Internet Troublemakers: Did They Get a Fair Shake?
Not too long ago several upstream Internet providers (e.g., Hurricane Electric) severed Internet service provider (ISP) McColo’s connectivity, leaving McColo’s customers isolated from the Internet. Why? Evidence indicated that McColo allowed numerous compromised and infected systems with botnet command and control functionality to send a huge volume of Internet spam that may according to estimates have amounted to between 65 and 75 percent of all Internet spam. Since McColo was taken offline, the volume of Internet spam traffic has diminished by approximately the same amount. Many Internet security researchers believe that McColo is the last of the major ISPs that cause widespread spam as well as widespread security problems. Intercage, another ISP, suffered the same fate for the same basic reason, although the Intercage takedown understandably received far less publicity because Intercage is a considerably smaller ISP.
Was the decision to cut McColo (and also Intercage) off from the Internet fair? The answer is almost certainly yes. The upstream providers who took down these ISPs had received numerous complaints, the majority of which were from security researchers, concerning the spam generated from both. Security researchers are by no means as perfect in their judgments and recommendations as they would have the public believe. Nevertheless, they are correct a sufficient percentage of the time to have earned a reasonable amount of credibility, enough such that when a large number of them pinpoint the source of massive amounts of spam, they should be believed. Moreover the fact that the volume of Internet spam decreased by the same approximately percentage that McColo was believed to consistently generate after McColo’s connectivity was severed provides additional evidence that McColo was indeed the culprit.
The decision of the upstream Internet providers is not universally popular, however. Some individuals claim that McColo’s (and also Intercage’s) case was handled capriciously and arbitrarily. A hearing in court, something that might conceivably happen in time, might make critics happier. However, it is difficult to believe that any court decision in favor of the troublemaking ISPs would ever be reached. Evidence concerning the volume and cost of the spam generated by the ISPs in question seems compelling; nevertheless, not all court decisions are rational in terms of common sense. And to the best of my knowledge, no lawsuit over the McColo case has been filed to date.
One thing that critics of the takedown decision also need to realize is that the takedown is not necessarily permanent. If McColo and Intercage were to get their act together by elevating the level of security they provide to the point that connected systems do not so easily fall prey to attackers and malware, they deserve another chance. Knowing this makes the decision to shut down these ISPs easier to accept, even among critics of this decision.
The Internet is truly a strange beast. It is used for a myriad of legitimate and useful purposes, but it is also increasingly being used for sordid purposes. ISPs have turned out to be an Achilles Heel, and now the pressure on them to cooperate by providing at least adequate levels of security or risk having connectivity severed is also growing, as McColo and Intercage found out. McColo and Intercage are by no means victims; instead, the Internet community as a whole was. The actions by upstream providers were thus completely justified; hopefully, they will serve as a warning to other ISPs that fail to be good citizens in terms of Internet security.