Atrivo/Intercage: down but not yet out...

Don't we love the online press?   I've been watching the fall-out and online reports of Atrivo's short lived disappearance off the net, and I think this is one of the more ... misinformed ... articles that I have seen so far:

US-Based Malware Network Shuts Down Source: Dark Reading

The article says (my comments in bold):

"An Internet service provider (ISP) that was widely used by hackers and criminals for the exchange of data and malware is no longer operating, observers say."    They were only "no longer operating" insofar as they were without an upstream peer for a short period of time - they haven't actually gone out of business or anything like that...

"Yesterday, however, several observers reported that the Atrivo network is no longer operating. The service appears to have shut down, and attempts to contact its operators by email have received no reply, the observers say.Actually, Atrivo/Intercage representatives (Emil Kacperski and Russell Mitchell) were quite vocal on the Nanog mailing list after the de-peering...

""I'd be interested to find out why they shut down," said Robert Graham, CEO and founder of Errata Security, a security research firm. "They've actually been down for a while. My guess would be either a network failure or they've been raided by somebody [in law enforcement].I haven't heard about any raids, I haven't seen any reports of a network failure, and as far as I know, they weren't knocked completely offline until dropped by PIE (Pacific Internet Exchange) - that didn't happen until last Sunday.

"But whether it was shut down by other ISPs, law enforcement, or network failure, Atrivo's apparent demise probably won't have much long-term impact on the flow of malware or other exploits, Graham says. "I expect the people who were using Atrivo will just go elsewhere," he says. "It's like a gigantic game of whack-a-mole. You shut one down, and the [exploits] pop up elsewhere.Well, at least this "guesstimate" was more accurate - it seems Atrivo/Intercage may already be back online with a new upstream peer, Unitedlayer (AS23342)

Published Tue, Sep 23 2008 10:04 by sandi
Filed under:

Comments

# re: Atrivo/Intercage: down but not yet out...

Thursday, September 25, 2008 8:23 AM by Lucian Constantin

"They were only "no longer operating" insofar as they were without an upstream peer for a short period of time - they haven't actually gone out of business or anything like that..."

When your entire business is based on server hosting solutions and domain registration and you're left without an upstream peer, you're out of business. As short as it lasted, they were out of business. Personal opinion.

# re: Atrivo/Intercage: down but not yet out...

Thursday, September 25, 2008 6:06 PM by sandi

@Lucian,

True, *but* Dark Reading were also claiming that emails were not being returned and that the service itself had shut down, and quoting Robert Graham's theories.  The tone of the article made it seem that Atrivo had gone out of business completely, which has proven to be untrue.

Sandi