Internet Vigilantism

Atrivo (aka Intercage), a Concord, California-based Internet hosting service, disappeared from the Internet for around two days recently. They didn’t go bankrupt or suffer a physical catastrophe. Their providers simply shut them down by refusing their traffic. This might very well be the first time in history that the Internet community, a cooperative association of networks with no governing body, has collectively put someone out of business, if only briefly. The alleged sins of Atrivo have been documented extensively, both in the popular media (e.g., the Washington Post) and in technical forums (e.g., Spamhaus and numerous postings to the NANOG mailing list). It is clear that emotions run high with respect to Atrivo, long accused of benefiting from cyber-crime by hosting purveyors of malware, adware, spam, viruses and other cyber-surges. In this blog, we’ll take a quick look at their brief demise and make a few observations.

The following graph shows that Atrivo has had 10 different Internet providers over the past year. The number of Renesys peers selecting each provider is shown over time. Most providers didn’t stick around for long, but a few like WV Fiber (AS 19151) did hang in there for much of the year. For a couple of days recently, Atrivo had zero providers and were hence effectively out of business, but then United Layer (AS 23342) became their latest — and currently only — provider. We’ll see how long this lasts and if others step up to provide Atrivo with some redundancy. Of course, those who are convinced Atrivo is up to no good can simply block access to their IP addresses (prefixes) as they have a relatively modest allocation.




While I’m not a big fan of cyber-crime or the providers who knowingly host these activities, I can’t help but wonder where law enforcement is in this story. We still have laws, right? There is a lot of questionable activity and content on the Internet that is thriving and has no shortage of suitors. Even the most cursory look of of what passes for “content” should convince anyone that it’s pretty hard to get thrown off the Internet — it just doesn’t happen. But since it just did, I have no trouble believing that Atrivo had it coming. It’s tough to piss off the entire world, especially when you have the money to pay them off. I only wonder why the cops didn’t get there first. I think we’d all be better off with criminals and those who abet them in jail, rather than free to roam around and snooker someone else. (Why do I keep thinking sub-prime here?) But for law enforcement to do its job, it needs both the laws and the expertise to do so. This became very clear to me when someone in law enforcement approached me at a conference, suggesting a hijack of a site providing illegal content, allowing the cops to both deny access and see who the “customers” were. I politely pointed out that this sort of vigilantism was probably not the best approach and that he might want to seek a court injunction and/or work in concert with the major carriers. But in the absence of effective modern international laws, maybe the next best thing to combating cyber-crime is cyber-vigilantism. Only in this case, it clearly didn’t work as Atrivo seems adept at playing the mole in a cyber version of whack-a-mole.

7 comments
Aryeh Goretsky
Aryeh Goretsky

Hello, Considering it can take law enforcement months to years to gather enough evidence to issue an arrest warrant and bring a case to trial, how do you expect them to respond to electronic criminal activity which is expressed hours or even just minutes? Leaving aside the fact that they may not have the capabilities to prosecute the case, there seems to be a little matter of jurisdiction involved. If a crime did occur, where do you prosecute? In the country where the attack occurred? Where it originated? Where the web site was hosted? It seems to me that Atrivo's former peers have acted in their own best interests as well of those of their customers. A peering contract is a contract between businesses or organizations, not a law, and if one or both parties decide to terminate it is their decision. Given Atrivo's history, the only surprise of this has been how taken this long for them to become depeered. Regards, Aryeh Goretsky

Bill McGonigle
Bill McGonigle

There are lots of good comments above, but just to rephrase: the Internet works very well through voluntary association. Sure, have the government prosecute the meatspace crimes, but we'd be much worse off if they asserted control over the cyberspace aspects. That they don't even seem to be able or competent to do the former, we ought to be really scared if they wanted to do the latter.

dorn hetzel
dorn hetzel

If I refuse to have anything to do with you or your network, that sounds like shunning. Shunning is not vigilanteeism because I am not doing anything TO you, I am simply refusing to have anything to do WITH you, including taking your nasty bits..

Edward
Edward

As it has been explained to us - "the Internet is a not like a dump truck you load up - it is a series of tubes" Here on the Intertubes, it takes many tubes to get from any place to any other place. To accomplish this people make agreements called "peering" or "transit" where they agree I will Carry your traffic over my tubes if you will carry mine over yours. No one is under any obligation to do this and when someone comes to you asking you to carry their malware, bot nets and child porn, you are perfectly free to say thanks, but no thanks, that is not the kind of use I bought the equipment and maintain it for. This is in no way vigilanteism, unless you feel anyone has an obligation to transmit child porn, etc. It does take a lot before someone becomes so notorious that nobody will do business with them, but no vigilantism at work, remember - if one or two people said ok - that would be enough to overcome everyone else.

Larry Smith
Larry Smith

The issue inre Law Enforcement being involved is a two edged sword. We look at situations such as this and question LEO involvement - but seem to forget that they operate most often in a very strict, almost "walled-garden" environment of laws and regulations and clear cut defined rules - most of which the internet in general has vehmountly (sp) avoided over the years - EG: government involvement in the daily order and running of the "Internet". So sure, it is easy to get Law Enforcement involved, just turn over the "keys" to them (and give them the funding, personnel, resources, etc) and I am sure they will be happy to start ... Don't get me wrong, I am not saying there should not be involvement and criminal activities are still just that, but until there are better laws and more widely accepted (read the international) regarding cyber activity, there is going to be very little that "Law Enforcement" can do.

Gadi Evron
Gadi Evron

There is a difference between Vigilantism as it is perceived today and Vigilantism as it is in the dictionary. It means neighborhood watch. When the Police is not around, that is something you need. "It's for the children".

Rich Kulawiec
Rich Kulawiec

Three notes: it's not the first time -- there have been other examples, to varying degrees, of both the Internet Death Penalty and the Usenet Death Penalty. One particularly well-known example is AGIS. Another extant example might be the Spamhaus DROP list. Second, we have been waiting for law enforcement to do something effective about spammers for approximately 25 years. They haven't, and they don't show even the tiniest sign that they will in the future. Waiting for law enforcement to do something is pointless and foolish, as they will only act (and even then, incompetently) when it's in their self-interest to do so, e.g., when embarrassed or in need of a PR stunt. Third, self-defense isn't vigilantism. There is no requirement for anyone to passively endure years (and in the case of Atrivo, many years) of abuse while taking no steps to shield themselves from it. Nor is it required that anyone passively assist in transiting abuse to others while taking no steps to mitigate it.