McColo is McShut McDown

In Thursday's IT Blogwatch, Richi Jennings would us want to keep an eye on journalists shutting down spam sites. Not to mention google suggestions...

Brian Krebs was busy at work:

For the past four months, Security Fix has been gathering data from the security industry about McColo Corp., a San Jose, Calif., based Web hosting service whose client list experts say includes some of the most disreputable cyber-criminal gangs in business today.

...

As of this writing, McColo's Web site is no longer available. In fact, I pinged no fewer than three different researchers who have tracked activity at McColo for many months: None could find a single Internet address assigned to the hosting provider that was still reachable.

Mike Masnick does, and doesn't, doubt that story

We're seeing a bunch of folks pointing out that evidence collected by the Washington Post's computer security writer, Brian Krebs, is basically responsible for getting that company kicked off the internet. Krebs is a fantastic reporter, so I don't doubt the story -- but I'm always a little skeptical of stories claiming that a huge percentage of spammers have been knocked offline. We see such stories every few months, and it never seems to have any real impact on the amount of spam out there.

Gregg Keizer sees the impact:

Spam volumes plunged by more than 40% after a major bot hosting network was shut down, researchers at IronPort Systems Inc. said today.

On Tuesday, McColo Corp. was kicked offline when its primary Internet providers severed its connection to the Web, reported The Washington Post, which led an investigation of the San Jose-based hosting service. According to the newspaper, McColo's clients included cybercriminal groups that ran some of the biggest spam-spewing and malware-spreading botnets.

Robert gives kudos:

Brian - Well done, and well reported.

For the user who asked about reporting news versus creating news, you misunderstand Krebs's reporting. Like most good reporters who write big stories, he either got tips or analyzed data regarding spam and cyber-security. It probably was a combination of both. If he determined from his research, reporting and analysis that this data was coming from one place, he did not create a story by informing the spam host's business partners. Rather, he sought comment from them about this site, and they took action.

...

And now for the full disclosure: I'm Robert MacMillan. I am a reporter at Reuters who covers the journalism business, and I worked at washingtonpost.com for many years with Brian. I sat right across from him so I know what he eats for lunch.

John Bambenek likes the learn and destroy option:

The McColo network not only was a large source of spam in the US (check your spam counts, you'll see a noticeable drop), but also trafficked in child pornography and malware. Skipping past allegations of whether or not McColo is culpable, the badness certainly was on their network and it wasn't been addressed. It has been known that McColo was home to some of this stuff that was sitting in a San Jose, California data center.

...

There is a place for security intelligence and research. When we find these nests of badness we should glean all we can from them, but then we need to shut it down. Knowing where the bad guys are doesn't help the people who get their identities stolen. The only long-term solution is increased prosecution and imposing increased costs on the "bad guys".

theaveng gets a 4, insightful:

The "federal authorities" cannot be everywhere at once. If you see a man getting beat by another man, do you just stand by and wait for the police to show-up 30 minutes later to collect the body? Of course not. You and your fellow citizens act to stop the abuse.

What happened here is no different. This reporter noticed an illegality, collected evidence, and then took action (called the ISP) to see if he could stop it. Later on, he will provide the evidence to the government.

Bearhouse is not impressed:

So, after much hand-waving here, and elsewhere, about what info the Gov. and your ISP may be collecting about you, they could not spot this, a major spam, child-porn and theft site?.

And finally...

• beer is good for you? No, that's not it.

Buffer overflow:

• 4sysops: Will there be Windows 7 bashing?
• Phil Windley: Supporting Authentication Discovery in a Standard Way
• Datamation: Web 2.0 Expertise Needed
• Cyndy Aleo-Carreira: Video: Google Earth adds 3D layer for Ancient Rome
• Ryan Paul: Colombia tests OLPC laptops... running Windows XP
• Dan Slater: Halliburton: Patenting Patent Trolling to Block Patent Trolls

Other Computerworld bloggers:

• Barbara Krasnoff: Pocket projectors let you show your videos anywhere
• Steven J. Vaughan-Nichols: World without Linux
• Robert L. Mitchell: Chrome, Gmail rock outlook for Outlook
• Dan Tynan: Emru Townsend - In Memorium
• Preston Gralla: Why Steve Jobs should run General Motors
• John Brandon: Linux, Microsoft, Mac: Meet your real competitor
• Shark Tank: There's no place like 192.168.1.1
• Eric Ogren: The time is right to start new companies
• Seth Weintraub: Google Talk/Video for Mac is a Web App
• Dan Tynan: The 10 Funniest Election Videos of 2008
• Shark Bait: Tech Support HELL

Like this stuff? Subscribe to the RSS feed.

Our usual blogwatcher, Richi Jennings, will be back to clear out his inbox tomorrow. Today's post was sent in by Joyce Carpenter.

Previously in IT Blogwatch:

• The iPhone eyes ubiquity
• Nortel layoffs: Kerfluffle, reshuffle in telecom land
• IBM at Apple's throat