Spam is silenced, but where are the feds?
On Oct. 14, the U.S. Federal Trade Commission, with help from the U.S. Federal Bureau of Investigation and New Zealand police, announced that it had shut down a vast international spam network known as HerbalKing.
It was a triumphant moment for the FTC, which said that the group had been linked to as much as a third of the junk e-mail on the Internet. In an interview with The New York Times, FTC Commissioner Jon Leibowitz was modest in his appraisal of the situation. "They were sending extraordinary amounts of spam," he said. "We are hoping at some level that this will help make a small dent in the amount of spam coming into consumers' in-boxes."
The FTC's HerbalKing operation grabbed a lot of headlines, but it didn't do much to reduce the amount of spam on the Internet, researchers say. Within a week, spam was as big of a problem as ever.
Instead, it took another operation, two weeks later, against the ISP (Internet service provider) McColo in San Jose, California, to really reduce the amount of spam. But although McColo appears to have been a playground for Internet criminals, no federal agency, not the FTC, not the FBI, not the Secret Service or the Department of Justice, was involved in shutting it down.
With McColo, Internet researchers and Washington Post reporter Brian Krebs essentially shamed ISPs Global Crossing and Hurricane Electric into dropping service for McColo, whose network had been associated with a range of illegal activity from hacked botnet computers to spam and even child pornography.
Unlike HerbalKing, the results after McColo's takedown were dramatic. About half of the spam on the Internet disappeared.
Cisco Systems' IronPort division says that though there have been some brief spikes in activity, spam is still down significantly from where it was prior to the McColo takedown. McColo could not be reached for comment on this story.
But two weeks after McColo was dropped by its network providers, the company's data center remains untouched. That frustrates some security researchers who say that the servers used to control these operations could provide a treasure trove of evidence about cybercriminals.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
spam
Powered by Twitter
Esther Schindler
If the comments are ugly, the code is ugly
claird
SVG a graphics format for 21st century
pasmith
Take Chrome OS for a test spin
Sandra Henry-Stocker
Solaris Tip: Have Your Files Changed Since Installation?
jfruh
Android fragments vs. the iPhone monolith
mikelgan
What Gizmodo missed about the Pro WX Wireless USB disk drive
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
