[funsec] McColo: Major Source of Online Scams andSpams KnockedOffline (fwd)

John Bambenek bambenek at gmail.com
Thu Nov 13 06:30:39 CST 2008


Something to keep in mind.  I don't believe it was McColo that was the 
end provider of "badware" per se (and I could be proven wrong), they 
simply played the enabling role by hosting it and looked the other way.  
Now don't get me wrong, they ought to be kicked offline for 
externalizing their costs on the rest of us, but what criminal charges 
could be filed here?  I'm not a lawyer but the person actually 
committing the crime and a person who willing provides tools to someone 
committing a crime are in completely different boats.

We could criminalize hosting malicious tools, but then what of nessus, 
nmap, wireshark and the host of security tools that are effectively 
"dual use"?  Child porn being an obvious exception of course, but the 
point remains.  Negligence is bad and perhaps there are criminal 
remedies that can be brought to bear (I'm not a lawyer, I don't play one 
on the intarwebs) but I would imagine they would be minor in comparison.

That said, of course this information should be turned over to law 
enforcement.  It often is.

j

Charles Wyble wrote:
>
>> On to the question about how network operators can help LE: *Collect 
>> the data that proves a company such as Intercage/McColo is harboring 
>> cybercriminals* and get with your local FBI/Secret Service field 
>> office (or your state's Attorney General's office) (or both) and 
>> submit a complaint at IC3's website  (www.ic3.gov) because we have an 
>> excellent team of analysts that track information like that.  Package 
>> up the evidence you have and send it out.    
>
>
> Excellent point. Something like the fine folks at 
> http://hostexploit.com/ are doing.
>
> I also believe SANS has some excellent courses on forensics, and 
> things like chain of custody etc. Not sure how much that applies to 
> these sort of scenarios but it can't hurt to package/handle the 
> evidence in as compliant a manner as possible.
>
>
>





More information about the NANOG mailing list