Federal Trade Commission shuts down rogue ISP

3FN's Website before taken down.

(Credit: Mhvt)

The Internet might just have gotten a little safer.

The Federal Trade Commission announced Thursday that it had Pricewert shut down by the U.S. District Court for the Northern District of California, San Jose Division.

Pricewert is a San Jose, Calif.-based Internet service provider that allegedly recruits, intentionally and actively participates in the distribution of spam, child pornography, and other harmful electronic content.

Generally, the commission files a complaint when it has "reason to believe" that the law has been or is being violated, and it appears to the Commission that a proceeding is in the public interest.

The court issued a temporary restraining order to prohibit Pricewert's illegal activities and required its upstream Internet providers and data centers to cease providing services. Pricewert is now completely off the Internet. The order also freezes Pricewert's assets.

According to the FTC's complaint, Pricewert, which does business under a variety of names including 3FN and APS Telecom, recruits and colludes with criminals seeking to distribute illegal, malicious, and harmful electronic content over the Internet. The content reportedly includes child pornography, spyware, viruses, Trojan horses, phishing, botnet command and control servers, and pornography featuring violence, bestiality, and incest.

Spam is one of the biggest online nuisances.

(Credit: Jackmedia)

Pricewert allegedly advertised its services via a forum established to facilitate communication between criminals. In addition, the company shielded its criminal clientele by either ignoring take-down requests issued by the online security community, or shifting its criminal elements to other Internet protocol addresses it controlled to evade detection, according to the FTC.

The FTC also alleges that Pricewert engaged in the deployment and operation of botnets--large networks of computers that have been compromised. Transcripts of instant-message logs filed with the district court show Pricewert's senior employees discussing the configuration of botnets with "bot herders."

In its filings with the district court, the FTC estimates that more than 4,500 malicious software programs are controlled by command-and-control servers hosted by 3FN. This malware includes programs capable of keystroke logging, password and data stealing, programs with hidden backdoor remote control activity, and programs involved in spam distribution.

This case was brought to light with the assistance of multiple agencies and people including NASA's Office of Inspector General; the Department of Justice's Computer Crime Division; Gary Warner, director of research in computer forensics at the University of Alabama at Birmingham; the National Center for Missing and Exploited Children; the Shadowserver Foundation; the Spamhaus Project; and Symantec.

Talking to CNET News, Vincent Weafer, vice president of Symantec Security Response, said that this crackdown, more than anything, sent a message to the bad guys that now corporations and law enforcement are more willing to work together to fight illegal online activities.

In regard to how much safer this would make the Internet, Vincent said it would take time to find out but it likely won't change much in terms of how many spams you'll receive a day, as there are many other companies like Pricewert around the world. Symantec has been working closely with law enforcement by providing intelligence via its 240,000 Internet activity sensors located in 200 countries around the world.

The court will hold a preliminary injunction hearing on June 15.

[kcotham]

FANTASTIC!!!! But don't stop there, keep after these low-lifes! Tar and feather them, draw and quarter them, hang them from the highest tree. Heck, do all three! Now only if every government everywhere would do this....

[derilium]

I like your rhyming.. like a poem

Hang them on the highest tree.
Heck, do all three!

[bonesbautista]

Hadn't made it to the comments yet, and the only three words I could think of were "tar and feather". Good choice of action there!

[MapleTrail]

Thank you Symantec, OIG, Shadowserver et. al. I only hope the control computers were siezed and will lead to other cohorts & malware practicioners.

[demner]

Hate to be pessimistic, but I'm sure in a week a nearly-identical 'service' will start up in a non-extradition country...

[brendanweston]

Great. If ICANN would now grow a set and police the rogue registrars of domain names, there could really be some progress. Instead they love to pretend that's not their job, and instead they create useless new top-level domains. That house needs cleaning.

[flickrz]

Great....

[duggoff]

That's not pessimistic. It's just the truth. It's the dark side of capitalism. Money is being made by these people, so they keep doing it. The love of money is the root of all kinds of evil.

[darfjono]

what are the odds that these guys were nothing more than an alternative kind of ISP that wouldn't follow the industry's rules and were thus destroyed both financially and in the media?

[tacit]

Zero.

First, there are very few "industry rules." Second, I've personally seen tons of abuse pouring out of their networks for a year and a half, and can provide all kinds of examples of this abuse.

Interesting how some folks immediately jump to conspiracy theories, though. In reality, it is almost impossible for an ISP to get disconnected by its peers; you have to be really, really rogue and engage in wildly illegal activities for a long time before the rest of the industry even begins to consider action.

[tacit]

One down, about 500 more to go. Sadly, most of the worst miscreants are hosted in Eastern Europe, where they are immune to US law and FTC action.

Don't get me wrong--I'm glad to see these guys go. I've seen spam, malware, and viruses coming from 3FN IP space since at least February of last year; they've been in business for some time. I've sent multiple emails to their upstream providers on many occasions alerting them that 3FN was a rogue ISP knowingly and deliberately hosting spam and malware. Pity it took government action rather than good old-fashioned responsibility on the part of the upstream providers to deal with the problem.

[paulej]

Note that the FTC is just making accusations. Perhaps they are valid and perhaps they are not. There are three things that concern me about this whole thing. First, service was severed not only to 3FN, but also to all of 3FN's legitimate customers. What about legitimate businesses that were harmed by these rather rash moves by the FTC? The second thing that bothers me is that all of this was done without a formal charge, without an arrest, with (what I would consider) proper due process of law: what if the owners of the business are completely unaware of shady activities that take place? (Yes, I do believe all deserve to be considered innocent until proven guilty.) Lastly, what about the jobs that were lost as a result of this move? It would be terribly unfortunate if dozens of people lose their jobs now because of a few rotten apples in a company that was forced out of business at the whims of the FTC. Don't get me wrong: if these folks were running such an operation, then raid the place, seize the child porn, and arrest those responsible. What they did was terribly messy, disruptive, and ... how much time are they giving folks to cover their tracks?

[firewolf4]

this was the result of an 18 month investigation. If the owners are providing servers that have permitted this type of garbage to be handled by their servers, then Yea, charge them and convict them. You cant tell me that a server farm doesn't monitor the activities or even know what activities are being done that they're hosting so the "well we didn't know" excuse doesn't wash. Hell, even with out limited server farm we can detect even a single pop up that comes across the line. that's 300 remote servers, 3500 PC's and 2 small server farms of 20 servers each.
If they have legitimate customers that suffer loss of income, then by all means, make it right by them. but you still have to take down the servers, take them into evidence and prevent tampering. all it takes is ONE site being hosted that violates the laws and they're screwed. If Jobs are lost, wages lost or earning effected by those directly connected and you can establish the law was broken. too damned bad. they should've known what the company was doing and jumped ship well before now.

[big8news]

is it me are do Amy one aisle seen the AOL running and icq logos on top of there photo of this 3FN's website maybe they use AOL aim and the icq services are did work with AOL

[guvenlik-sistemleri]

Thanks for putting up the information.

<a href="http://www.guvenliksistemleri.info" target="_blank">dedektörler</a>