14 DAY TRIAL // Following recently released security reports from several anti-spam/crimeware companies and projects that have outed Atrivo as a hub for cybercrime in the US, two of the company's Internet Service Providers are taking radical measures. Global Crossing and WVFiber are severing ties with Atrivo by removing peering for it.
As we previously reported, Atrivo is a company with a bad reputation that provides Internet services like hosting, co-location and domain registration. These services are used by many cybercrime groups in their illegal activities. The recent reports coming from HostExploit, SecurityFix, KnujOn or SpamHaus, presenting Atrivo's connection with cyber criminals and its poor enforcement of anti-abuse policies in detail, have generated a lot of media attention by being picked up by many news sites and blogs.
This proved a serious blow for Atrivo, as it turned out that the reports also had an impact on the company's legitimate partners that provided them with direct Internet connectivity. Brian Krebs, journalist for the Washington Post, described on his SecurityFix blog how this happened. According to him, the first tip came from Marcus Sachs, director of the SANS Internet Storm Center, who notified Mr. Krebs that Global Crossing, one of Atrivo's ISPs, started to drop Internet traffic for Atrivo. Upon further investigation on Krebs' behalf, this proved to be true and, beginning with August 27, Global Crossing started closing peers with Atrivo, and continued to do so until it was completely detached.
So, Atrivo lost one of its multiple providers, but problems didn't end here. Another one of its providers, WVFiber, has announced, through the voice of president Randy Epstein, that it's planning to completely sever ties with Atrivo, and drop it as customer by 9-10 September. The motivation seems to be exactly the recent reports on Atrivo's activities.
According to Krebs, the only company that still provides direct Internet uplink to Atrivo remains Bandcon – however, Atrivo is about to take yet another hit. Richard Steenbergen, co-founder of nLayer Communications, has announced that Atrivo is still using a significant number of IP addresses belonging to them, even though it is no longer a customer of nLayer since about 10 months ago. "Since they are no longer a customer, we require that they return our non-portable IP space, and have given them a deadline of September 30th to do so. If the IP space is not returned by that point, we will follow standard procedure to reclaim it, including null routing the space, and sending cease and desist letters to any network who still transits it without our permission," pointed out Mr. Steenbergen. The number of IPs is of about 7,400, which would account for over a fourth of the 26,000 estimated Atrivo-routed IPs.
In response, Atrivo/Intercage is trying to save what it can from the situation and is showing good-will by detaching itself from Hostfresh, its partner in offering web infrastructure involved in unethical and abusive behavior. In an e-mail sent to the NANOG (North American Network Operators Group) mailing list, Russell M. of Intercage Inc. announces that the company has almost completely removed Hostfresh from its network.