Corrons' comments come in the wake of an ongoing debate on the role that ISPs plus hosting providers have when it comes to command-and-control servers used to control botnets, Infosecurity notes.
The PandaLabs' director says that, if a police officer wants to walk into his home without his consent, he needs a search warrant.
"In the security industry we don't usually look at copyright violations, but to cybercriminals that want to steal people's money and information, the fight takes place in a number of different fields", he says in his latest security blog.
Despite this, Corrons cautions that IT security professionals should not forget they are not police officers – even though we are fighting against the same bad guys.
According to Corrons, if he discovers a website that is being used to host a phishing attack, his team will add the URL to Panda's blacklist to protect users, as well as sharing the URL with several other IT security vendors so that they can protect their users.
"Should I stop here? I could check who is the owner of the site, report it to the police, talk to the ISP hosting that site, etc", he said, adding that, every day, thousands of site shutdowns happen with no warrants or legal mandates.
And, he explained, law enforcement officials are not involved.
The problem, he says, is that criminals are creating thousands of new malicious sites, with the only purpose of infecting users and stealing their personal information.
Security researchers from private companies try to stop that, as they have customers to protect, he adds.
"We find them, we ask the owner of the hosting site to remove the pages," he said, adding that the hosting provider then removes the site, whereupon the cybercriminals start looking for new paces.
There are, Corrons went on to say, companies whose main focus is to perform these shutdowns, as there are a number of companies willing to pay large sums of money to have the sites removed, owing to brand and reputational damage issues.
Against this backdrop, he says, it is important to note that everything is not black or white, as hosting the phishing sites could be a violation of the ISP's rules, meaning that it can be perfectly legal for the ISP to remove them.