US court takes ISP off the web
The US Federal Trade Commission (FTC) has had Pricewert LLC, an internet service provider involved in spreading spam, malware and child pornography, temporarily taken off the web. The ISP, which also specialises in hosting phishing and other illegal sites, has been cut off by its upstream provider and had its assets frozen on the instruction of the US District Court in San Jose, California.
Pricewert LLC, which also does business under a variety of other names including APS Telecom and 3FN, is said by the FTC to have actively recruited and offered a communication platform to criminals. Pricewert is reported to have regularly ignored requests to remove illegal content and moved illegal sites to other addresses in order to evade detection.
According to the FTC, the ISP also hosted several command and control servers for controlling botnets. More than 4,500 programs for spying on users are reported to have been controlled from servers on 3FN networks. According to the report, NASA's Computer Crime Division, forensic scientists at the University of Alabama, the National Center for Missing and Exploited Children, the Shadowserver Foundation, which specialises in monitoring botnets, Symantec and Spamhaus all assisted in gathering evidence for the case. The court will hold a preliminary injunction hearing on the 15th of June.
The FTC has brought a number of cases against dodgy service providers and malware manufacturers. In late 2008, it obtained a ban preventing two purveyors of scareware from continuing to sell their wares. Shortly before that, at the FTC's request, a US court banned CyberSpy from continuing to sell its RemoteSpy espionage program.
link:
http://www.h-online.com/security/US-court-...b--/news/113462
more detailled information below! very important!
FTC Shuts Down Notorious Rogue Internet Service Provider, 3FN Service Specializes in Hosting Spam-Spewing Botnets, Phishing Web sites, Child Pornography, and Other Illegal, Malicious Web Content:
http://ftc.gov/opa/2009/06/3fn.shtm
Sabu
Full Version: US court takes ISP off the web
Looks like we had these guys since 2004-2006. Virtually all of it
was blocked as a part of Abovenet Communications, Inc in Level 2.
I've updated all of the Pricewert ranges to the same name and put
them all in the Spyware list.
was blocked as a part of Abovenet Communications, Inc in Level 2.
I've updated all of the Pricewert ranges to the same name and put
them all in the Spyware list.
And this is as certain as Saddam being responsible for 9/11 or what ?
Has anyone been arrested ? or charged ?
Shouldn't be to hard if THE ISP really hosted kiddie-abuse (I refuse to call it "porn") ..
Has anyone been arrested ? or charged ?
Shouldn't be to hard if THE ISP really hosted kiddie-abuse (I refuse to call it "porn") ..
The FTC works in the realm of civil law, not criminal law.
Their toolkit is the lawsuit and court injunction, not the
police, prosecutor and jails.
Tracing and arresting the criminals is difficult because
Pricewert had control and possession of all the usual
assets, like logs and databases. Also, it's possible that
most or all of the people are actually in other countries
and maybe visited only once to install hardware and
set it up to be run entirely from the internet.
Maybe the FBI is working on it, but I wouldn't expect
to hear about it until they had something to report.
Their toolkit is the lawsuit and court injunction, not the
police, prosecutor and jails.
Tracing and arresting the criminals is difficult because
Pricewert had control and possession of all the usual
assets, like logs and databases. Also, it's possible that
most or all of the people are actually in other countries
and maybe visited only once to install hardware and
set it up to be run entirely from the internet.
Maybe the FBI is working on it, but I wouldn't expect
to hear about it until they had something to report.
"Their toolkit is the lawsuit and court injunction, not the
police, prosecutor and jails."
Yes, and that also means the burden of "proof" is a lot easier to lift .
I'm very sceptical about stuff like this to say the least, we all know that certain
elements of the US-regime (and others, China and Denmark comes to mind) are hellbent on controlling the tubes of the internets and kiddie-abuse, Viruses, Intrusion, Spyware, Trojans & Adware is what they use
to justify their actions .
Besides, America strikes me as a pretty stupid place to choose if a ISP really is up to all that evil stuff .
police, prosecutor and jails."
Yes, and that also means the burden of "proof" is a lot easier to lift .
I'm very sceptical about stuff like this to say the least, we all know that certain
elements of the US-regime (and others, China and Denmark comes to mind) are hellbent on controlling the tubes of the internets and kiddie-abuse, Viruses, Intrusion, Spyware, Trojans & Adware is what they use
to justify their actions .
Besides, America strikes me as a pretty stupid place to choose if a ISP really is up to all that evil stuff .
Never underestimate the power of U.S. civil law!
Remember the O.J. Simpson trial some years back? In criminal court, a jury acquitted him of murdering his wife. Then the civil attorneys took over, and in a civil trial another jury found him accountable in the wrongful death of his wife, and stuck it to him. Not entirely satisfactory, perhaps, but better than nothing.
In an historic "better-than-nothing" situation, who can forget the Chicago mobster, Al Capone? Unable to make criminal charges stick, the FBI turned to civil law to get him off the streets. Convicted of income-tax evasion, he spent some years in prison. While thus incarcerated, syphilis took a serious toll on Capone's mind, so that when he was released and returned home, he never again was the effectual mob boss he was before.
So yeah, the agencies responsible for dispensing American justice do often rely on civil law to get the job done, sometimes as a second line of defense when criminal law fails, and sometimes as an initial weapon -- "We can file criminal charges later. First let's get the bum off the streets!" Overall I think those agencies are doing a pretty good job, as the news story Sabu contributed illustrates (thanks, Sabu!)
There are abuses of this civil "toolkit," I'm sure. I am particularly worried about the fate of our U.S. Constitutionally-guaranteed right to privacy and Constitutionally-mandated warrant requirement in the face of such challenges as the Patriot Act and other legislation that legitimize "warrantless search and seizure." Some American legislators and justices seem to think that the Internet is a public venue where the Constitutional rights of privacy and personal security "in one's person and effects" don't apply. I personally think that the Internet should be held to the same Constitutional standards as telephone communications whenever a U.S. citizen is involved: a "wiretap" requires probable cause and a warrant lawfully issued by a judge, and these requirements should never be waived!
Now having said that, I also think that if a web site or individual freely offers, "kiddie-abuse, viruses, intrusion, spyware, or Trojans" to the general public, and that this activity can be detected, basically, by simply logging onto the Internet, then most Constitutional questions suddenly become irrelevant. No cop in the world needs a warrant to arrest a thief whom he just witnessed throwing a brick through a jewelry-store window! He will still need a warrant to search the thief's home, but no warrant is needed to talk to people on the street who may have witnessed him committing other crimes at other times.
The analogy isn't perfect, but essentially what I'm saying is that if you parade your illicit activities before the global Internet public, don't expect to hide behind shields of "privacy" or "warrant requirements!"
Peer-to-peer file sharing is an entirely different thing, of course. Those are private transactions between individuals which may or may not be illegal. As such, whenever a U.S. citizen is on at least one side of the transfer, I believe, under the U.S. Constitution, a warrant is required to "wiretap" that transaction -- same as for a telephone conversation.
We live in perilous times!
Now I'm done with my rant and feel much better, thank you!
Remember the O.J. Simpson trial some years back? In criminal court, a jury acquitted him of murdering his wife. Then the civil attorneys took over, and in a civil trial another jury found him accountable in the wrongful death of his wife, and stuck it to him. Not entirely satisfactory, perhaps, but better than nothing.
In an historic "better-than-nothing" situation, who can forget the Chicago mobster, Al Capone? Unable to make criminal charges stick, the FBI turned to civil law to get him off the streets. Convicted of income-tax evasion, he spent some years in prison. While thus incarcerated, syphilis took a serious toll on Capone's mind, so that when he was released and returned home, he never again was the effectual mob boss he was before.
So yeah, the agencies responsible for dispensing American justice do often rely on civil law to get the job done, sometimes as a second line of defense when criminal law fails, and sometimes as an initial weapon -- "We can file criminal charges later. First let's get the bum off the streets!" Overall I think those agencies are doing a pretty good job, as the news story Sabu contributed illustrates (thanks, Sabu!)
There are abuses of this civil "toolkit," I'm sure. I am particularly worried about the fate of our U.S. Constitutionally-guaranteed right to privacy and Constitutionally-mandated warrant requirement in the face of such challenges as the Patriot Act and other legislation that legitimize "warrantless search and seizure." Some American legislators and justices seem to think that the Internet is a public venue where the Constitutional rights of privacy and personal security "in one's person and effects" don't apply. I personally think that the Internet should be held to the same Constitutional standards as telephone communications whenever a U.S. citizen is involved: a "wiretap" requires probable cause and a warrant lawfully issued by a judge, and these requirements should never be waived!
Now having said that, I also think that if a web site or individual freely offers, "kiddie-abuse, viruses, intrusion, spyware, or Trojans" to the general public, and that this activity can be detected, basically, by simply logging onto the Internet, then most Constitutional questions suddenly become irrelevant. No cop in the world needs a warrant to arrest a thief whom he just witnessed throwing a brick through a jewelry-store window! He will still need a warrant to search the thief's home, but no warrant is needed to talk to people on the street who may have witnessed him committing other crimes at other times.
The analogy isn't perfect, but essentially what I'm saying is that if you parade your illicit activities before the global Internet public, don't expect to hide behind shields of "privacy" or "warrant requirements!"
Peer-to-peer file sharing is an entirely different thing, of course. Those are private transactions between individuals which may or may not be illegal. As such, whenever a U.S. citizen is on at least one side of the transfer, I believe, under the U.S. Constitution, a warrant is required to "wiretap" that transaction -- same as for a telephone conversation.
We live in perilous times!
Now I'm done with my rant and feel much better, thank you!
CODE
Now having said that, I also think that if a web site or individual ....
Since when did a ISP become "a web-site" or "individual" ??
If there is any wrongdoing, prosecute the wrong-doers ...
QUOTE
If there is any wrongdoing, prosecute the wrong-doers ...
Absolutely right, winston!
I think you and I are talking about the same thing, just in different terms. When I say, "ISP," which means, "Internet Service Provider," that can mean one of two things: (1) a service which, for a fee, allows ordinary people to connect to the Internet, such as AOL, EarthLink, Netscape, MSN, and so on, or (2) a service that hosts web sites, including sites that are good and sites that are bad.
A service provider for web sites may have very strict rules about what sort of content may be hosted, or lax rules, or no rules at all. I think, as an example, that GoDaddy have rather lax rules.
What has happened here is that the U.S. Federal Trade Commission found an ISP for web sites that not only didn't care what sort of sites it hosted, but actively worked to encourage hosters of illegal porn and other terrible things to come to them to have those illegal sites hosted with them!
And as you say, winston, "Prosecute the wrong-doers!" I totally agree.
Some ISP's host ordinary people like you and me so that we can use the Internet. Other ISP's host web sites, like the bad ones we're talking about in this thread. Do you see what I meant now, when I made a distinction between web sites and individuals? Both need ISPs.
Keep on thinking the way you're thinking, Winston! You have it right.
The FTC Goes to Court to Ban a Rogue Web Host from the U.S.
By ANITA RAMASASTRY
Tuesday, June 16, 2009
Original Article from FindLaw
Earlier this month, the Federal Trade Commission (FTC) convinced a Northern California district court judge to grant a temporary restraining order (TRO) against Pricewert, which operates the Internet Service Provider (ISP) Triple Fiber Network (3FN).
The FTC alleges that Pricewert and 3FN recruit, distribute, and host electronic code or content that inflicts harm upon consumers -- including "child pornography, botnet command and control servers, spyware, viruses, Trojans, phishing related sites, illegal online pharmacies, investment and other web-based scams, and pornography featuring violence, bestiality and incest."
Significantly, this is the first time the FTC has tried to stop the operations of a large ISP and hosting service that is implicated in illegal activity.
The TRO hearing was conducted ex parte, without the presence of counsel for Pricewert. As a result of the TRO, 3FN's upstream providers and data centers were ordered to stop routing traffic for the ISP, and disconnected its servers from the Internet. The order caused more than 15,000 Web sites to be shuttered. It also froze Pricewert's assets – at least those located in the United States.
On June 15, that order expired. Now, the court must decide whether to grant the FTC's request for an injunction to stop Pricewert from operating in the US because of the likelihood of substantial injury to US consumers if it continues to do so. The FTC can also seek damages, if it so chooses, as part of its action for unfair practices under the Federal Trade Commission Act (FTCA).
Pricewert and 3FN claim they are innocent – but, as I will detail below, the FTC has presented strong evidence to the contrary. More specifically, Pricewert and 3FN say that they have never provided any services for illegal businesses intentionally. Indeed, their press release claims that "Pricewert LLC is able to assist the investigation and help finding the real cyber criminals; however, its customer databases and all servers are shut down with no access possible to it." The release further states, "You should not consider us as a law breaker or any kind of an asylum for criminals."
In this column, I will outline the FTC's allegations and the applicable law. I will also note the limited nature of the suit: While it's wise for the FTC to force rogue ISPs not to use the US to host their data, this suit and others like it will, at best, only shift such cyber crime elsewhere.
The FTC's Allegations Regarding Pricewert
Pricewert is registered as an Oregon limited liability company (LLC) but lists its principal place of business as Belize. It appears to have a significant number of servers at third-party data center located in San Jose, California – the heart of Silicon Valley. But its employees may be elsewhere. According to the FTC, Pricewert advertises its services in Russian; has employees in Ukraine and Estonia; and posts phone numbers on some of its web sites that are answered by speakers with Russian accents.
The FTC alleges that Pricewert has actively shielded its criminal clientele by either ignoring takedown requests issued by cyber-security experts, or shifting its criminal clients to new Internet Protocol (IP) addresses that it also controlled, so that they could evade detection. In addition, the FTC says Pricewert advertised its services in the "darkest corners" of the web. The FTC notes, for example, that the company's presence was noted on a forum established to facilitate communication between criminals.
In support of its allegations, the FTC has submitted to the court declarations from experts at a variety of nonprofits, academic organizations, and computer security outfits -- including NASA's Office of the Inspector General's Computer Crime Division, the Spamhaus Project, The National Center for Missing and Exploited Children, and the ShadowServer Foundation.
Spamhaus, an organization which tracks high-volume spammers, has documented, for example, that 3FN is linked to various notorious or infamous spammers; and The Center For Missing and Exploited Children has received complaints from citizens about child pornography being hosted on 3FN websites. NASA began its own investigation after its computers were compromised and was able to find ICQ (a type of Internet messaging) logs connected to Pricewert.
The Case for the TRO
In making its case for the TRO, the FTC alleged that Pricewert colluded with spammers and others to host "botnets" – which are often deployed for illegal purposes including sending high-volume spam or launching denial-of-service attacks.
According to the FTC, Pricewert worked with "bot herders" and used command-and-control servers to relay commands to numerous compromised "slave computers." The result was that the machines, which had been taken over by the herders, would send out thousands of spam messages. The transcripts of the ICQ logs filed with the district court reportedly show senior Pricewert employees discussing the configuration of botnets with clients.
Overall, the FTC alleges that more than 4,500 harmful software programs are controlled by servers hosted and controlled by 3FN. This so-called malware included programs that were capable of keystroke logging, password and data theft and illicit spamming.
The FTC divides its unfair trade practices FTCA claim into two main categories of activity: (1) unfair distribution and hosting of illegal, malicious and harmful code or content; and (2) unfair computer intrusion. Under the FTCA, an act is "unfair" if it causes or is likely to cause substantial injury to consumers; the harm is not outweighed by any countervailing benefits; and the harm is not reasonably avoidable by consumers.
The FTC charged that the defendants' distribution of illegal, malicious, and harmful content and its deployment of botnets that compromised thousands of computers and caused substantial consumer injury were unfair practices, in violation of federal law.
Based on the FTC's evidence, the court found that the FTC was likely to be able to prove that the defendant (1) "operated through a series of mail drops and shell companies; with a principal place of business and its principals located outside of the United States"; (2) "continued its unlawful operations unabated despite requests from the Internet security community to cease its injurious activities"; (3) "is engaged in activities that directly violate U.S. law and cause significant harm to consumers," and (4) "is likely to relocate the harmful and malicious code it hosts and/or warn its criminal clientele of the action."
A Groundbreaking Move by the FTC – But How Effective Will It Be?
As noted above, this is the first time the FTC has gone after a large ISP and hosting service that is allegedly connected to illegal activity. It surely has the power to do so – for it can shut down companies that engage in unfair and deceptive trade practices. And there is a strong advantage to the government's proceeding via the FTC, not criminal prosecutions, which require proof beyond a reasonable doubt.
But there are limits to the effectiveness of FTC action in this context. As news reports note, Russian blogs are beginning to actively discuss 3FN's closure – and to suggest that the criminal activity it is alleged to have fostered will likely find new homes in cyberspace. Meanwhile, 3FN representatives may be telling customers that they will be back online at a new location shortly.
The U.S. federal district court hearing the case can only stop activity that occurs within its borders – in this case, traffic to Pricewert's networks connected to the US. It can also freeze assets that are located in the US. But in the future, the data at issue may be hosted elsewhere.
Moreover, the court's order may not be uniformly effective overseas. For example, the court ordered the defendant to transfer certain funds located overseas to a blocked account in the U.S. However, such an order is difficult to enforce. If the defendants are truly nefarious as the FTC claims, why would they willingly surrender their assets? In the end, controlling cybercrime may require a great deal of international cooperation; the FTC surely cannot do it alone.
By ANITA RAMASASTRY
Tuesday, June 16, 2009
Original Article from FindLaw
Earlier this month, the Federal Trade Commission (FTC) convinced a Northern California district court judge to grant a temporary restraining order (TRO) against Pricewert, which operates the Internet Service Provider (ISP) Triple Fiber Network (3FN).
The FTC alleges that Pricewert and 3FN recruit, distribute, and host electronic code or content that inflicts harm upon consumers -- including "child pornography, botnet command and control servers, spyware, viruses, Trojans, phishing related sites, illegal online pharmacies, investment and other web-based scams, and pornography featuring violence, bestiality and incest."
Significantly, this is the first time the FTC has tried to stop the operations of a large ISP and hosting service that is implicated in illegal activity.
The TRO hearing was conducted ex parte, without the presence of counsel for Pricewert. As a result of the TRO, 3FN's upstream providers and data centers were ordered to stop routing traffic for the ISP, and disconnected its servers from the Internet. The order caused more than 15,000 Web sites to be shuttered. It also froze Pricewert's assets – at least those located in the United States.
On June 15, that order expired. Now, the court must decide whether to grant the FTC's request for an injunction to stop Pricewert from operating in the US because of the likelihood of substantial injury to US consumers if it continues to do so. The FTC can also seek damages, if it so chooses, as part of its action for unfair practices under the Federal Trade Commission Act (FTCA).
Pricewert and 3FN claim they are innocent – but, as I will detail below, the FTC has presented strong evidence to the contrary. More specifically, Pricewert and 3FN say that they have never provided any services for illegal businesses intentionally. Indeed, their press release claims that "Pricewert LLC is able to assist the investigation and help finding the real cyber criminals; however, its customer databases and all servers are shut down with no access possible to it." The release further states, "You should not consider us as a law breaker or any kind of an asylum for criminals."
In this column, I will outline the FTC's allegations and the applicable law. I will also note the limited nature of the suit: While it's wise for the FTC to force rogue ISPs not to use the US to host their data, this suit and others like it will, at best, only shift such cyber crime elsewhere.
The FTC's Allegations Regarding Pricewert
Pricewert is registered as an Oregon limited liability company (LLC) but lists its principal place of business as Belize. It appears to have a significant number of servers at third-party data center located in San Jose, California – the heart of Silicon Valley. But its employees may be elsewhere. According to the FTC, Pricewert advertises its services in Russian; has employees in Ukraine and Estonia; and posts phone numbers on some of its web sites that are answered by speakers with Russian accents.
The FTC alleges that Pricewert has actively shielded its criminal clientele by either ignoring takedown requests issued by cyber-security experts, or shifting its criminal clients to new Internet Protocol (IP) addresses that it also controlled, so that they could evade detection. In addition, the FTC says Pricewert advertised its services in the "darkest corners" of the web. The FTC notes, for example, that the company's presence was noted on a forum established to facilitate communication between criminals.
In support of its allegations, the FTC has submitted to the court declarations from experts at a variety of nonprofits, academic organizations, and computer security outfits -- including NASA's Office of the Inspector General's Computer Crime Division, the Spamhaus Project, The National Center for Missing and Exploited Children, and the ShadowServer Foundation.
Spamhaus, an organization which tracks high-volume spammers, has documented, for example, that 3FN is linked to various notorious or infamous spammers; and The Center For Missing and Exploited Children has received complaints from citizens about child pornography being hosted on 3FN websites. NASA began its own investigation after its computers were compromised and was able to find ICQ (a type of Internet messaging) logs connected to Pricewert.
The Case for the TRO
In making its case for the TRO, the FTC alleged that Pricewert colluded with spammers and others to host "botnets" – which are often deployed for illegal purposes including sending high-volume spam or launching denial-of-service attacks.
According to the FTC, Pricewert worked with "bot herders" and used command-and-control servers to relay commands to numerous compromised "slave computers." The result was that the machines, which had been taken over by the herders, would send out thousands of spam messages. The transcripts of the ICQ logs filed with the district court reportedly show senior Pricewert employees discussing the configuration of botnets with clients.
Overall, the FTC alleges that more than 4,500 harmful software programs are controlled by servers hosted and controlled by 3FN. This so-called malware included programs that were capable of keystroke logging, password and data theft and illicit spamming.
The FTC divides its unfair trade practices FTCA claim into two main categories of activity: (1) unfair distribution and hosting of illegal, malicious and harmful code or content; and (2) unfair computer intrusion. Under the FTCA, an act is "unfair" if it causes or is likely to cause substantial injury to consumers; the harm is not outweighed by any countervailing benefits; and the harm is not reasonably avoidable by consumers.
The FTC charged that the defendants' distribution of illegal, malicious, and harmful content and its deployment of botnets that compromised thousands of computers and caused substantial consumer injury were unfair practices, in violation of federal law.
Based on the FTC's evidence, the court found that the FTC was likely to be able to prove that the defendant (1) "operated through a series of mail drops and shell companies; with a principal place of business and its principals located outside of the United States"; (2) "continued its unlawful operations unabated despite requests from the Internet security community to cease its injurious activities"; (3) "is engaged in activities that directly violate U.S. law and cause significant harm to consumers," and (4) "is likely to relocate the harmful and malicious code it hosts and/or warn its criminal clientele of the action."
A Groundbreaking Move by the FTC – But How Effective Will It Be?
As noted above, this is the first time the FTC has gone after a large ISP and hosting service that is allegedly connected to illegal activity. It surely has the power to do so – for it can shut down companies that engage in unfair and deceptive trade practices. And there is a strong advantage to the government's proceeding via the FTC, not criminal prosecutions, which require proof beyond a reasonable doubt.
But there are limits to the effectiveness of FTC action in this context. As news reports note, Russian blogs are beginning to actively discuss 3FN's closure – and to suggest that the criminal activity it is alleged to have fostered will likely find new homes in cyberspace. Meanwhile, 3FN representatives may be telling customers that they will be back online at a new location shortly.
The U.S. federal district court hearing the case can only stop activity that occurs within its borders – in this case, traffic to Pricewert's networks connected to the US. It can also freeze assets that are located in the US. But in the future, the data at issue may be hosted elsewhere.
Moreover, the court's order may not be uniformly effective overseas. For example, the court ordered the defendant to transfer certain funds located overseas to a blocked account in the U.S. However, such an order is difficult to enforce. If the defendants are truly nefarious as the FTC claims, why would they willingly surrender their assets? In the end, controlling cybercrime may require a great deal of international cooperation; the FTC surely cannot do it alone.
This is a "lo-fi" version of our main content. To view the full version with more information, formatting and images, please click here.