Criminal services – Bulletproof hosting

Criminal services – Bulletproof hosting
Digital Shadows Analyst Team
Read More From Digital Shadows Analyst Team
January 21, 2016 | 2 Min Read

Cybercrime can be a lucrative business if you do it well. But how do criminals ensure the success of their schemes without interference from law enforcement or industry-led interventions, such as takedowns?

The answer is a criminal service known as “bulletproof” hosting.

Possibly the largest facilitator of online crime, so-called “bulletproof” hosters provide protected internet infrastructure for serving up illicit content, whether that be malware command and control servers, phishing pages, online shops selling stolen credit cards, money-mule recruitment sites or in fact, most other online criminal schemes. These services will often not respond to requests to remove material, or alternatively, respond as if they had taken the right steps but simply move the material to another location on infrastructure they control.

In an historical case, the creators of the banking malware known as Gozi were accused of being responsible for tens of millions of dollars of losses. In the case, despite having no knowledge of the malware itself, one of the accused was indicted for his role in the conspiracy for knowingly providing bulletproof hosting to the malware operators.

Hosters can buy or rent servers from upstream providers to resell and can be based anywhere in the world. In the Gozi case, the operator was based in Romania, where local law-enforcement there were able to work with US investigators leading to the arrest but in jurisdictions where relationships between countries are not as good, this can prove a major obstacle.

It is not always obvious if a hosting provider is acting with criminal intent – some hosters may be unknowingly exploited by criminals. However, some are rather more obvious about it. See Figure 1 for an overt example such a service, which openly offers solutions for all your malware and phishing needs.

bullet proof hosting

Figure 1 – dark web advertisement for bulletproof hosting.

Costs for bulletproof services can be much higher than legitimate hosting solutions and the service continues to prove popular on the criminal underground, offering a potentially low risk, high reward and scalable business model. If done carefully, operators can act with anonymity and impunity, making them difficult for law-enforcement to detect and bring to justice.

For organizations that suffer from such activity, bulletproof hosting can be problematic. However, by tracking threat actors, their techniques and motivations, organizations can better understand the threat landscape and adjust their security postures accordingly.

Access Our Threat Intel In Test Drive

Test Drive SearchLight Free for 7 Days
Try It Now

Connect with us

Related Posts

Holiday Cybercrime: Retail Risks and Dark Web Kicks

Holiday Cybercrime: Retail Risks and Dark Web Kicks

November 19, 2020 | 7 Min Read

The holidays are right around the corner,...
To Code or Not to Code? Cybercriminals and the world of programming

To Code or Not to Code? Cybercriminals and the world of programming

November 12, 2020 | 9 Min Read

If you keep a pulse on the technology sector...
Work Smarter, Not Harder: The Evolution of DDoS Activity in 2020

Work Smarter, Not Harder: The Evolution of DDoS Activity in 2020

November 10, 2020 | 10 Min Read

Ransomware operations have undoubtedly...
A Eulogy for Maze: The end of a ransomware era?

A Eulogy for Maze: The end of a ransomware era?

November 9, 2020 | 6 Min Read

Maze— a high profile ransomware gang in...