Authored by a Symantec employee
You’ve heard of malware, ransomware, botnets, and the like. What you don’t hear about is the technology behind these threats. These threats all have to come from somewhere, they’re not just out there floating around on the internet- they have to be stored someplace. Since a majority of these threats are illegal in a lot of countries, this is where bulletproof hosting helps facilitate these threats.
To clearly understand what bulletproof hosting is, we should first take a step back and talk about regular hosting. A regular web hosting service is a company that operates a facility, usually what is referred to as a data
center, which contains massive amounts of servers. Everything on the Internet needs a place to live, and home is on these servers. Regular web hosting services provide space on a server, either owned or leased for use by customers. It also provides Internet connectivity so people can reach the websites and data hosted on those servers. Most of these services have strict policies regarding what can and cannot be stored on these servers.
How is Bulletproof Hosting Different from Regular Web Hosting?
Bulletproof hosting operations are similar to regular web hosting, however these companies are a lot more lenient about what can be hosted on their servers. It has somewhat of a “don’t ask, don’t tell” philosophy. Bulletproof hosting services are often found in countries with more relaxed laws about what type content is hosted on these servers, and also have less strict extradition laws, therefore making it easier to evade law enforcement. Due to the different laws in different countries, this creates a huge grey area that allow the owners to claim immunity to what their customers host.
A lot of the owners of these facilities take the approach that they are just a service for customers. Many of these hosting servers have massive amounts on data on them, and it can be very difficult to track every move each customer makes. John Karlung of Banhoff Hosting states that his service is like the postal service—“a mailman doesn’t read the mail, he just delivers it.” He claims that his hosting is a legitimate law abiding service, and that any nefarious activity lies with his customers. He is also an advocate for privacy for his customers, and requires a formal warrant to remove any of his servers.
What Kind of Threats Reside on These Servers?
Exploit Kits These servers can host exploit kits, which are malicious toolkits that attackers use to help exploit a computer. The kits are methods of injecting malware onto an unsuspecting user’s machine via software vulnerabilities.
Botnet Command and Control Centers A botnet command and control center is the master controller of a botnet. Botnets are computers infected by malware that allow the hacker to gain control in order to send out spam, malware, spyware and control other computers, turning them into another bot in the group.
Nefarious Storage Services:
Data Stashes They can also store stolen data that has been obtained via data breaches, corporate espionage, credit card databases and more. It is safer to store this type of data in one of these servers for a few reasons. These data havens usually have backup systems in place and are extremely secure. Additionally, in the event that the cybercriminal were apprehended, the authorities will not find the data stored on their personal equipment.
Malware Storage Hackers can store their entire malware and tool library on these remote servers, as these servers provide larger storage options than a home computer.
Black Market Websites People can also host “hidden” websites on these servers. These sites host pornography, online gambling, and black market websites on the deep web. We spoke with an operator of one of these sites, and he stated that his site sells illegal items such as stolen PayPal accounts, hacking software, ransomware kits and tutorials. Other black market websites can have anything under the sun sold on them, such as credit card numbers, fake passports, drugs, illegal animals and even offer services such as hit men and hackers for hire.
Norton can also help you stay ahead of the threats with Norton Security.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.