It has been awfully quiet here. I hope to post something new and interesting again, eventually, but nothing of much interest that didn’t got enough coverage in other blogs or websites has been happening. Still, I’d like to comment about something that already got plenty of coverage: Intercage being disconnected by its upstream providers and the subsequent ESTDomains’s “global war on malware” declaration.
The promises cannot be forgotten. So here remains the link as a self-reminder.
I find that Dan Goodin’s comments about this at The Register miss the point. He criticizes the ISPs for shutting Intercage down. Intercage, ESTDomains et al pretended they were responsible hosting companies and promised to shut down any malware sites. But that never happened, so people eventually stopped trying. And now they’re the victims, apparently.
If you’re going to host malware, please say so by “setting the evil bit” somehow. Then I can block your netblock and keep my hosting away from your datacenters. If you can’t set the evil bit, then you have no business in the network, because free speech is only about your right to say something, not about my obligation to listen to you.
This isn’t about free speech, nor is it about neutrality. This is about criminal activities which hurt the net itself, by helping the creation and operation of botnets and spam. This is not a matter of opinion; it’s destructive for the network itself to allow such servers to remain online.
It’s very different from when a website hosts a tool which can be used for malicious purposes but doesn’t need to be. These Intercage websites aren’t tools; they’re crime itself: deceptive, abusive and purely malicious.
Goodin’s analogy of phone companies which have drug dealers as clients is also flawed. You don’t need to answer the phone if a drug dealer is calling, neither do you need to accept his offer. But these rogue websites force their way into your browser and, with exploits, into your computer.
The hosting companies’ situation is different. It’s as if they were responsible for the space in which an outdoor or road sign which contains an illegal image which you can’t do nothing but look is at. Don’t you expect the people who made this obviously illegal outdoor and the ones who consented for it to be put where it was to be held responsible if they did nothing once notified?
Sure, we need to be careful so compromised domains don’t get taken down by mistake, for example. But this is not a case of irresponsible conduct or hastiness on the upstream provider’s part. Atrivo/Intercage’s history of malicious activity is very long; it wasn’t something that happened suddenly or took anyone by surprise. Most abuse reporters and malware researchers knew about those companies a long time ago. A quick Google search shows system admins have been complaining about Intercage’s abuse department’s unresponsiveness since 2005.
It it takes three years of misconduct for an ISP to be declared guilty, then we aren’t really being that quick. Again, we need to be careful — I certainly don’t want my websites to be taken down permanently because it got hacked or accidentally found its way into a blacklist –, but action does need to be taken sometimes. Intercage had more than enough time to fix themselves up. But they didn’t.