Physical Address
304 North Cardinal St.
Dorchester Center, MA 02124
For years, gray-market The services known as the “bulletproof” host have become a key tool without asking any questions to maintain an anonymous web infrastructure for cyber criminals. However by scramble as the Global Law enforcement Crack down on digital threatsThey have created strategies to get customer information from these hosts and have a growing target of people behind the services with complaints. At the Cyber ​​Crime-Centric Conference in Arlington, Virginia today, the researcher Thibault Cerat mentioned in Sylhetkon how this shift has pushed both the bulletproof hosting company and criminal customers to alternative methods.
Law enforcement is leaning toward the purpose-built proposal to provide some service provider instead of relying on the web host to find ways to manage out of reach VPNS And other proxy services are rotating customer IP addresses and providing infrastructure as a means of masking and does not deliberately log the traffic or mix traffic from many sources together. And even though the technology is not new, Cerat and other researchers have emphasized the wire that the transformation between the use of proxy between cybercrimals for the past few years is significant.
“The matter is that you technically a node traffic is bad and what traffic is better you cannot distinguish technically,” Cerat, a researcher in the threat intelligence agency Tim Simru, Tim Simru. “This is a proxy service magic – it is good to say who you are. It is good in terms of internet independence, but it is very hard to analyze what is happening and detect bad activities, it’s very hard”. “
The main challenge of addressing cyber criminal activity hidden by the proxy is that services can be even initially valid, benign traffic facilities. Criminals and agencies who do not want to lose them as clients are especially known as what is known as “Residential Proxy,” An array of decentralized nodes that can also operate on consumer devices-even old Android phones or low-end laptops-real, rotated IP addresses are determined at homes and offices. These national services can also protect the contaminated traffic, but also provide privacy and provide privacy.
It shows such polluted traffic from trusted consumer IP addresses, the attackers make the company’s scanners and other threat identification tools more difficult to identify suspicious activities. And, severely, residential proxy and other decentralized platforms that are driven to separate customer hardware reduces the insight and control of a service supplier, making law enforcement more difficult to get something useful from them.
“The attackers have been increasing the use of their residential networks for the last two to three years,” Ronnie Tokzovsky, a longtime digital scams researcher and non -profit detective, said. “If the attackers come from the same residential ranges, such as employees of a target organization, it is more difficult to track it”
The criminal use of proxies is not new. For example, the US judiciary said in the 2016 2016 that one of the obstacles to the one -year investigation of the infamous people The “snowfall” cyber criminal platform was the use of the service A “Fast-Flux” hosting method that continuously changes the proxy IP addresses and hides the platform’s malicious activity. However, the emergence of proxies as a gray-market service instead of developing in the house of the attackers is an important change.
“I still do not know how I can improve the proxy issue,” Team Simru told Cerat Ward. “I guess the law enforcement may notice the contaminated proxy suppliers known as bulletproof hosts. But in general, the proxies are the whole internet service used by everyone. Even if you are taking a contaminated service, it does not solve the greater challenge.”