providers that facilitate online crime. Last September, the upstream providers of rogue ISP Atrivo cut off the rogue ISP from the Internet, after security researchers offered up significant evidence of the company's wrongdoing. Two months later, the scenario repeated: This time, upstream providers for rogue ISP McColo cut off the haven for online criminals after reporter Brian Krebs documented evidence against the company. The volume of spam on the Internet immediately dropped to a third of its previous levels, and it took almost a half year for online scammers to recover.
The latest takedown came after an in-depth investigation of Triple Fiber Network by the Federal Trade Commission, which brought in experts from NASA's Office of Inspector General, the National Center for Missing and Exploited Children, and researchers at the University of Alabama, the Shadowserver Foundation, the Spamhaus Project, and Symantec, the owner of SecurityFocus.
"It is groundbreaking that the FTC would present and package such a good case for the takedown," said André DiMino, co-founder and director of the Shadowserver Foundation. "They did their homework."
The FTC approached DiMino in April to help document the amount of malicious activity originating from IP addresses belonging to Triple Fiber Network. DiMino found that the company which also uses the names 3FN, APS Telecom, APX Telecom, and APS Communications hosted the command-and-control servers for more than 4,576 unique malicious software programs. In addition, more than 311 unique IP addresses owned by 3FN were involved in malicious activity, according to Shadowserver's database.
The ISP hosted the command-and-control servers for the Cutwail botnet, among others, according the security firm Symantec. The security company found more than 600 IP addresses controlled by 3FN that were also launching attacks.
"The attacks we saw ran the gauntlet," said Vincent Weafer, vice president of Symantec's Security Response group. "A lot of attack activity, a lot of denial-of-service attacks, and botnet activity."