Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Learning Curve » Red Hat Diaries

Troyak Struggles for Life

So does Internet. But Bill and his orcs don't care, do they?


Get It

Try It

Troyak and Group 3 are two ISPs providing connectivity for 90 of the 249 command and control Zeus servers currently in operation.

Troyak was knocked offline after backbone providers stopped carrying its traffic. But no worries: Troyak's back up again - and continues to fight a 'cat and mouse game' with law enforcement and network providers in a dozen countries.


Troyak's been backing into academic networks in other countries. One such network was shut down by authorities in Latvia.

Things were completely quiet on 13 and 14 March and the champions of Microsoft broke out the bubbly. Then Troyak resurfaced the following morning. Bad hangover.

'Throughout 2009, Zeus malware traffic comprised 1% of ScanSafe Web malware blocks', wrote Mary Landesman. 'This trend continued to 2010, up until March 7th when Zeus traffic suddenly spiked to 12% of all Web malware. Deeper analysis revealed the largest percent of that traffic spike was a result of Troyak-serviced Zeus traffic.'

'The timing of the spike and the unprecedented volume increase suggest the Zeus bot herders may have had forewarning of the impending takedown. If so, this would have given the attackers opportunity to redirect their bots to other command and control locations.'

Troyak are partnered with Citygame-AS and Smallshop-AS as of 16 March. What happens after that remains to be seen. But this is one wacky way to protect standalone Windows PCs.

Mere Conduit

Microsoft still won't secure their computer systems but they're prepared to trample on fundamental civil rights to keep the PR spin going in the direction they want. And the third party players in the lucrative Windows antivirus cottage industry stand on the sidelines and applaud.

Microsoft's attempts to use their considerable financial and political pressure to shut down ISPs and backbone providers with botnet traffic in their Internet tubes are creating a scary precedent: they're violating one of the most critical principles of digital rights. It's all about something defined in the EU as mere conduit.

IT Law Wiki has a brief description.

Under the mere conduit principle of the EU E-Commerce Regulations of 2002, network operators have no legal liability for the consequences of traffic delivered via their networks.

Mere conduit is the postal secret. Or rather its flipside. It both insulates providers and carriers from liability, warns them about interfering with the transmission of data, and protects citizens and netizens from Big Brother control.

There is no postal secret without mere conduit - not with terrestrial post either. The one will tumble as soon as the other. There are no secrets without mere conduit. Big Brother authorities will presume the right to inspect transmission streams - those 0s and 1s as Rick Falkvinge calls them - and no one will be safe.

Google's smug CEO Eric Schmidt might not agree but authorities have always abused power and always will. And our only recourse is to keep the Internet free so we can fight those people.

Net nannies turn on their idealogical opponents. Chinese authorities block IP ranges. Google pay for Microsoft's debt by telling people 'you don't want to go to that site' - a form of virtual Big Brother censorship. Who's to say this power is not abused?

Microsoft and other authorities want to close down entire IP ranges, backbone providers - and for what? Because a botnet command and control centre was somewhere in that range?

Think 'PRQ' - the ISP used to run The Pirate Bay in the 'old days'. PRQ had a lot of clients besides The Pirate Bay. Yet Håkan Roswall and his Big Brother buffaloes took all the servers out of the PRQ data centre (not just the ones assigned to TPB) and this in direct violation of the warrant they'd been given. Did anything happen to reverse that illegal action - did the innocent bystanders ever get their computer equipment returned? Who's guarding the guardians?

The World We Live In

The world we live in works best with as much self-regulation as possible. The people are continually at odds with their duly elected representatives. The people used to rely on the news media to keep the politicians in check. That doesn't work too well anymore. Today it's the Internet - Web 2.0 - that does that job.

Politicians and multinational CEOs will do all in their power to regulate the Internet. They badly need to set a precedent to make this possible - to get the people to buy the sucker package. They're getting closer all the time.

China, Iran: they're trying to block Internet access. Everyone knows that. But there are other ways to block access.

  • The IP lobby. Politicians love the IP lobby because it gives them an official reason to regulate (and police) the Internet. All they have to do is sell the idea to the people. This isn't working too well at the moment.

  • Windows computers are safe but the Internet is dangerous. It's amazing if not theoretically impossible that any imbecile still believes this in the year 2010 but there you have it: politicians would love it if they could keep Windows leaking so they have an excuse to pass legislation to control the Internet. Unfortunately some countries are not playing along - they're instead warning people to not use Windows - and without Windows there is no argument for the Internet being dangerous.

Short of a Nuclear Attack?

The people in the world of Windows are going ballistic. They're too intellectually feeble to switch to a safe platform, too intellectually feeble to even get a freaking Linux live CD - instead they start thinking in terms of blocking entire countries just like Iran and China - all to protect their pathetic Windows computers?

Now they want to 'name and shame' 'bad' ISPs - if that isn't censorship then what is? Google are already policing the Internet (at their own expense and not Microsoft's) warning people to not go to certain sites. Who's guarding the guardians?

And you people are willing to risk mere conduit, the postal secret, the journalist's sources, the insularity of whistleblowers, general communications on this planet, the prospect of a major war, and digital rights online just for your pathetic Windows?

You're sickening.

The Electronic Commerce (EC Directive) Regulations 2002

Mere conduit

17. (1) Where an information society service is provided which consists of the transmission in a communication network of information provided by a recipient of the service or the provision of access to a communication network, the service provider (if he otherwise would) shall not be liable for damages or for any other pecuniary remedy or for any criminal sanction as a result of that transmission where the service provider -

(a) did not initiate the transmission;
(b) did not select the receiver of the transmission; and
(c) did not select or modify the information contained in the transmission.

(2) The acts of transmission and of provision of access referred to in paragraph (1) include the automatic, intermediate and transient storage of the information transmitted where:

(a) this takes place for the sole purpose of carrying out the transmission in the communication network, and
(b) the information is not stored for any period longer than is reasonably necessary for the transmission.

See Also
STAT Blog: Troyak Gets Serviced by Zeus Provider
ZD: TROYAK-AS: The Cybercrime-Friendly ISP That Just Won't Go Away
Office of Public Sector Information: The Electronic Commerce (EC Directive) Regulations 2002

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.