Incident of the Week: Lativan Internet Service Provider Shut Down After Being Linked to Cybercrime Ring

Posted on August 6, 2009 by Gabriel M. Helmer

Earlier this week, Latvian internet service provider Real Host was shut down by its upstream providers Junik and TeliaSonera after security experts linked Real Host to a number of criminal activities.  Among the many activies allegedly conducted through Real Host were the use of malware to steal banking credentials, SPAM email campaigns and the service provider was running command and control servers for the Zeus botnet (i.e., millions of infected computer slaves or "bots" used by cybercriminals to steal information and attack other computers).  The expert who linked Real Host to these activites and who goes by the pseudonym "Jart Armin," told Network World in an interview that Real Host may be "one of the top European centers of crap."  Armin's site, HostExploit.com, has published a report on the rogue ISP (requires registration) and even has an abstract video of the take-down occuring.

The take-down of rogue ISPs by upstream service providers has become more common in the United States with the removal of Atrivo and McColo, two service providers shut down at the end 2008.  Where service providers did not take action, the Federal Trade Commission filed suit in federal court in California in June of this year to remove the rogue ISP Pricewert/3FN.  The complaint filed by the FTC (.pdf) alleged that, in becoming an active participant in a range of cybercrimes, the ISP committed unfair or deceptive acts or practices in violation of the FTC Act, 15 U.S.C. sec. 45(a). (Note also that the temporary restraining order and preliminary injunction entered in that action not only shut down the ISP, but also ordered the seizure of assets and a number of other extraordinary protections.)

Links:

 

Tags: , , , , , , , , , , , ,

European Service Providers To Begin (or Continue) Recording Data on All Electronic Communications

Posted on June 23, 2009 by Gabriel M. Helmer

On March 15, 2006, the European Parliament issued Directive 2006/24/EC (.pdf), outlining a new program that woud require internet service providers (ISPs) and telecommunications carriers to begin retaining comprehensive records of customer communications.  Specifically, the Directive required member states to ensure that a range of communications data be retained by service providers, including:

  1. The names, addresses, telephone numbers, Internet Protocol (IP) addresses and user IDs involved in Internet access, email and Internet telephony services;
  2. The date and time of the start and end of communications;
  3. The telephone numbers involved during a telephone call and the registered owners' names and addresses;
  4. Information allowing the identification of mobile phones used to make telephone calls and their geographic location when used to make calls.

The Directive expressly states that "[n]o data revealing the content of the communication may be retained pursuant to this Directive."  Under the Directive, service providers will be required to retain these records "not less than six months and not more than two years" and ensure that the retained records can be communicated to government authorities "without undue delay." 

Implementation of Directive 2006/24/EC to Internet communications has been delayed (if, for no other reason to figure out how to store the terrabytes of information as required under the new Directive).  During the interim, Ireland challenged the Directive in the European Court of Justice.  Examining the Directive, the ECJ held that it essentially pertained to commercial activities of service providers, rather than police and security matter, and dismissed the case

Member states recently have begun implementing the Directive. In the United Kingdom, the Home Office has prepared draft regulations transposing Directive 2006/24/EC into law (.pdf) that requires the retention of communications data for 12 months. This has led to significant criticism of the retention rules (see news coverage at the BBC and the Telegraph). Sweden has stated that it intends to postpone implementation of the Directive to Internet activity. 

Between the implementation of Directive 2006/24/EC and other invasive surveillance law being considered in Europe (France appears to be on the verge of legalizing government spyware), the landscape of Internet communications is evolving rapidly.  Anyone transacting business in Europe or who may transfer data through member states may need to consider the privacy implications of and retention obligations imposed by the new rules.

Links:

Tags: , , , , , , , ,