Two weeks after McColo was dropped by its network providers, the company's data centre remains untouched. That frustrates some security researchers who say that the servers used to control these operations could provide a treasure trove of evidence about cybercriminals.
"It doesn't surprise me, although it does disappoint me," said Richard Cox, CIO with the antispam group Spamhaus. Cox, who works with law enforcement on spam cases, says that while federal investigators may understand how an operation like McColo works, getting their bosses to agree to take action can be difficult.
"The people in the trenches are being directed by people who think they're politicians," he said.
McColo was on the federal government's radar, as are dozens of other service providers worldwide that are known providers of so-called bulletproof hosting services, which are never taken down, despite complaints, according to a source in a federal law enforcement agency who spoke on condition of anonymity because he was not authorised to speak to the press.
While researchers may feel they have a case against McColo, it's another thing entirely to convince a US Department of Justice attorney to ask for a warrant to seize hundreds of servers, and even harder to get a judge to authorise this.
"There's a reason why we didn't just go and grab all the servers," he said. "If you want a warrant for hundreds of servers... that's very difficult."
The DoJ and the FBI declined to comment on McColo.
Another problem: the criminals associated with McColo are thought to live in Russia and eastern Europe, where computer crimes are rarely prosecuted. So a successful prosecution would require extradition and that could be very hard to pull off, observers say.
"You take down McColo and what you've actually got is one hell of a load for the lawyers at the Department of Justice and very little return, because you've actually got to go outside of the US to pick up the actual culprits," Cox said.
While there's no doubt that the activities associated with McColo are illegal under US law, the idea that you could prosecute an ISP for abetting illegal activity is largely unproven, so any prosecutor that took on this case would be taking a big risk that the case would be tossed out of court.
There is at least one precedent however. On February 14, 2004, the FBI shut down operations at a small Ohio ISP called Creative Internet Techniques in an event the FBI dubbed the Cyber Saint Valentine's Day Massacre. At the time, it was the largest FBI takedown in the organization's history. Nearly 300 servers were seized after Creative Internet, also known as FooNet, was linked to distributed denial of service attacks.
NEXT PAGE: McColo wasn't directly responsible for spam
- Will two antispam operations really stop the problem?
- McColo's data remains untouched
- McColo wasn't directly responsible for spam
- Potential law enforcement changes