PREVIOUS ARTICLENEXT ARTICLE
PRESS RELEASE
By 31 August 2015 | Categories: Press Release

0

VIEWING PAGE 1 OF 1

By Ihab Moawad, Vice President MMEA and CIS at Trend Micro

A new research paper from the threat research team at Trend Micro has taken a closer look at a part of the cybercriminal underground that you have probably never crossed your mind - Bulletproof Hosting Services (BPHSs).  

What do these services entail? Simply put, just as a real-world crime ring operation would need a hideout where they would store their contraband and stolen goods, so do cybercriminals. A cybercriminal can use BPHSs to hide their malicious tools (malware, components, browser exploit kits, etc.), serve as botnet command centres, act as repositories of stolen information, or host sites used in phishing, pornography or scams.

The smooth flow of transactions on BPHSs is ensured through their strategic location in places that are inconspicuous enough to avoid seizure or the attention of authorities. These spaces are designed to protect malicious activity against law enforcement, giving cybercriminals the much-needed loophole to wriggle out of and escape the clutches of both the law and the IT security industry.

The local scoop

Bulletproof hosting servers are hardware-, software- or application-based hosting facilities that can store any type of content or executable code. However, unlike regular hosts, these servers can primarily host malicious content like phishing sites, pornography, fake shopping and carding sites and command and control (C&C) infrastructure.

Operations on BPHSs are complex, which diversifies bulletproof-hosting-server structures. On the one hand, bulletproof hosts need to offer solid services that ensure stability for customers and on the other BPHS providers aspire to appear as legitimate as possible so authorities won’t shut them down. In addition to this bulletproof host owners rent hardware colocation facilities in various countries to ensure the continuity of their operations. They usually rely on countries with lax laws to minimise the risk of being blacklisted or shut down.

In Trend Labs’ observation of South Africa it found that the country has some of the more solid implementations against cybercrime. And in previous research the team did on cybercriminal potential in Africa, it noted that existing legislation, like the Electronic Communications and Transactions Act of 2002 in South Africa, makes hosting providers liable for malicious content hosted on their servers, although only to a certain extent.

So far, Trend Labs hasn’t seen anything critical that would implicate South Africa as a hub for bulletproof hosting. But examples like the recent hack of the online adultery site, Ashley Madison, that saw cybercriminals threaten to expose the names of 175 000 (according to MyBroadband) South Africans, exemplify that no one is out of reach of cybercriminals if they see something to gain. Governments should still have fast and assured implementations against BPHS and work closely with law enforcement agencies that concentrate on taking down these types of services.

 The art of BPHSs

The craft of hiding a BPHS involves learning how to put up a legitimate façade. Like real-world crime rings that may rent out an apartment or a shop as a cover for the devious activities going on in the back room, BPHSs look innocent on the surface. But BPHS providers are known to allow customers to host any type of content – even if it is malicious – as long as they cough up the cash. This is however, only one of the business models of BPHSs uncovered by Trend Micro.

The BPHS model described above is called a dedicated bulletproof server. Those who operate under this model know exactly what they are doing and use this business model to allow their customers to host content that may be considered illegal in certain countries. The second BPHS business model observed was compromised dedicated servers. In this model BPHS providers compromise dedicated servers and rent these out to parties to host malicious content. This is a temporary setup and once the real owner of the compromised server detects the anomaly, the BPHS provider can no longer use the server.

Model three involves the abuse of cloud-hosting services. Trend Labs states that the BPHS providers in this case can be thought of as strict landlords who run an honest business. They lease “units” to tenants and don’t tolerate rule breakers, but this doesn’t stop tenants from engaging in illegal activities in the privacy of their own “units”.

The goods

Content hosted by BPHS providers differs in certain countries or regions but generally include things like fake shopping sites, torrent file download sites, blackhat search engine optimisation pseudo sites, brute forcing tools and C&C components.

In addition to these services, customers can also get virtual private networks (VPNs), which are hosting facilities that act as exit points to protect their owners’ privacy from security researchers and law enforcement agencies. Hosted Warez forums provide information on overriding protective measures against software and hardware piracy. They refer to sites where key generators, cheat codes and commercial software can be obtained for free.

There are also sites that host files that violate the Digital Millennium Copyright Act (DMCA) and contain myriad commercially available copyrighted content which can be downloaded free of charge. The treasure trove of a cybercriminal’s dreams comes in the form of BPHSs that host all kinds of tools used for spam purposes for financial gains – these too are readily available.

As for who these mysterious providers are, Trend Labs states that the Russian Business Network (RBN) can be considered one of the first big BPHS providers. It was rooted on free-hosting service providers like narod.nu, GeoCities.com (now Yahoo! Small Business), ucoz.ru and tripod.com, which were ad based.

As time passed, those who wanted to earn from cybercrime required “professional” hosting services in the form of bulletproof servers and though RBN provided services worldwide, it primarily served local clients. This inevitably caused the trend to spread.

So how do we get rid of BPHS? The way in which international laws protect or turn a blind eye to services like these needs to change if we have a hope of snuffing out BPHSs. Unless this changes, cybercriminals will continue to thrive.

VIEWING PAGE 1 OF 1

USER COMMENTS

Read
Magazine Online
TechSmart.co.za is South Africa's leading magazine for tech product reviews, tech news, videos, tech specs and gadgets.
Start reading now >
Download latest issue

Have Your Say


What new tech or developments are you most anticipating this year?
New smartphone announcements (44 votes)
Technological breakthroughs (28 votes)
Launch of new consoles, or notebooks (14 votes)
Innovative Artificial Intelligence solutions (28 votes)
Biotechnology or medical advancements (21 votes)
Better business applications (132 votes)