Timeline: Atrivo/Intercage Depeering, Dissolution

I’m no slacker, really, I’ve just been very busy with a lot of things behind the scenes. One of the things that’s consumed my time has been the Atrivo/Intercage saga. Here’s a timeline I assembled for myself recently. It’s based on the NANOG mailing list, some private lists, the CIDR Report tools, BGP analysis, and some private emails, as well as this blog post.

  • Pre-history
    • Oodles of badnes, much of it with a line through Intercage
  • 28 Aug, 2008
    • HostExploit report
  • 28 Aug, 2008
    • WaPo Krebbs piece
  • 30 Aug, 2008
    • GBLX de-peers
  • 12 Sep, 2008
    • No more upstreams
    • Atrivo CIDRs appear elsewhere (Cernel, Pilosoft, etc)
    • WVFiber provides connectivity
  • 20 Sep 2008
    • Pacific Internet Exchange gets involved …
  • 21 Sep 2008
    • Atrivo again off the air
  • 22 Sep 2008
    • Atrivo back online, UnitedLayer provides upstream
  • 25 Sep 2008
    • Atrivo takes itself offline, says it will be out of business with no customers

Corrections welcome, this is roughly accurate I think.

So, some thoughts on this whole thing: no one is behind bars for what appears to have been blatantly criminal software that was hosted on this network; no one knows who was behind the operation’s malicious “customers”; no one has investigated this, it seems. And now the badness is popping up elsewhere.

We’ll have to continue to monitor this one and map the badness. We now know more rogue networks that are welcoming the hosting, and so this cycle will start again.

This is not a long-term victory.

3 Responses to “Timeline: Atrivo/Intercage Depeering, Dissolution”

October 01, 2008 at 11:08 pm, lithium said:

It’s definitely not a long term victory. Only time will tell how long it will to get them to fully regroup. I must say though, I was happy when I came across a 502’d threat from an EstBoxes rogue domain as a direct result of the take down. I can only hope that the FBI is investigating what happened at Atrivo and hopefully the scum bags behind this get their ass handed to them.

October 06, 2008 at 5:18 pm, JZP said:

I have said elsewhere that this is badness. Rather than corralling the bad guys in a tidy place to filter, rate limit and for LEA to investigate, the roaches have run from the light and are now in the wind. Not Good.

October 07, 2008 at 7:30 pm, Zero Day mobile edition said:

[…] well known Russian Business Network darling, faced the music and was disconnected from the Internet by its upstream provider at the end of September. What happened according to MessageLabs’s latest intelligence report, was a brief decline of spam […]

Comments are closed.