ISP’s have a ToS and AuP. Most of them have teams that monitor and investigate reports. Each ISP, has a procedure that they follow, Basically, this procedure will result in the temporary suspension of the customer involved.
In an article I came across, darknet.org.uk I read where the backbone of an ISP out of California took the ISP offline. The article goes on to state that the customer was brought back on-line when it agreed to sever connections with malware/spyware affected customers (most of which are in the UK). This is estimated, according to darknet, to be 25% to 50% of there business. This is a bold move by the backbone of this provider. However, it is a needed move. If more of the major backbones actually had a “backbone” and took action like this for reports that they receive perhaps we could see a decline in this kind of illegal activity. It is also my opinion that, taking action like this will require the ISP to be aware of what they are allowing on their service. It would also mean that they will be quicker to enforce the ToS/AuP down to the residential customers.
No ISP wants to take their customers offline and face the possible lose of a residential customer. It is, however, a better alternative to the Backbone taking the whole ISP offline. 100% of their customers being taken off line is a major threat to the loss of customer then taking maybe 1 to 2 % of the customers that are residential offline and facing the potential of losing them.
It goes with out saying that if everyone reports their phishing email and their spam email or firewall logs to the ISP that is providing service. A lot can be done to eliminate the activity on line. I think that most of us do not really want to take the time needed to look up (whois) the IP and then email a copy of the email along with the headers to the ISP. But unless we do this, and quit thinking that the other people are going to send them in, we will not see this kind of activity being halted. In the example that I mentioned about the ISP being taken offline. I guarantee that the reports were being sent to the ISP and to the Backbone. We have all heard of the term “A squeaky wheel get the oil” This is usually the case with ISP’s The ones that are getting a lot of reports, get the attention. It is imperative for us to make sure that we take the time to report the activity.
I recommend any one who has questions on how to report the spam or hacking attempts contact their ISP. In most cases the ISP (internet provider) is going to be willing to direct you on how to obtain headers or how to report the information that is needed. You can also do a search on the internet for the term that you are looking for. Someone will have written instruction on how to report it.
Tags: http://www.darknet.org.uk/2008/09/intercage-spammalware
