Bulletproof hosting

When hearing about security breaches and typically cybercrime, one is sometimes left wondering, where are these servers hosted and why can't they be stopped?

3 min read


By Lars-Erik Wollan


December 14, 2019

When hearing about security breaches and typically cybercrime, one is sometimes left wondering, where does these attacks originate. Who run these servers why can't they be stopped? Nefarious schemes also require reliable, stable hosting, pretty much the same as regular services.

Distributed denial of service attack (also known as DDOS-attacks) is one of the common attacks on computer systems or other network infrastructure on the net. In a DDOS scenario, a service or host, is flooded with coordinated requests from a large number of clients, or computers in the internet. These computers are typically under the control of a botnet. A botnet is a collection of computer devices under control of a third party. They devices are typically compromised by some malware or other attack. The member devices of such a network, is sometimes referred to as bot. Th botnet can contain anything from compromised blade servers in data centres or an IOT device on your home network. Once the attack is complete, the zombie, either goes back idle or they are reassigned to some other task by the botnet. The bots can have a short or long lifespan in the botnet, they are expandable.

Other attacks, such as deployment of malware, ransomware or command and control servers, needs some more permanent presence on the internet. If the attack requires a more persistent point of contact, a botnet may not be reliable enough. The alternative would be to host the service with a hosting provider. The hosting providers may not be as forgiving when they notice that their customers are spreading malicious content or breaking the law in some form or another. If a botnet loses its command and control centre, the whole operation may be stopped, and any financial gains lost.

Bulletproof hosting providers provide services, which at first glance are the same as services from normal hosting providers, servers, redundancy and customer support. They also provide anonymous payment methods such as cryptocurrencies or even cash to avoid a paper trail or traceable credit cards. A common thing is that the servers are hosted in countries with a more relaxed law when it comes to what content is considered illegal. Without the legal framework required for a take down, the bulletproof hosting provider keep their servers running without too much interference.

Some providers take this ever further by renting out compromised servers and stolen cloud service accounts. These servers can be used for short term task, such as specific attacks or just computer intense tasks, password hashing for example.

The availability of bulletproof hosting providers seems to indicate that there is a thriving market for such services. But as these services become more prevalent, they are also exposing themselves to authorities. But as soon at one provider is taken down, it seems that another enterprising start-up sees an opportunity and announces their bulletproof services.