In the world of ISPs, Level 3 is one of the biggies. They’re classified as Tier 1 and their services are considered to be part of the internet’s “backbone” with providers like AT&T, Verizon and Vodaphone. Smaller providers buy transit agreements from Level 3; Level 3 doesn’t have to because their network is that encompassing.
About 40 percent of all internet traffic comes into contact with the company at some point or another — and because of this, Level 3 is now actively hunting down and shutting down suspect network connections. Its security team goes through security blogs and websites as well as advisories to ferret out potential malicious activity.
The team then analyzes network traffic and tries to figure out the good from the bad. This process can take days. The connections are redirected and the packets are lost within Level 3’s network. But the criminal groups behind identity theft and stolen credit cards have backup IP addresses and servers, turning the enterprise into something more akin to whack-a-mole.
This might be why other ISPs are reluctant to take the same actions Level 3 has. Most other ISPs either wait for a request or claim that web traffic is too hard to nail down.
“Everyone rationalizes why they shouldn’t do anything. We’re experimenting with it to see how aggressive we could be,” Dale Drew, Level 3’s chief security officer, said.