A cyber criminal economic network ensures the continued operations of illicit activities on the web, a new report has found.
According to the Criminal Hideouts for Lease: Bulletproof Hosting Services report by security firm Trend Micro, criminals find economic infrastructure for their internet activities through hosting malicious content on Bulletproof Hosting Services (BPHS).
These hosting services typically take serious measures to guard against law enforcement activities and will readily host content for a fee.
“The reputation of BPHS providers also relies on how long they’ve been serving customers in the cyber criminal underground without having to change their name or domain. Being able to keep their name or domain for a long time shows that they are able to ensure the confidentiality of their customers’ activities from the prying eyes of security researchers and law enforcers,” the report says.
Pricing for hosting depends on the kind of content being hosted. For low risk content, BPHS providers will charge around $2 per month, but that price goes up to $300 for “critical infrastructure projects or high-risk content”.
Some of the high risk content includes child pornography and exploitation as well as malware and botnet command and control software hosted mainly on servers located in China, Bolivia, Iran, and the Ukraine.
The most common sites hosted by BPHS infrastructure are fake shopping sites, followed by torrent file download sites and search engine optimisation tools designed to steal internet advertising revenue.
Overall, Panama is one of the most popular countries to host BPHS providers, but Trend Micro was careful to point out that it is difficult to track exactly where these operators are.
Foreign hosting is also useful in combating law enforcement efforts to track down bad actors, the firm added.
“Local law-enforcement authorities have an easier time tracking attackers who go after victims from their host country. These attackers are, after all, under the law enforcers’ jurisdiction. In such cases, BPHS providers are forced to move to other countries that have laxer laws.”
The company cited the Pirate Bay torrent site, which was the target of US law enforcement.
“Before it was taken down in 2009, it moved its operations to the Ukraine and has almost had no problems since then. This could be due to the fact that under Ukrainian communication laws, providers are not responsible for what their customers do. It also has multiple backup servers in various countries.”
In the criminal underworld, the ability to launch cyber attacks depends on the ability to keep servers operating anonymously and BPHS provides the key infrastructure to facilitate their activities.
“Almost every BPHS provider rents out machines that can be used as VPN exit nodes. Bad actors, however, often use stolen machines as VPN exit nodes. The second option is actually cheaper and quite stable. Bad actors can have two to five exit points for less if they avail of a real BPHS provider’s offerings,” says the Trend Micro report.
Trend Micro said in its report that key to the survival of BPHS providers is to ensure that they maintain an air of legitimacy.
“These BPHS operators make their infrastructure appear as legitimate as possible to avoid arousing suspicion from law enforcement. They also make their servers as take-down-proof as possible. This is why cyber criminals often avail of their services.”