On October 14, the US Federal Trade Commission, with help from the US Federal Bureau of Investigation and New Zealand police, announced that it had shut down a vast international spam network known as HerbalKing.
It was a triumphant moment for the FTC, which said that the group had been linked to as much as a third of the junk e-mail on the Internet. In an interview with The New York Times, FTC Commissioner Jon Leibowitz was modest in his appraisal of the situation. "They were sending extraordinary amounts of spam," he said. "We are hoping at some level that this will help make a small dent in the amount of spam coming into consumers' in-boxes."
The FTC's HerbalKing operation grabbed a lot of headlines, but it didn't do much to reduce the amount of spam on the Internet, researchers say. Within a week, spam was as big of a problem as ever.
Instead, it took another operation, two weeks later, against the ISP (Internet service provider) McColo in California to really reduce the amount of spam. But although McColo appears to have been a playground for Internet criminals, no federal agency, not the FTC, not the FBI, not the Secret Service or the Department of Justice, was involved in shutting it down.
With McColo, Internet researchers and Washington Post reporter Brian Krebs essentially shamed ISPs Global Crossing and Hurricane Electric into dropping service for McColo, whose network had been associated with a range of illegal activity from hacked botnet computers to spam and even child pornography.
Unlike HerbalKing, the results after McColo's takedown were dramatic. About half of the spam on the Internet disappeared.
Cisco Systems' IronPort division says that though there have been some brief spikes in activity, spam is still down significantly from where it was prior to the McColo takedown. McColo could not be reached for comment on this story.
But two weeks after McColo was dropped by its network providers, the company's data center remains untouched. That frustrates some security researchers who say that the servers used to control these operations could provide a treasure trove of evidence about cybercriminals.