Atrivo (aka Intercage), a Concord, California-based Internet hosting service, disappeared from the Internet for around two days recently. They didn’t go bankrupt or suffer a physical catastrophe. Their providers simply shut them down by refusing their traffic. This might very well be the first time in history that the Internet community, a cooperative association of networks with no governing body, has collectively put someone out of business, if only briefly. The alleged sins of Atrivo have been documented extensively, both in the popular media (e.g., the Washington Post) and in technical forums (e.g., Spamhaus and numerous postings to the NANOG mailing list). It is clear that emotions run high with respect to Atrivo, long accused of benefiting from cyber-crime by hosting purveyors of malware, adware, spam, viruses and other cyber-surges. In this blog, we’ll take a quick look at their brief demise and make a few observations.

The following graph shows that Atrivo has had 10 different Internet providers over the past year. The number of Renesys peers selecting each provider is shown over time. Most providers didn’t stick around for long, but a few like WV Fiber (AS 19151) did hang in there for much of the year. For a couple of days recently, Atrivo had zero providers and were hence effectively out of business, but then United Layer (AS 23342) became their latest—and currently only—provider. We’ll see how long this lasts and if others step up to provide Atrivo with some redundancy. Of course, those who are convinced Atrivo is up to no good can simply block access to their IP addresses (prefixes) as they have a relatively modest allocation.

While I’m not a big fan of cyber-crime or the providers who knowingly host these activities, I can’t help but wonder where law enforcement is in this story. We still have laws, right? There is a lot of questionable activity and content on the Internet that is thriving and has no shortage of suitors. Even the most cursory look of of what passes for “content” should convince anyone that it’s pretty hard to get thrown off the Internet—it just doesn’t happen. But since it just did, I have no trouble believing that Atrivo had it coming. It’s tough to piss off the entire world, especially when you have the money to pay them off. I only wonder why the cops didn’t get there first. I think we’d all be better off with criminals and those who abet them in jail, rather than free to roam around and snooker someone else. (Why do I keep thinking sub-prime here?) But for law enforcement to do its job, it needs both the laws and the expertise to do so. This became very clear to me when someone in law enforcement approached me at a conference, suggesting a hijack of a site providing illegal content, allowing the cops to both deny access and see who the “customers” were. I politely pointed out that this sort of vigilantism was probably not the best approach and that he might want to seek a court injunction and/or work in concert with the major carriers. But in the absence of effective modern international laws, maybe the next best thing to combating cyber-crime is cyber-vigilantism. Only in this case, it clearly didn’t work as Atrivo seems adept at playing the mole in a cyber version of whack-a-mole.

This post has been reproduced here with kind permission from Renesys.