Menu
Russian-speaking group offers bulletproof hosting in Syria, Lebanon

Russian-speaking group offers bulletproof hosting in Syria, Lebanon

Those supplying services to cybercriminals are looking for places where they won't be shut down, a security company says

A banner advertisement from a Russian-speaking group offering bulletproof hosting services from countries such as Lebanon.

A banner advertisement from a Russian-speaking group offering bulletproof hosting services from countries such as Lebanon.

A Russian-speaking group is advertising "bulletproof" hosting for cybercriminals from data centers in Syria and Lebanon, an apparent effort to place new services in locales where Western law enforcement has little influence.

The advertisement, for a service called "WebHost," was found on a members-only forum called "Korovka.name," according to IntelCrawler, a Los Angeles-based security startup that specializes in profiling the cybercriminal underworld and malicious networks.

Since most ISPs (Internet service providers) diligently monitor their networks for malicious activity, some cybercriminals look for so-called bulletproof hosting, or network connectivity from entities that ignore law enforcement and security companies.

The data center in Lebanon was set up two years ago, and the one in Syria came online some time during the country's chaotic civil war.

"These countries have negative relations with Europe," said Andrey Komarov, IntelCrawler's CEO, via email. "That's why it is a great platform for bulletproof hosting."

Over the past few years, cooperation among nations, law enforcement and ISPs has dramatically improved, in part because of the Convention on Cybercrime treaty, which lays down guidelines for laws and procedures for dealing with cross-border Internet crime.

Countries that conform to the treaty have uniform anti-cybercrime laws and law enforcement contacts available around the clock for fast-breaking investigations, among other requirements. But not all countries abide by the treaty, which can make shutting down budding cybercrime activities difficult in certain regions.

WebHost is offering hardware configuration services on dedicated servers, with a setup time ranging from two to five days. It also offers registration of a subnet of IP addresses, IntelCrawler said. The group says it can offer bulletproof hosting in 25 countries, starting from US$80. Though the time offered for that price wasn't clear, most Web hosting companies charge per month.

But bulletproof hosting has become more tricky to run. Those running networks must connect with other ISPs in order to maintain their connectivity to the Internet. The "peering" arrangements allow small networks to exchange traffic with larger telecommunication providers.

In a famous action in 2008, a U.S.-based ISP, McColo, was cut off from the Internet by its upstream providers. Hurricane Electric and Global Crossing stopped carrying McColo's Internet traffic after it was suspected of aiding cybercriminals in online scams and hosting child pornography.

The Syrian data center appears to be peering with Syrian Telecommunications Establishment (STE), the country's state telecommunications operator, Komarov said. Last year, STE's network was used to host a remote access tool called "DarkComet," which is believed to have been used by the Syrian government to spy on political activists.

IntelCrawler doesn't know yet the IP address range that the center is using, because it appears that information is only revealed to customers. The data center also can't be linked yet to any ongoing malware campaigns, Komarov said.

Syria's Internet connectivity has been unstable for more than two years since the civil war began. The network monitoring company Renesys has chronicled frequent network changes that at times have left parts of the country in the dark.

So it is perhaps not surprising that cybercriminals see an opportunity in the chaos, but spotty connectivity isn't a great selling point, either.

On Monday, most of Syria's Internet was down, said Doug Madory, senior analyst at Renesys.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk

Follow Us

Join the New Zealand Reseller News newsletter!

Error: Please check your email address.

Tags IntelCrawlersecurityDesktop securityExploits / vulnerabilitiesmalware

Slideshows

Top 50 defining moments of the New Zealand channel in 2016

Top 50 defining moments of the New Zealand channel in 2016

Reseller News looks back on a tumultuous 12 months for the New Zealand channel, assessing the fallout from a year of sizeable industry change. Whether it be local or global mergers and acquisitions, distribution deals or job changes, the channel that started the year differs somewhat to the one set to finish it - Reseller News assesses the key moments that made 2016.​

Top 50 defining moments of the New Zealand channel in 2016
​Hewlett Packard Enterprise honours high achieving NZ channel

​Hewlett Packard Enterprise honours high achieving NZ channel

Hewlett Packard Enterprise honoured its top performing Kiwi partners at the second running of its HPE Partner Awards in New Zealand, held at a glitzy ceremony in Auckland. Recognising excellence across eight categories - from distributors to resellers - the tech giant celebrated its first year as a standalone company, following its official split from HP in 2015.

​Hewlett Packard Enterprise honours high achieving NZ channel
Nutanix treats channel partners to Christmas cruise

Nutanix treats channel partners to Christmas cruise

Nutanix recently took to the seas for a Christmas Cruise around Sydney Harbour with its Australia and New Zealand staff, customers and partners to celebrate a stellar year for the vendor. With the sun out, they were all smiles and mingled over drinks and food.

Nutanix treats channel partners to Christmas cruise
Show Comments