Bulletproof hosting: why cyber crims can't live without it
Bulletproof hosting services (BPHS) is a critical component of cybercrime that is often overlooked, according to security experts Trend Micro, who says online criminals would not be able to operate without it.
The security firm says local law enforcement agencies usually turn a blind eye to BPHS because BPHS clients do not usually focus on targets in their home country. Specialising in malicious, dangerous or illegal content, bulletproof hosters are home for sites that include a range of potentially harmful content, including fake goods, malware, exploits, C&C components, adult content and child exploitation - complete with customer service, Trend Micro says. BPHS are hardware-, software- or application-based hosting facilities that can store any type of content and executable code, just like any regular hosting service.
Trend Micro says these types of servers can be used to host malicious content, such as phishing sites, pornography, fake shopping and carding sites, and even command-and-control (C&C) infrastructure.
“In short, it’s the foundation by which major cybercriminal operations are built upon,” Trend Micro explains.
Trend Micro says its latest research aims to bring these hosting services to the public eye, offering a look into the more obscure details of cybercrime.
Through extensive research, Trend Micro says the most common malicious content hosted on BHPS consist of fake shopping sites, torrent file download sites, Blackhat SEO pseudo-sites, brute force tools, C&C components and more.
The Trend Micro research found BHPS providers’ business models consist of three models: the dedicated bulletproof server model, in which the provider knowingly hosts malicious content; the compromised dedicated server, where the provider compromises dedicated legitimate servers and rents them out to malicious parties; and abused cloud-hosting services, where legitimate service providers are being used illegally.
Besides hosting malicious content, BHPS providers also earn revenue from other services, such as technical support, infrastructure migration, protection against DDoS attacks and more. Just like a legitimate server hosting practice, they provide supplementary services for their clients, Trend Micro explains.
The price of a hosting server depends on which business model the provider is using as well as the duration of usage. A dedicated server may cost around US$70 a month, while another can cost as much as US$5 for only one attack.