Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Security The Internet

McColo Takedown, Vigilantes Or Neighborhood Watch? 194

CWmike writes "Few tears were shed when alleged spam and malware purveyor McColo was suddenly taken offline last Tuesday by its upstream service providers. But behind the scenes of the McColo case and another recent takedown of Intercage, a ferocious struggle is taking place between the purveyors of Web-based malware and loosely aligned but highly committed groups of security researchers who are out to neutralize them. Backers claim that the effort to shut down miscreant ISPs is needed because of the inability of law enforcement agencies to deal with a problem that is global in nature. But some question whether there is a hint of vigilantism behind the takedowns — even as they acknowledge that there may not be any other viable options for dealing with the problem at this point."
This discussion has been archived. No new comments can be posted.

McColo Takedown, Vigilantes Or Neighborhood Watch?

Comments Filter:
  • No (Score:4, Insightful)

    by Rayban ( 13436 ) * on Monday November 17, 2008 @05:50PM (#25793683) Homepage

    I don't think notifying providers of illegal activity that they then act on is considered vigilantism. If the spammers don't like it, they should sue.

    • You can't make an omlette without breaking eggs. I for one, and sick of finding spam in my omlette.

      When you are breaking the rules, you can't complain when someone takes your toys away. I feel utterly zero pity/sadness/whatever in regards to this. As far as I am concerned, spammers are at the utter bottom of the food chain. Damned plankton eaters.
      • by narcberry ( 1328009 ) on Monday November 17, 2008 @09:45PM (#25796609) Journal

        You can't make an omlette without breaking eggs. I for one, and sick of finding spam in my omlette.

        I tried to understand this, I really did.

        • Re: (Score:3, Funny)

          by Fluffeh ( 1273756 )
          Fine, explanation time:

          The quote "You can't make an omlette without breaking a few eggs" means that you cannot always keep everyone happy.

          I added to this to say that I was sick of finding spam (the food kind) in my omlette as a play on TFA which is all about spam (the junk kind) - which in the end means that if I was going to have some unhappy campers in this entire picture, I would choose the ones who are sending all the spam (the junk kind). Geez, next time I will just use a car analogy.
          • So, what are the eggs? And what's your omelet?

            The quote really means you need to cause a little harm to do greater good.

            • eggs, spam, spam and spam (or spam omelette in this case) refers, I believe, to desired communication, penis enlargement offers, offers to earn cash working from home and offers of a generous percentage of the loot in exchange for assisting a Mr F. Obasanway to get his deceased uncles funds out of Nigeria.

              The omelette itself is your MUA.
              But to really get this we need a car analogy ;0

    • Re:No (Score:5, Insightful)

      by Austerity Empowers ( 669817 ) on Monday November 17, 2008 @09:28PM (#25796449)

      Some ISPs think they can cut or filter your internet activities because you consume too much bandwidth. It's probably in your terms of service somewhere (now or in the future, you'll sign or you won't get internet). Elsewhere on slashdot, if you mention "Comcast", an array of hysteria breaks out.

      If these people are guilty of a crime, law enforcement needs to prosecute. If you can track the perpetrator to a US based location, then there's no "global problem" excuse. The only issue is that as a citizen there's no chain of custody on your evidence, so they'll have to do their own detective work. But once you know someone is probably guilty of something, you can probably find something on him. If the appropriate authorities are not interested in being involved, THAT is the problem worthy of public attention.

      The ends don't always justify the means. Bypassing proper authorities is not appropriate when it's a big evil corporation chasing 12yo girls pirating Britney, and it's not appropriate from a group of well-intentioned vigilanties. We have law and law enforcement to prevent this sort of thing from happening. If they are inadequate, we should focus on solving that problem. It's true spam may not rate right now with unemployment and economic collapse...and that's not a bad thing.

      I hate spammers and won't lift a finger to help them (I really ought to, I just can't overlook my hatred of them), but I worry more about the long term effects of people taking laws into their own hands and getting street justice. I worry about ISPs getting excessively involved in the content passing through their networks, and being, in any way, legally justified in moderating, censoring or controlling access based on anything other than whether your check cashes. I would rather tolerate a few low grade crooks than live in the kind of society where the lowest common denominator creates all laws.

    • This discussion doesn't need any more than the above comment. Is it vigilante justice when someone phones the cops after you run a red light and knock down a grandmother? It's not like the security researchers are smashing up the servers in the colo - they're just informing the providers of a breach of their AUP and asking for the consequences set out in that AUP.

    • Personally, I thoroughly applaud their actions. What they did is in the best traditions of internet management. Other ISPs have found themselves dropped into a black hole in the past, back when everyone was using USENET. Unfortunately, once mroe people came on the scene and the number of posts grew, fewer people were willing to investigate the headers and track down miscreants to their ISP to complain.

      This is an example of the Internet's "self-healing" capability. They've excised a malignant tumor. Nothing

  • Who Cares? (Score:2, Redundant)

    by iamhigh ( 1252742 )
    And also can we get the obligatory "Your solution to SPAM fails to account for the following..." post?
    • by Rayban ( 13436 ) * on Monday November 17, 2008 @05:54PM (#25793731) Homepage

      Your comment fails to account for:

      [x] Laziness on the behalf of the Slashdot readers
      [x] Lack of time
      [x] Boredom with the same auto-reply form
      [ ] Puppies

    • Re:Who Cares? (Score:5, Interesting)

      by mdmkolbe ( 944892 ) on Monday November 17, 2008 @07:32PM (#25795149)

      You asked and I'm happy to oblige. As spam systems go this one scores fairly well. The biggest problem is the "worm-ridden Windows boxes" checkbox.

      ----

      Your post advocates a

      ( ) technical ( ) legislative ( ) market-based (x) vigilante

      approach to fighting spam. Your idea will not work. Here is why it won't work. (One or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

      ( ) Spammers can easily use it to harvest email addresses
      (x) Mailing lists and other legitimate email uses would be affected
      ( ) No one will be able to find the guy or collect the money
      ( ) It is defenseless against brute force attacks
      ( ) It will stop spam for two weeks and then we'll be stuck with it
      ( ) Users of email will not put up with it
      ( ) Microsoft will not put up with it
      ( ) The police will not put up with it
      ( ) Requires too much cooperation from spammers
      ( ) Requires immediate total cooperation from everybody at once
      ( ) Many email users cannot afford to lose business or alienate potential employers
      ( ) Spammers don't care about invalid addresses in their lists
      ( ) Anyone could anonymously destroy anyone else's career or business

      Specifically, your plan fails to account for

      (x) Laws expressly prohibiting it
      ( ) Lack of centrally controlling authority for email
      (x) Open relays in foreign countries
      ( ) Ease of searching tiny alphanumeric address space of all email addresses
      ( ) Asshats
      ( ) Jurisdictional problems
      ( ) Unpopularity of weird new taxes
      ( ) Public reluctance to accept weird new forms of money
      ( ) Huge existing software investment in SMTP
      ( ) Susceptibility of protocols other than SMTP to attack
      ( ) Willingness of users to install OS patches received by email
      (x) Armies of worm riddled broadband-connected Windows boxes
      ( ) Eternal arms race involved in all filtering approaches
      (x) Extreme profitability of spam
      ( ) Joe jobs and/or identity theft
      ( ) Technically illiterate politicians
      ( ) Extreme stupidity on the part of people who do business with spammers
      ( ) Dishonesty on the part of spammers themselves
      ( ) Bandwidth costs that are unaffected by client filtering
      ( ) Outlook

      and the following philosophical objections may also apply:

      ( ) Ideas similar to yours are easy to come up with, yet none have ever
      been shown practical
      ( ) Any scheme based on opt-out is unacceptable
      ( ) SMTP headers should not be the subject of legislation
      ( ) Blacklists suck
      ( ) Whitelists suck
      ( ) We should be able to talk about Viagra without being censored
      ( ) Countermeasures should not involve wire fraud or credit card fraud
      ( ) Countermeasures should not involve sabotage of public networks
      ( ) Countermeasures must work if phased in gradually
      ( ) Sending email should be free
      ( ) Why should we have to trust you and your servers?
      ( ) Incompatiblity with open source or open source licenses
      ( ) Feel-good measures do nothing to solve the problem
      ( ) Temporary/one-time email addresses are cumbersome
      ( ) I don't want the government reading my email
      ( ) Killing them that way is not slow and painful enough

      Furthermore, this is what I think about you:

      ( ) Sorry dude, but I don't think it would work.
      ( ) This is a stupid idea, and you're a stupid person for suggesting it.
      ( ) Nice try, assh0le! I'm going to find out where you live and burn your
      house down!

        • "vigilante" and "market-based" are synonymous here - the vigilantes were able to take them down by telling their service providers what was going on, and everybody dropped them except for a brief blip on Sunday from another service provider who hadn't gotten the message at first.
        • "mailing lists and other legitimate..." don't seem to have applied here; if you can believe the articles in the press, this wasn't a network that marketed itself to legitimate users, though there may have been a few people who na
    • Sorry I couldn't be bothered filling it out.

      Your post advocates a

      () technical ( ) legislative ( ) market-based ( ) vigilante

      approach to fighting spam. your idea will not work. here is why it won't work. (one or more of the following may apply to your particular idea, and it may have other flaws which used to vary from state to state before a bad federal law was passed.)

      ( ) spammers can easily use it to harvest email addresses
      ( ) mailing lists and other legitimate email uses would be affected
      ( ) no one will

  • by whoever57 ( 658626 ) on Monday November 17, 2008 @05:56PM (#25793787) Journal
    Vigilantism would be action like that employed by the Lad Vampire. [wikipedia.org] This was just a bunch of experts asking companies to enforce their TOS.
  • by plover ( 150551 ) * on Monday November 17, 2008 @05:59PM (#25793823) Homepage Journal

    When you have no law, nobody with legal authority, vigilantes and posses will form to deal with issues. Human history is filled with evidence of this. Usually, the citizens demand a code of law to emerge from the chaos after some gross miscarriage of justice is perpetrated by an overzealous vigilante. The internet hasn't had that yet.

    The internet is still in the stage where vigilantes mostly take care of it, and likely will be for some time to come. Certain nations lay claim to certain aspects of internet behavior of their citizens (we almost all agree that child porn is bad, for example.) But the more restrictive you get, the fewer people are in agreement. We'll never get the whole globe to agree on standards for porn, political content, religious content, etc., so it will be almost impossible for a Global Internet Police Force to arise.

    I think the undefined-but-pragmatic status we're in will last quite a while longer, and the vigilantism will increase. Maybe the future will hold an odd-bedfellows agreement along the lines of the UK/USA spying deal. U.S. vigilantes will not be extradited for committing a good-faith takedown of a Russian spammer. And Russian vigilantes will not be extradited for taking down an American spammer.

    • by The Cisco Kid ( 31490 ) on Monday November 17, 2008 @06:25PM (#25794245)

      This isnt about vigilantes, or international law. No one went and did anything to these spammers, illegal (in any jurisdiction) or otherwise. Their OWN upstream ISP shut them off, presumably after it became aware of TOS violations. The day it becomes illegal to either report spam to an ISP, or for that ISP to shut off its customers that it determines are sending spam (or for any other cause [including the infamous 'for any reason we want' clause] listed in the TOS the customer agreed to), is the day the Internet dies.

      Now, I'm sure the spammers are unhappy that volunteer citizens around the world track their spammy activities, and will do their best to whine and try to paint it as something illegal or wrong, but that doesnt change what happened.

      • by plover ( 150551 ) *

        But it is about vigilantes because there are no effective laws here, no Internet Cops busting the evil bot herders. There are some TOS contracts that ISP's can kind-of hide behind when they occasionally yank the plug. But why did this responsibility fall to their upstream providers?

        If this really was a giant botnet hub, why didn't "real" law enforcement take them down? Because there are no effective laws, and no effective law enforcement who thinks they have the proper jurisdiction. The Secret Servic

        • by ahodgson ( 74077 )

          There are plenty of applicable laws, many 30+ years old. The feds are just too busy wiretapping innocent people and putting pot smokers in jail to have time to enforce them.

    • Re: (Score:3, Interesting)

      Yeah, and vigilantes have a long history of killing the innocents that happen to be near the Big Bad Man(tm) when the big brown slimy hits the fan. There's a reason we have laws, and a police force -- and it's partly to keep our casualties to a minimum. Vigilantism is nothing more than frustration combined with a big ego... And a hero can be properly defined as "someone who gets other people killed". Sure... it's just an internet connection... But the ethics are the same. Security researchers so often have

      • And a hero can be properly defined as "someone who gets other people killed".

        Getting your philosophy from a movie is a bad idea. It simultaneously makes you look shallow and dumb. Make a note for the future that said line was delivered by someone robbing a payroll shipment and holding innocent people hostage at gunpoint after her leader proclaimed that should anyone raise their head "violence will ensue".
      • by merc ( 115854 ) <slashdot@upt.org> on Monday November 17, 2008 @07:01PM (#25794753) Homepage

        You live in a bad neighborhood. The local Dominos Pizza, their delivery drivers having been robbed numerous times when making deliveries in your area, have decided to effect a boycott of your neighborhood. They now refuse to drive down your street because your neighborhood is too dangerous.

        Is it Dominos Pizza's fault that you share a neighborhood with scum and malevolent ilk?

        It might not perfectly mirror the "sharing a network" analogy, but please don't complain about the poor widdle innocent third parties

        These alleged innocents have chosen to NOT perform any diligence on the NSP that will be their upstream. These innocents have chosen to engage in business transactions with, and give money to organizations that finance or support criminal operations. Anyone helping the spammers are just as guilty as the spammers. Even more odd are the network providers that use their legit customers as human shields against the spammers. Obviously they have decided the income they make from the spam operations are more important than their legit customers.

        Why does everyone insist on treating the internet like it's a public resource? The Internet is a collection of private networks (and private property). Peering operates through cooperation and agreements to play by the rules.

        Place the blame exactly where it belongs with a caveat emptor to boot.

      • Yeah, and vigilantes have a long history of killing the innocents that happen to be near the Big Bad Man... Sure... it's just an internet connection... But the ethics are the same.

        No, the ethics are worlds apart. Finding a reputable ISP to hook you up after your ISP gets cut off is trivial. Carrying on with your life by choosing more responsible people to be around is largely impossible after your dead. Here's a nickel, kid. Buy yourself a better analogy.

  • Of course there is (Score:5, Insightful)

    by peacefinder ( 469349 ) * <alan.dewittNO@SPAMgmail.com> on Monday November 17, 2008 @06:00PM (#25793839) Journal

    Of course there's an element of vigilantism. This is the sort of situation that vigilantism is for.

    Hopefully better ways to deal with the problem will come along soon. In the meantime, I hope the body count among innocent bystanders stays small.

  • by unassimilatible ( 225662 ) on Monday November 17, 2008 @06:01PM (#25793865) Journal
    I don't really understand, especially on a Web forum that decries most law enforcement actions as invasive to privacy and liberty, why private conduct aimed at correcting undesired private conduct is just assumed to be bad.

    Does this "only the government shall administer law" doctrine apply to the civil rights movement? Greenpeace? Software piracy? Or just things we don't like?

    One person's vigilantism is another's social activism.
    • by nicolas.kassis ( 875270 ) on Monday November 17, 2008 @06:37PM (#25794401)
      Agreed. Frankly they didn't go and hurt anyone. They just notified the ISP of abuse on their network. These security researchers hopefully didn't use illegal means of gathering their information. In the end this is MUCH better than allowing law makers to come up with vague laws that could apply to too many situations. In this case these two companies McColo and the other one listed can simply go look for service elsewhere or negotiate to get their service re-enable. This is free market at work. The upstream saw lost their incentive to host these companies when it affects their service to other customers and simply back out of it. McColo didn't respect it's contract with the upstream ISP and got disconnected. NOT vigilantism.
      • by griffjon ( 14945 )

        And furthermore, this is how it should work - only automated. You click "Report Spam" in your email client and a bot goes out, does some investigation, and packages up a report for the relevant ISP (zombied boxes need to be cleaned as well as malicious hosts)

        • If that report is thoroughly reviewed by a human before any action is taken, then I agree with your proposal and wish to subscribe to your newsletter.

  • Spammers are like Roaches. You can never quite kill them all off.
  • by mpascal ( 1158165 ) on Monday November 17, 2008 @06:02PM (#25793879)
    If the upstream providers had a service agreement that disallowed the use of their network for illegal activities, they can pull the plug any time.
    • by Whiteox ( 919863 )

      If the upstream providers had a service agreement that disallowed the use of their network for illegal activities, they can pull the plug any time.

      Be careful what you say there. 'Illegal activities' can also mean a whole pile of other things we take for granted, like P2P copyright. I bet the RIAA and equivalent orgs around the world are taking notice.
      If an upstream provider can shut the door on an isp for spamming abuse because of a complaint, then they are likely targets for governments and media execs.

      • Re: (Score:3, Insightful)

        by Dun Malg ( 230075 )

        Be careful what you say there. 'Illegal activities' can also mean a whole pile of other things we take for granted, like P2P copyright.

        What are you talking about? What he says doesn't matter. Every connectivity provider already has TOS in their contracts that allow them to disconnect you based largely on their whims and fancies.

  • Hey, in the late 80's when the first spammers showed up, if the administrators/ISP's didn't close they're account, they'd get kping/attacked and taken off line.
    Then the 90's came, with the STUPID aol metoo'rs. All the sudden, money became more important then integrity. Spammers' had a heyday, and everyone was afraid of the lawyers. The Internet started to really SUCK (is there anyone left out there that remembers archie and ftp?).

    Now, all the sudden some security researchers are working with the press t

    • Yup, the good old days.

      Back then, when google results actually returned something useful instead of 20 pages of useless links to price-grabber or experts-exchange.

      Back then, when the newsgroups were still good.

      Back then, when you could still post your picture of the Enterprise without getting on the wrong end of a law suit.

      Back then, when most of the people online had an IQ in three digits.

      Back then, when you could happily host a copy of the Jolly Rogers Cookbook without being called a terrorist.

      Back then,

      • Back then, when ....

        Hey, you kids, get off my internet!

        --
        .nosig

      • Re: (Score:3, Informative)

        by beav007 ( 746004 )

        Back then, when google results actually returned something useful instead of 20 pages of useless links to price-grabber or experts-exchange.

        You bring up an excellent point. In response, I have edited my google.xml search file (C:\Program Files\Mozilla Firefox\searchplugins\google.xml) thus:

        Old values:

        <Url type="application/x-suggestions+json" method="GET" template="http://suggestqueries.google.com/complete/search?output=firefox&client=firefox&hl={moz:locale}&q={searchTerms}"/>
        <Url t

        • by beav007 ( 746004 )
          Forgot to add the probable location for the xml file in Linux: /usr/share/firefox/searchplugins/google.xml

          This edit causes "-site:experts-exchange.com -site:pricegrabber.com" to the end of each google search performed from the search box next to the address bar.

          As always, for anyone trying this, make a copy before editing, in case something goes wrong.

          You will need to restart Firefox (at least under Windows) for the change to take effect.
          • by beav007 ( 746004 )
            *sigh*

            That should read 'This edit causes "-site:experts-exchange.com -site:pricegrabber.com" to be added to the end of each'.

            It's going to be one of those days...
    • I consider myself pretty laid back and accepting of just about anything... but there are things on the internet that just don't belong there. Be it videos of people being killed, pictures of pre-pubescent(*) children, viruses that screw up networks and spam that clogs up networks at will. If the net does not police itself, then the government will and it will go down hill from there. Can you imagine the FCC regulating content on the internet? China has already done this and Australia is starting to. (*
      • Maybe you should specify just what sort of pictures those are. I have no problems with random pics of prepubescent kids - when I have some of my own, I fully intend to post some pics of them.
    • by amorsen ( 7485 )

      Indeed, when Usenet spam first turned up, it usually tried to get people to send an email to order various Windows software.

      Lots of people were diligently educating those spammers about how futile that is, by sending them emails with complete GNU distributions -- both source and compiled for various architectures, since you can never be sure which hardware they might have. Alas, a couple of years later the spammers stopped putting email addresses in their advertisements and switched to web instead.

  • So wait, you want net neutrality, but you don't like this so-called "vigilantism"?

    Does. Not. Compute.

    I'm sure the US government would love to help you (along with other private interests)

    • by Qzukk ( 229616 )

      So wait, you want net neutrality, but you don't like this so-called "vigilantism"?

      How could you possibly want a five course meal but not a brick to the face? What does either have to do with the other?

  • If I understand this right, the entire colo's link was taken down because they were hosting spammer servers. Fine and well for us I guess, but what are the chances some other, innocent folks were hosting servers there too?

    I host a few web servers at a colo. I have no idea what my neighbors are serving up. If my sites were shut down without notice I'd be pretty unhappy.

    • by John Hasler ( 414242 ) on Monday November 17, 2008 @06:24PM (#25794217) Homepage

      > I host a few web servers at a colo. I have no idea what my neighbors are serving up. If
      > my sites were shut down without notice I'd be pretty unhappy.

      Well, then you would sue the colo operator, wouldn't you? They are the ones who contracted to provide you with service. Would you blame the power company if it shut down your colo operator for breaching his contract with it by not paying his bill? Then why blame your colo operator's upstream provider for shutting him down for breaching his contract with them?

    • by Todd Knarr ( 15451 ) on Monday November 17, 2008 @06:26PM (#25794273) Homepage

      I probably would too. Which is why one of the questions I ask before deciding to deal with a hosting or colo provider is "What kinds of customers will I be sharing a network with?". I look at what this provider's reputation is, what sort of history they have when it comes to spam, malware and similar things. Do they have a lot of complaints about spam and malware originating from their network? Are they known for investigating and taking action when problems are reported, or do they have a reputation for ignoring the problem for as long as possible? Do I find them showing up as a place to go for "bulletproof" hosting? Do I see their netblocks showing up in spam e-mail, attacks on my firewall or lists of netblocks known to originate malware? I make sure I've got answers to those questions that I like before I decide to do business with them.

      Part of your responsibility when you start a business relationship is to know who you're getting yourself involved with. If you choose not to, don't be suprised when it comes back to bite you later.

    • Re: (Score:2, Insightful)

      by Kadin2048 ( 468275 )

      I have no idea what my neighbors are serving up.

      That sounds like willful ignorance to me, at least if it's taken to an extreme. It's fairly easy to do some research and figure out what your colo's policies are, and whether they actually enforce those policies. If they don't, chances are they might not be a good place to house your server, because their attitude could come back to bite them eventually.

      It's not necessary to know exactly what everyone else sharing a colo facility with you is up to, but you s

  • Vigilantism (Score:3, Insightful)

    by djupedal ( 584558 ) on Monday November 17, 2008 @06:11PM (#25794015)
    Look it up... [wikipedia.org]
  • Vigilantism, means, at the root, being vigilant. While it might be nice in theory to sit on your hands and wait for someone else to be vigilant on your behalf, we're doomed as soon as everyone takes that attitude.

    If there's a guy in a tower with a machine gun taking shots into the crowd bellow, and some subset of the crowd has the ability to DDos, what would you want them to do?

    --MarkusQ

    • Re: (Score:3, Informative)

      by Red Flayer ( 890720 )
      Just to note that though they share the same root, vigilantism does not share the exact same etymology as vigilance. Vigilantism comes from vigilante (italian/spanish), whereas vigilance comes from the latin root without the sidetrip into vigilante, where much of the connotation is from.

      If there's a guy in a tower with a machine gun taking shots into the crowd bellow, and some subset of the crowd has the ability to DDos, what would you want them to do?

      DDos isn't going to do much against a guy with a machi

      • I'm not disputing your claim, I'm disputing its relevance: the conceptual basis of the two words are identical.

        And as for DDosing a guy with a guy, that would be very effective; I don't know how to do it, but if there were some action that could be taken by a group of people to collectively render the gunman ineffective (causing him to miss, or his gun to jam, or whatever) that would be exactly what was needed.

        --MarkusQ

  • by tsvk ( 624784 ) on Monday November 17, 2008 @06:16PM (#25794099)

    As I understood, the colo in question was not shut down per se, it was simply severed from its internet connectivity as its upstream/backbone internet providers terminated their contract with them. Nothing special about that; business relationships are initiated and terminated all over the world every day.

    Consequently, there was no "vigilanteism" in the strict sense as such, where normals citizens take the law in their own hands and act as if they had higher authority than they really have.

    It was simply a case of concerned security researchers going to the upstream providers with evidence and saying "look what scum you do business with by providing connectivity, this is bad for the internet on the whole and it hurts your reputation", and the ISPs in question took action. If innocent customers of the rouge colo got hurt when the lines got cut, then they simply have to suffer the consequences of picking a bad host to buy services from.

    Of course, if the proof the security researchers had gathered also proved that the shut-down colo in question had committed crimes, then the appropriate authorities need to be involved. But that is another chain of events, separate from the disconnection of the lines.

    • Re: (Score:3, Interesting)

      by John Hasler ( 414242 )

      > If innocent customers of the rouge colo got hurt when the lines got cut, then they
      > simply have to suffer the consequences of picking a bad host to buy services from.

      No, they need to sue the colo for breach of contract (a class-action might be appropriate here).

      • Well, I'm a website owner myself [...] And speaking as a website owner, I can say that a host's personal politics come heavily into play when choosing colos. [for example,] three months ago I was offered a deal from McColo. A beautiful colo with tons of bandwidth. It was a simple website I needed to put up, but I was told that if it was finished within a day, my price would be doubled. Then I realized whose colo it was. A bunch of spammers. The money was right, but the risk was too big. I knew who the colo

  • Not vigilantes (Score:5, Insightful)

    by The Cisco Kid ( 31490 ) on Monday November 17, 2008 @06:19PM (#25794139)

    No, not remotely vigilantism. Its not like someone went to these people and cut their fiber cable with a hacksaw - *THEIR ISP* turned them off, after it received reports of TOS violations and (presumably) investigated same. We should live in a world where all ISP's have and enforce anti-spam TOS, and actually investigate take action, as appropriate, when they receive reports of abuse, regardless of who the reporter is.

    • Re: (Score:3, Interesting)

      by Spikeles ( 972972 )
      It's quite a double-standard that we live in a world where SPAM is evil and ISPs should cut them off, and yet it's not OK to cut people off for sharing files that infringe copyright.

      I wonder if the "Our wireless network was open! It wasn't us spamming!" defence would work for them.
      • Re: (Score:3, Insightful)

        by dkf ( 304284 )

        It's quite a double-standard that we live in a world where SPAM is evil and ISPs should cut them off, and yet it's not OK to cut people off for sharing files that infringe copyright.

        Well, a TOS violation remains a TOS violation. If you get service from an ISP and agree to not infringe copyright, then you shouldn't be surprised if you get cut off when you start downloading loads of videos without permission.

        OTOH, it is users who cause problems for other customers of the ISP who really get stomped on. Spammers do this. So do people who use bittorrent without limiting their upstream bandwidth to well below the physical capacity. (Please don't do that if you've not got a business-class upl

      • I'm not sure about anyone else, but I do know *I* didn't say it wasn't ok for an ISP to cut off customers that were distributing copyrighted material. In fact, most smart ISP's include in their terms of service, a provision that they can cut off anyone they want for any reason they might choose, without even having to give a reason.

      • by ahodgson ( 74077 )

        If your P2P program starts filling up my inbox, I'll start complaining about it, too. Until then, STFU about copyright.

    • Its not like someone went to these people and cut their fiber cable with a hacksaw

      No, but we can dream, can't we?

  • by davidwr ( 791652 ) on Monday November 17, 2008 @06:21PM (#25794175) Homepage Journal

    Since the '90s, various groups have labeled other groups as "internet scum" and targeted them for banhammers.

    Sure, providers of child porn an, in France and Germany, stand no chance against the national police. But everyone else - American Nazis, spammers, 409 scammers where protected by law, and those advocating unorthodox positions like "sex with children is okay" or "gay fags don't deserve to live" are generally left alone by governments.

    Like-minded individuals like to get together and fight what they see is an abuse of the net and/or an abuse of free speech. Right or not, the party that "wins" is usually the party with the most political and financial might.

    If a small church group goes at it alone against a well-funded Neo-Nazi organization, they will go nowhere. On the other hand, if a large denomination spearheads a global effort to get a lightly-funded neo-nazi organziation kicked off their ISP under threats of boycotts, bad press, etc. the neo-nazi organization's web site will soon go dark.

    Oh, it helps to have the ISP's and upstream's moral-compass on your side: If the Neo-Nazi's ISP and upstreams are very pro-free-speech, you may not get far no matter how much influence you wield. If on the other hand they aren't very pro-free-speech but are pro-racial-equality, then they'll help you find an excuse to terminate their contract or not renew it.

    Back in the days early days of spam, a major spammer paid handsomely for a very friendly upstream provider. However, the pressure finally got to be too much and they gave him a non-renewal or 30-day termination notice under the "we simply no longer want your money" clause.

    Ultimately, society will have to decide if your rights to say anything you want to anyone you want who will listen on your Internet connection is a right that can be negotiated away by contract. Note the "who will listen" clause - that doesn't cover spammers, but it does cover people spewing neo-nazi propoganda and the like to people who ask to hear it. It arguably doesn't cover "force fed" material like content that lives beyond the current session or affects your computer outside the browser, e.g. malware, or even "surpise" material like Goatse, unless you specifically made an informed decision to download such material knowing full well what it was.

    • by rossz ( 67331 )

      If on the other hand they aren't very pro-free-speech but are pro-racial-equality

      You seem to be under the impression that the two are somehow mutually exclusive. I am both pro free speech and pro racial equality. Allowing someone to spew their hate speech doesn't mean you support it. The answer to bad speech is more speech, not censorship. The alternative is the government deciding what is acceptable or not, which ultimately is used to everyone's suppress rights.

      An example. Some douchebag yanked a 'pro

  • by The Master Control P ( 655590 ) <ejkeever@nerdshac[ ]om ['k.c' in gap]> on Monday November 17, 2008 @06:27PM (#25794291)
    I think we're all quite happy that the bastards are staying cockpunched after getting cockpunched [spamcop.net] by the takedown.
  • by rsw ( 70577 ) on Monday November 17, 2008 @06:35PM (#25794381) Homepage
    I'm sorry, this doesn't make any sense. When there is rule of law, a person who ignores same and takes justice into his own hands is a vigilante. There is no rule of law on the internet. Therefore, strictly speaking, there can be no vigilantes.

    Moreover, even if you're not as much of a persnickety douchebag as I'm being here, you're still forced to admit that this isn't really vigilantism: reporting to a provider that one of their clients is in breach of contract isn't "taking matters into your own hands," it's being a good netizen.

    Let's examine this further: under some looser definition of "vigilante," examples of qualifying behavior include defacing offending websites, DoS attacks, threats of violence against SPAM purveyors, destruction of associated computer equipment, et cetera. All of these have in common that the "vigilante" is taking it upon himself to retributively violate the rights (or right-like constructs) of the offender in some semblance of justice.

    It is from this violation that complaints against vigilantes stem, by most accounts: you have some rights, and they're considered inviolate except by the government (by which you somehow agree to be governed) just in the case that you violate a law. Having come to such an agreement, you find your rights abrogated by "vigilantes" who are not associated with the government and therefor whom you do not consent to enforce laws upon you.

    It's pretty clear that even under this looser definition the above didn't violate any of the spammers' rights: that the spammers were violating their providers' terms of service was public information. Bringing attention to this public fact cannot be construed in any way to violate the rights of the spammers.
  • Most backbone contracts state that their services cannot be used for illegal purposes. Researchers pointing out to those backbone providers that the contracts have been broken doesn't strike me as vigilantism. Neighborhood watch gets my vote.

  • I'm out of (Score:3, Funny)

    by Whiteox ( 919863 ) on Monday November 17, 2008 @06:53PM (#25794629) Journal

    Viagra! Damn it... I knew I should have bought an extra months worth. I'm about to meet my Russian bride-to-be (still waiting for an email), and my Nigerian friend is going to send me some info regarding a business proposition. Not to mention that I've got to re-register with Paypal as there has been a security breech and my bank wants to confirm my password too.
    I know! I'll forward this on to all my friends. They can pass it on too and maybe I'll get lucky.

    ---
    consort banana security boat
    incongruous athletics opportunity
    several thousand ants incorporated

  • One thing that I haven't seen mentioned anywhere is were there any above-board customers of McColo? Sureley they weren't *all* bad?

    Assuming there were, I feel for them. They have had the rug pulled out from under their feet, with (presumeably) no recourse and no way to get their data. You might blame them for choosing such a shady hosting company, but they probably had no idea.

    • Boss: "Minion! Go find us web hosting!"
      me: "Yesssss, maasssssssster!"
      me flips through a few pages of adverts, picks one, goes back "HEeeerrrrrr, massssster!"
      Boss: "Hmmmm.... McColo! I like the sound of that! Sounds like an Apple product! OK, get us loaded up there sparky, and make it snappy!"

      Yeah, right. It's called "due diligence", and if you don't do it, your setting yourself up for trouble. So, what's the FIRST thing I look at when selecting a web host? Is it their stock prospectus? - I'll look at that,

    • by dido ( 9125 )

      If there were any, I'm sure that they have a service contract with McColo, which they can bring up in court when a class action lawsuit against them starts. Your service contract states that you will provide my site with connectivity with a certain maximum amount of downtime. Since you've allowed my site to get cut off from the Net at large for so long, you have violated terms of the contract and must pay. Would be irony though, if these same spammers who caused them to get cut off due to their own illegal

  • ... and celebrate the departure of our former spammer overlords. It is a small incremental improvement, but an improvement none the less.

  • Laws should, first and foremost, reflect the collective will of a society. You cannot enforce laws that are passed against the collective interest of a society or against its moral standards.

    For reference, see copyright.

    On the other hand, if you ignore an activity that is perceived as illegal by a sizable majority of the population, a vigilante group is born. I tend to think that humans are basically lazy beings. As long as someone else takes care of a problem, they don't really want to go out of their way

    • You blew your argument here:

      You cannot enforce laws that are passed against the collective interest of a society or against its moral standards.

      For reference, see copyright.

      Copyright is for the collective interest of society and it's moral standards. It is in the moral standard to profit from one's labor and the idea of copyright is to allow people to profit from their labor. Your failure to see that shows you are an ignorant sheeple.

  • No one meted out extra-legal justice -- all that happened was the extremely-belated enforcement of contractual provisions. The term "vigilantism" has been bandied about for years by spam-supporting organizations like the DMA as a way of shifting the argument. That attempt should of course be wholly rejected, as it is obvious from first principles that nobody on the 'net is under any obligation to provide services to anyone else absent a contractual agreement; thus, for example, refusal by X to accept Y's

If all the world's economists were laid end to end, we wouldn't reach a conclusion. -- William Baumol

Working...