Something to keep in mind. I don't believe it was McColo that was the
end provider of "badware" per se (and I could be proven wrong), they
simply played the enabling role by hosting it and looked the other way.
Now don't get me wrong, they ought to be kicked offline for
externalizing their costs on the rest of us, but what criminal charges
could be filed here? I'm not a lawyer but the person actually
committing the crime and a person who willing provides tools to someone
committing a crime are in completely different boats.
We could criminalize hosting malicious tools, but then what of nessus,
nmap, wireshark and the host of security tools that are effectively
"dual use"? Child porn being an obvious exception of course, but the
point remains. Negligence is bad and perhaps there are criminal
remedies that can be brought to bear (I'm not a lawyer, I don't play one
on the intarwebs) but I would imagine they would be minor in comparison.
That said, of course this information should be turned over to law
enforcement. It often is.
j
Charles Wyble wrote:
On to the question about how network operators can help LE: *Collect
the data that proves a company such as Intercage/McColo is harboring
cybercriminals* and get with your local FBI/Secret Service field
office (or your state's Attorney General's office) (or both) and
submit a complaint at IC3's website (www.ic3.gov) because we have an
excellent team of analysts that track information like that. Package
up the evidence you have and send it out.
Excellent point. Something like the fine folks at
http://hostexploit.com/ are doing.
I also believe SANS has some excellent courses on forensics, and
things like chain of custody etc. Not sure how much that applies to
these sort of scenarios but it can't hurt to package/handle the
evidence in as compliant a manner as possible.