Bulletproof hosting

This is a good article. Click here for more information.
Source: Wikipedia, the free encyclopedia.
A former NATO-bunker in the Netherlands, which housed bulletproof hosting provider CyberBunker.

Bulletproof hosting (BPH) is

illegal pornography, botnet command and control servers, spam, copyrighted materials, hate speech and misinformation, despite takedown court orders and law enforcement subpoenas, allowing such material in their acceptable use policies.[2][3][4]

BPH providers usually operate in jurisdictions which have lenient laws against such conduct. Most non-BPH service providers prohibit transferring materials over their network that would be in violation of their terms of service and the local laws of the incorporated jurisdiction, and oftentimes any abuse reports would result in takedowns to avoid their autonomous system's IP address block being blacklisted by other providers and by Spamhaus.[5]

History

BPH first became the subject of research in 2006 when security researchers from

Washington Post reporter Brian Krebs on his Security Fix blog on that newspaper.[9][10]

Difficulties

Since any abuse reports to the BPH will be disregarded, in most cases, the whole IP block ("netblock") assigned to the BPH's autonomous system will be blacklisted by other providers and third party spam filters. Additionally, BPH also have difficulty in finding network peering points for establishing Border Gateway Protocol sessions, since routing a BPH provider's network can affect the reputation of upstream autonomous systems and transit provider.[11] This makes it difficult for BPH services to provide stable network connectivity, and in extreme cases, they can be completely de-peered;[1] therefore BPH providers evade AS's reputation based fortification such as BGP Ranking and ASwatch through unconventional methodologies.[2]

Web hosting reseller

According to a report, due to their mounting difficulties, BPH providers engage in establishing

fraud detection.[1] Therefore, BPH conceals itself behind lower-end hosting providers, leveraging their better reputation and simultaneously operating both bulletproof and legitimate resells through the sub-allocated network blocks.[12] However, if the BPH services are caught, providers of BPH migrate their clients to a newer internet infrastructure—newer lower-end AS, or IP space—effectively making the blacklisted IP addresses of the previous AS ephemeral; thus continuing to engage in criminal conduct by modifying the DNS server's resource records of the listening services and making it point to the newer IP addresses belonging to the current AS's IP space.[12] Due to privacy concerns, the customary modes of contact for BPH providers include ICQ, Skype, and XMPP (or Jabber).[13][14]

Admissible abuses

Most BPH providers promise immunity against

extradition treaty or mutual legal assistance treaty (MLAT) signed with the five eye countries, particularly the United States.[15][16][17] However, most BPH providers have a zero-tolerance policy towards child pornography and terrorism, although a few allow cold storage of such material given forbidden open-accessibility via the public internet.[18]

Prevalent jurisdictions for incorporation and location of the data centers for BPH providers include Russia (being more permissive),[19] Ukraine, China, Moldova, Romania, Bulgaria, Belize, Panama and the Seychelles.[20][21]

Impacts

BPH services act as vital network infrastructure providers for activities such as cybercrime and

cyberattacks, usually targeting low-profile unpretentious network services and individuals.[24][25] According to a report produced by Carnegie Mellon University for the United States Department of Defense, low-profile amateur actors are also potent in causing harmful consequences, especially to small businesses, inexperienced internet users, and miniature servers.[26]

Criminal actors also run specialized computer programs on BPH providers knowns as

court orders and takedown attempts by law enforcement.[29]

Counterinitiatives against BPH

international nonprofit organization that monitors cyber threats and provides realtime blacklist reports (known as the "Badness Index") on malicious ASs, netblocks, and registrars that are involved in spam, phishing, or cybercrime activities. The Spamhaus team works closely with law enforcement agencies such as National Cyber-Forensics and Training Alliance (NCFTA) and Federal Bureau of Investigation (FBI), and the data compiled by Spamhaus is used by the majority of the ISPs, email service providers, corporations, educational institutes, governments and uplink gateways of military networks.[30][31][32] Spamhaus publishes various data feeds that list netblocks of the criminal actors, and is designed for use by gateways, firewalls and routing equipments to filter out (or "nullroute") traffic originating from these netblocks:[11]

Notable closed services

The following are some of the notable defunct BPH providers:

See also

References

  1. ^ a b c McCoy, Mi & Wang 2017, p. 805.
  2. ^ a b Konte, Feamster & Perdisci 2015, p. 625.
  3. ^ Han, Kumar & Durumic 2021, p. 4.
  4. ^ "Host of Internet Spam Groups Is Cut Off". The Washington Post. 12 November 2008. Archived from the original on 22 June 2020. Retrieved 4 December 2021.
  5. ^ Han, Kumar & Durumic 2021, p. 5-6.
  6. Washington Post. Archived
    from the original on 15 September 2021. Retrieved 5 January 2022.
  7. ^ Warren, Peter (15 November 2007). "Hunt for Russia's Web Criminals". The Guardian. Archived from the original on 25 November 2021. Retrieved 5 January 2022.
  8. ISSN 1063-9527
    .
  9. ^ Krebs, Brain (12 November 2008). "Host of Internet Spam Groups Is Cut Off". The Washington Post. Archived from the original on 27 May 2012. Retrieved 5 January 2022.
  10. ^ Krebs, Brain. "Major Source of Online Scams and Spams Knocked Offline". Archived from the original on 30 September 2021. Retrieved 5 January 2022.
  11. ^ a b Spamhaus Research Team (19 December 2019). "Bulletproof hosting – there's a new kid in town". The Spamhaus Project. Archived from the original on 22 April 2021. Retrieved 21 December 2021.
  12. ^ a b McCoy, Mi & Wang 2017, p. 806.
  13. ^ McCoy, Mi & Wang 2017, p. 811.
  14. ^ Goncharov, Max (15 July 2015). "Criminal Hideouts for Lease: Bulletproof Hosting Services" (PDF). Trend Micro. Archived (PDF) from the original on 19 July 2021. Retrieved 5 December 2021.
  15. ^ Leporini 2015, p. 5.
  16. ^ Clayton & Moore 2008, p. 209.
  17. ^ Konte, Feamster & Jung 2008, p. 10.
  18. ^ Kopp, Strehle & Hohlfeld 2021, p. 2432.
  19. ^ Caesar, Ed (27 July 2020). "The Cold War Bunker That Became Home to a Dark-Web Empire". The New Yorker. Archived from the original on 29 September 2021. Retrieved 5 December 2021.
  20. ^ Thomas, Elise (8 August 2019). "Inside the bulletproof hosting providers that keep the world's worst websites in business". ABC News. Archived from the original on 4 September 2021. Retrieved 5 November 2021.
  21. ^ Richardson, Ronny; North, Max M. (1 January 2017). "Ransomware: Evolution, Mitigation and Prevention". International Management Review. 13 (1). Kennesaw State University: 13.
  22. ^ Collier & Hutchings 2021, p. 1.
  23. ^ Collier & Hutchings 2021, p. 1-2.
  24. ^ Bradbury 2010, p. 17.
  25. ^ Collier & Hutchings 2021, p. 2.
  26. doi:10.1184/R1/6583673.v1
    .
  27. ^ Durumeric, Zakir; Bailey, Michael; Halderman, J. Alex (August 2014). An internet-wide view of internet-wide scanning. USENIX conference on Security Symposium. USENIX. pp. 65–66.
  28. doi:10.1145/3196494.3196537
    .
  29. ISSN 1353-4858
    .
  30. S2CID 58006624
    . Retrieved 22 December 2021.
  31. ^ Grauer, Yael (17 January 2016). "Security News This Week: Tim Cook Demands That the White House Defend Encryption". Wired. Archived from the original on 23 April 2021. Retrieved 22 December 2021.
  32. ^ "Corporate Documents: About Spamhaus". Archived from the original on 14 December 2021. Retrieved 22 December 2021.
  33. ^ "The Spamhaus Don't Route Or Peer Lists". The Spamhaus Project. Archived from the original on 21 December 2021. Retrieved 22 December 2021.
  34. ^ "The Domain Block List (DBL)". The Spamhaus Project. Archived from the original on 21 December 2021. Retrieved 22 December 2021.
  35. ^ "Spamhaus Botnet Controller List". The Spamhaus Project. Archived from the original on 26 August 2020. Retrieved 22 December 2021.
  36. ^ Krebs, Brian (28 September 2019). "German Cops Raid 'Cyberbunker 2.0', Arrest 7 in Child Porn, Dark Web Market Sting". Krebs on Security. Retrieved 10 June 2021.
  37. ^ "Major Source of Online Scams and Spams Knocked Offline", The Washington Post, November 2008.
  38. ^ "Security Fix - Russian Business Network: Down, But Not Out". The Washington Post. Retrieved 2016-10-07.
  39. ^ "Scammer-Heavy U.S. ISP Grows More Isolated", The Washington Post, September 2009.
  40. ^ "The Fallout from the 3FN Takedown", The Washington Post, June 2009.
  41. ^ "ISP shuttered for hosting 'witches' brew' of spam, child porn", The Register, May 2010
  42. ^ "Rogue ISP ordered to liquidate, pay FTC $1.08 million", Ars Technica, May 2010.
  43. ^ 'Bulletproof' ISP for crimeware gangs knocked offline, , The Register, May 2010.

Bibliography

Retrieved from "https://en.wikipedia.org/w/index.php?title=Bulletproof_hosting&oldid=1219169857"