Bulletproof Hosting – Web Hosting used by Hackers

You’ve heard of malware, ransomware, botnets, and the like. What you don’t hear about is the technology behind these threats. These threats all have to come from somewhere, they’re not just out there floating around on the internet- they have to be stored someplace. Since a majority of these threats are illegal in a lot of countries, this is where bulletproof hosting helps facilitate these threats.

To clearly understand what bulletproof hosting is, we should first take a step back and talk about regular hosting. A regular web hosting service is a company that operates a facility, usually what is referred to as a data center, which contains massive amounts of servers. Everything on the Internet needs a place to live, and home is on these servers.

Regular web hosting services provide space on a server, either owned or leased for use by customers. It also provides Internet connectivity so people can reach the websites and data hosted on those servers. Most of these services have strict policies regarding what can and cannot be stored on these servers.

How is Bulletproof Hosting Different from Regular Web Hosting?

Bulletproof hosting operations are similar to regular web hosting, however these companies are a lot more lenient about what can be hosted on their servers. It has somewhat of a “don’t ask, don’t tell” philosophy. Bulletproof hosting services are often found in countries with more relaxed laws about what type content is hosted on these servers, and also have less strict extradition laws, therefore making it easier to evade law enforcement. Due to the different laws in different countries, this creates a huge grey area that allow the owners to claim immunity to what their customers host.

A lot of the owners of these facilities take the approach that they are just a service for customers. Many of these hosting servers have massive amounts on data on them, and it can be very difficult to track every move each customer makes. John Karlung of Banhoff Hosting states that his service is like the postal service—“a mailman doesn’t read the mail, he just delivers it.” He claims that his hosting is a legitimate law abiding service, and that any nefarious activity lies with his customers. He is also an advocate for privacy for his customers, and requires a formal warrant to remove any of his servers.

Where Are Bulletproof Hosting Services Located?

Bulletproof hosting services are found all over the world. There is no single ledger listing every bulletproof hosting nation of residence.

The common consensus is, however, that the majority of services reside in China, Russia, the former-Soviet states (such as Belarus, Ukraine, and Moldova), and a handful of other European, Asian, South American, and North African countries (so, almost everywhere).

Moreover, many bulletproof hosting services register in locations with equally relaxed tax laws, such as the Seychelles and the Cayman Islands.

That’s not to say the US and Europe do not play host to bulletproof hosting services. Before its timely destruction, McColo was one of the largest bulletproof hosting services on the planet and based in San Jose, California (we’ll look at McColo in a little more detail in a moment).

San Jose was also host to the similarly insidious 3FN, hosting a “witches brew” of child pornography, malware, and spam email servers. On the other hand, WikiLeaks regularly moves its servers between a number of secure services situated in Europe and Russia (this due to both security and DDoS protection).

It isn’t all that simple, though. These are highly organized cybercrime services. As such, some places are better suited to hosting certain content.

Let’s say you contact a bulletproof hosting service asking to host your newly written malware. You say you want to host your malware in the Netherlands (due to high connectivity and location services). The service provider might respond that you’d be better off in Ukraine (due to local laws and the difficulty of physically taking servers down).

Clearly, bulletproof hosting service providers have a vested interest in securing new business and will work to ensure the most secure, the fastest, and the best connectivity for their customers.

Taking Down Bulletproof Hosting

The main goal of a bulletproof hosting service is remaining online and remaining secure. Keeping their clientele’s credentials and data intact if law enforcement comes calling. Dhia Mahjoub, a principal engineer at OpenDNS Research, explains more about the processes in his talk at USENIX Enigma 2017:

“Cross-jurisdictional issues are a big challenge. Hosters have very little incentive to change anything. If they take content down, that affects their business,” Mahjoub said. “The vicious thing about these guys is that they spread all across the web and stay under certain thresholds so we won’t notice them. Having friends at a certain ISP or hosting company is very useful.”

 

McColo

Bulletproof hosting takedowns aren’t that common, but it does happen. McColo is one of the most well-known service takedowns in recent times (although nearly 10 years ago now). McColo Corp. was a focal point for scammers, malware purveyors, carders, botnet command and control servers, and much worse.

“At a time when law-enforcement agencies worldwide were just waking up to the financial and organizational threats from organized cybercrime, McColo Corp. had earned a reputation as a ground zero for it: a place where cybercrooks could reliably set up shop with little worry that their online investments and schemes would be discovered or jeopardized by foreign law-enforcement investigators.”

In his book, Spam Nation, Brian Krebs details the horrific demise of Nikolai McColo in a street race in central Moscow. McColo, then 23, had built his burgeoning bulletproof hosting service from the ground up from the age of 19.

But despite McColo’s leader and namesake passing it wasn’t until a year later, in 2008, when Krebs’ Washington Post exposé (really worth the read, by the way) on the astonishing level of malicious activity at McColo finally forced the wider internet’s hand, pulling the plug on all connections to McColo IP ranges.

Overnight, global spam traffic saw a 50 to 75 percent reduction. Millions of zombie computers were instantly cut off from their control servers. The Mega-D, Pushdo, Rustock, Warezov, and Srizbi botnets took hard hits (Srizbi was capable of sending an estimated 60 billion spam emails a day, over half the global total of 100 billion).

And spam purveyors, along with other nefarious individuals and organizations, lost huge portions of their infrastructure. Some prolific spammers actually lost their entire spam email lists, hosting them on McColo’s servers.

bulletproof hosting explained

Bulletproof Hosting Takedowns Aren’t Easy

Formulating the takedown of a bulletproof hosting service isn’t easy. McColo only met its demise after a long investigation by Brian Krebs in conjunction with other security researchers and law enforcement agencies. If it were easy, the government would simply pop a takedown notice in the fax machine and send it to the host nation.

It requires a concerted effort between numerous parties to stick. And even then, if the host nation turns a blind eye, it is all for nothing. Dhia Mahjoub’s USENIX talk also details the complexity of attempting to shut down bulletproof hosting services on foreign soil.

Sometimes law enforcement agencies cannot even shut down local bulletproof hosting services because of complicated registration structures and mirroring services in other nations.

The protectionist nature of the bulletproof hosting services usually prolongs the process too. Services have mitigation strategies. Service owners know how long they can hold out before acquiescing to formal takedown requests.

And even then, they can give customers a few days to move their operations to another bulletproof service provider.

Best Hosting Providers used by Hackers

1. AbeloHost

Abelohost servers are located in the Netherlands and guarantees their clients with Total Data Privacy, Data Security, and a Wide Range of Content Acceptability. All hardware is privately owned and inaccessible other than by the AbeloHost team and datacenter personnel.

Apart from physical security, Dutch law regulation protects the privacy of all stored data in the Netherlands, ensuring customers of legal security as well.

Features

  • Offshore Hosting – Servers located in Netherlands
  • Accepts Multiple Payment methods (including bitcoin & altcoin)
  • Value Data Privacy
  • Flexible Content Policy
  • Bare Metal Servers
  • TIER II datacenter ISO 27001 & 9001 certified

 

 

2.RockHoster

Features

  • Offshore Hosting and Onshore Web Hosting
  • One of the cheapest hosting
  • PHP, MYSQL, cPanel
  • 24/7 Support.
  • Accepts multiple payments (Bitcoin and other cryptos)
  • Teamspeak 3 Servers support
  • Reliable for the price you pay

 

 

Final Considerations on Web Hosting

1.Get Offshore Hosting

Offshore hosting is nothing but hosting your website, data or application to a far-off Datacenter location from your place of origin. There are many reasons for taking your hosting offshore, reasons like hosting copyrighted content, DMCA content , Hacking websites, adult content and warez hosting are a few amongst them.

2. Get Hosting in Countries outside the international surveillance alliances

3. Make sure the hosting providers accepts Bitcoin to increase anonymity.

Leave a Reply

Your email address will not be published. Required fields are marked *