Menu
Russian-speaking group offers bulletproof hosting in Syria, Lebanon

Russian-speaking group offers bulletproof hosting in Syria, Lebanon

Those supplying services to cybercriminals are looking for places where they won't be shut down, a security company says

A banner advertisement from a Russian-speaking group offering bulletproof hosting services from countries such as Lebanon.

A banner advertisement from a Russian-speaking group offering bulletproof hosting services from countries such as Lebanon.

A Russian-speaking group is advertising "bulletproof" hosting for cybercriminals from data centers in Syria and Lebanon, an apparent effort to place new services in locales where Western law enforcement has little influence.

The advertisement, for a service called "WebHost," was found on a members-only forum called "Korovka.name," according to IntelCrawler, a Los Angeles-based security startup that specializes in profiling the cybercriminal underworld and malicious networks.

Since most ISPs (Internet service providers) diligently monitor their networks for malicious activity, some cybercriminals look for so-called bulletproof hosting, or network connectivity from entities that ignore law enforcement and security companies.

The data center in Lebanon was set up two years ago, and the one in Syria came online some time during the country's chaotic civil war.

"These countries have negative relations with Europe," said Andrey Komarov, IntelCrawler's CEO, via email. "That's why it is a great platform for bulletproof hosting."

Over the past few years, cooperation among nations, law enforcement and ISPs has dramatically improved, in part because of the Convention on Cybercrime treaty, which lays down guidelines for laws and procedures for dealing with cross-border Internet crime.

Countries that conform to the treaty have uniform anti-cybercrime laws and law enforcement contacts available around the clock for fast-breaking investigations, among other requirements. But not all countries abide by the treaty, which can make shutting down budding cybercrime activities difficult in certain regions.

WebHost is offering hardware configuration services on dedicated servers, with a setup time ranging from two to five days. It also offers registration of a subnet of IP addresses, IntelCrawler said. The group says it can offer bulletproof hosting in 25 countries, starting from US$80. Though the time offered for that price wasn't clear, most Web hosting companies charge per month.

But bulletproof hosting has become more tricky to run. Those running networks must connect with other ISPs in order to maintain their connectivity to the Internet. The "peering" arrangements allow small networks to exchange traffic with larger telecommunication providers.

In a famous action in 2008, a U.S.-based ISP, McColo, was cut off from the Internet by its upstream providers. Hurricane Electric and Global Crossing stopped carrying McColo's Internet traffic after it was suspected of aiding cybercriminals in online scams and hosting child pornography.

The Syrian data center appears to be peering with Syrian Telecommunications Establishment (STE), the country's state telecommunications operator, Komarov said. Last year, STE's network was used to host a remote access tool called "DarkComet," which is believed to have been used by the Syrian government to spy on political activists.

IntelCrawler doesn't know yet the IP address range that the center is using, because it appears that information is only revealed to customers. The data center also can't be linked yet to any ongoing malware campaigns, Komarov said.

Syria's Internet connectivity has been unstable for more than two years since the civil war began. The network monitoring company Renesys has chronicled frequent network changes that at times have left parts of the country in the dark.

So it is perhaps not surprising that cybercriminals see an opportunity in the chaos, but spotty connectivity isn't a great selling point, either.

On Monday, most of Syria's Internet was down, said Doug Madory, senior analyst at Renesys.

Send news tips and comments to jeremy_kirk@idg.com. Follow me on Twitter: @jeremy_kirk


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags malwareExploits / vulnerabilitiesDesktop securityIntelCrawler

Events

EDGE 2024

Register your interest now for EDGE 2024!

Featured

Slideshows

How MSPs can capitalise on integrating AI into existing services

How MSPs can capitalise on integrating AI into existing services

​Given the pace of change, scale of digitalisation and evolution of generative AI, partners must get ahead of the trends to capture the best use of innovative AI solutions to develop new service opportunities. For MSPs, integrating AI capabilities into existing service portfolios can unlock enhancements in key areas including managed hosting, cloud computing and data centre management. This exclusive Reseller News roundtable in association with rhipe, a Crayon company and VMware, focused on how partners can integrate generative AI solutions into existing service offerings and unlocking new revenue streams.

How MSPs can capitalise on integrating AI into existing services
Access4 holds inaugural A/NZ Annual Conference

Access4 holds inaugural A/NZ Annual Conference

​Access4 held its inaugural Annual Conference in Port Douglass, Queensland, for Australia and New Zealand from 9-11 October, hosting partners from across the region with presentations on Access4 product updates, its 2023 Partner of the Year awards and more.

Access4 holds inaugural A/NZ Annual Conference
Show Comments