It worked
My daily supply of penis pill and luxury watch emails has effectively stopped. Could it have really been that simple? How long before Ronald McColo finds someplace else to set up shop?
Yet another network provider has been yanked offline after being accused by security researchers of acting as the mothership that allowed a large percentage of the world's spam operators and malicious networks to thrive. Upstream service to US-based McColo Corporation was terminated sometime Tuesday, according to researchers …
What people know but don't really appreciate, is that the people behind these operations are full-blown, hardened criminals. As such, they hate the police like the Devil hates holy water. You only have to read some carding boards for five seconds to realize they're absolutely paranoid about getting sustained attention from the boys (and girls) in blue.
What /really/ should've happened here, is that the FBI should've gotten involved and taken them down by force to have a big, obvious example out of them. This would've been much more useful, since it would've sent a strong message to the scum behind these outfits that they're not invincible and not invisible. As the Chinese say, kill one to warn a thousand...
(Flame, because It's too bad McColo only got unplugged -- perhaps some prison rape might've done them the world of good)
Sadly, they will just find another unscrupulous host as there are plenty from which to choose. Going after the hosts is a good idea but I don't know how feasible it would be given the timeframes required, legalities, etc, etc.
Nice to read this though, it warmed my heart a little. Come the revolution, spammers will be the first ones against the wall.
McColo have been housing the blackest of blackhats from the Russian-language AWM/malware scene for years. Really, really nasty stuff, the spam isn't the half of it.
I'm not sure what's happened to wake the upstreams up after years of ignoring security researchers' findings on companies like Atrivo and McColo, but it's very welcome.
Yes, of course the abuse will move to other providers in other countries, but the increased expense of moving hosting around and being kept out of US datacentres should hopefully cut down the plague of low-end affiliate players - the kind of guys we'd call script kiddies except that they do $millions of damage.
A combination of both would be my favourite - unplug 'em and give 'em maybe thirty seconds to realise their game is up before some 6-foot-6 monsters in tactical armour kick the door down and shove riot shotguns in their faces. Have them tackled to the floor, cuffed and stuffed then throw them in a holding cell with some 6-foot-8 monsters with more tattoos than teeth where they can stay until their preliminary hearing.
Film the lot and shove it on youtube.
McColo Busted: 2:43
McColo butt-raped in holding cell 20:17
McColo crying when sentence handed down 1:37
Seriously, if they've been deliberately hosting kiddie porn they deserve to be arrested, tried and imprisoned (also stick them on a sex offenders' register or two) for the (obviously) large number of offences to which they have been willing accessories.
I fully agree a strong message needs to be sent. If someone can be stuck on a sex offenders' register for loving their bicycle a little too much or sending pics of their naked selves to classmates, then surely those who actively support the international traffic in child pornography should be given similar treatment.
Indeed, the levels of spam have definitely gone down A LOT. It would amaze me if taking down the one operator would really be the only cause for that spam reduction. If true, the race to find the other major players should start now, with criminal prizes awarded to those who are found to be responsible for the mess. Jurisdiction will play an important role.
"Statistics from SpamCop showed a drop in the amount of spam being blasted out to the world. Starting Tuesday afternoon, spam volumes dropped from >>> about 30 junk messages <<< being sent every second to >>> less than 15 <<< at time of writing.."
"Even with the termination by Hurricane Electric, a second provider, Global Crossing, continued to provide connectivity to McColo, according to the CyberCrime and Doing Time blog. So far, Global Crossing's public relations reps have been vague about their plans for McColo (...)"
So, doing the math... if cutting off ONE of their TWO uplinks cut spam in HALF, then cutting off the OTHER one should...
...Now, let's not always see the same hands...!
The upstream providers were told time & time again, by members of every level of internet communications (from us "mere peons" to FCC bigwigs), that McColo was dirty.
Time & time again, those same upstream providers refused to DO anything about it, because they insisted the "occasional" spam was but a temporary issue & "solved" by "issuing a warning".
Until *multiple* ISP's got together, recorded GIGS of traffic data, all of it illegal, all of it pointing to McColo, and all of it actionable under U.S. Federal Law for child pornography, money laundering, wire fraud, & various other RICO Act violations.
The multiple ISP's effectively said, in unison "Shut them down, or we'll take YOUR butts to Court as Accessories."
At which point, McColo's upstream providers had two choices:
Continue to provide service to a known criminal organization & risk being thrown into prison right beside them, or kill McColo's connection & *hope like hell* that the Feds would accept that as some form of "proof" that said upstream providers were NOT in collusion with McColo.
Unfortunately, too many ISP's have too much data to prove otherwise.
We may see a veritable feces-storm hit the hurricane.
But then, with the levels of corruption we're talking about, there may be quite a few bribes, secret handshakes, a comical "slap on the wrist", and *silence*.
=(
I run two servers, and receive root-level mails from both of them; I noticed that for some reason the incoming spam level had dropped and for a while worried if my mail or spam daemon had died.
I get about 200+ e-mails per day, 99% of it is spam, helpfully marked as such by spamassassin. And now I get only one or two per hour instead of usual ten or so.
AWESOME.
This being America, some legal challenge will be put up by the guilty, and with our courts so focused on making sure reason and sanity never enter into the process - just "the law", McColo will ultimately receive monetary compensation for all the damage done to their reputation by these actions, and they'll be back on the air in no time, happily serving up their filth.
..that this happens on the day I finally gave up and added greylisting to the extensive arsenal of anti-spam measures (everything from ultra-tight MTA rules, extensive RBL checks, bayesian content filtering, etc etc etc) that already surrounds my mailserver.
I thought it was working really well, too.
Why my 1 ISP based e-mail account's spam level has dropped away.
Then again I do see days it's quiet and days it's 60+ after coming home from work having checked it before going to work. What gets me is them using my ISP e-mail account to spam me with e-mail..
Yeah it's really funny seeing "Offical Viagra...." appearing to come from my own e-mail address or variations on it..