Weakening the Bulletproof Hosting Infrastructure

Friday, August 27, 2010

Nathaniel Markowitz


This is the eighth part in series of articles derived from the a graduate research project entitled "A Preliminary Survey of the Bulletproof Hosting Landscape" (Part 1) (Part 2) (Part 3) (Part 4) (Part 5) (Part 6) (Part 7)

Authors: Nathaniel Markowitz, Jonathan Brown, Amanda Cummins, Erin Greathouse, Christopher Kanezo, David McIntire, Thomas Saly, Toby Taylor, Louis Ulrich, Desiree Williams

Previous analysis in this series suggests several possible strategies to attack the BP hosting landscape. Particularly, these strategies focus on minimizing the positive aspects of the BP hosting model, while maximizing the negative.

Though some of the above factors will prove to be particularly recalcitrant to redress, some offer concrete, achievable approaches.

One strategy addressing the strengths would be to increase pressure on registrars to collect and verify accurate information. This has the potential to dramatically reduce the anonymity of such activities.

Moreover, more attention should be paid to those registrars that do not adhere to these standards. The name-and-shame tactics that have worked successfully in shutting down or improving the behavior of ISPs should be applied to registrars as well.

A strategy for exploiting the weakness of BP hosting would be to attack the communication infrastructure. For example, taking down a forum known to allow advertising of BP hosting would represent a significant setback for cyber-criminals.

This would create at least a small lag for resuming operations because of the time required to create and discover new forums for advertising and communication.

Additionally, if standards could be established for addressing illicit use of communication methods such as email, ICQ, Skype and Jabber, another key component for successful operations could be removed.

If the major communication providers published these standards, evidence could easily be provided to them to demonstrate abuse. This could create an even more considerable lag for resuming operations while at the same time increasing the complexity required for operating such businesses.

Another weakness that should be vigorously attacked is the payment structures used in these activities. While a great deal of pressure has been exerted on some Internet payment services, it needs to be expanded to the entire sector.

Western governments should apply the same measures to these Internet companies as they do to foreign banks suspected of being affiliated with criminal activities.

Another possible point of intervention would be pressuring those companies that translate Internet money into concrete currency. If these companies were pressured to demand that their clients adhere to certain standards, it would further undermine the flow of money that is the lifeblood of cyber-crime.

Encouraging state reform and increased international cooperation on cyber-criminal activities is unlikely to have much short term impact on BP hosting. Despite this, however, efforts to improve both of these factors must be pursued diligently.

Just as regimes governing international communication infrastructure have emerged slowly in the past, so they could with respect to the Internet.

Exploiting the threats to BP hosting presents the most promising strategies for intervention. For one thing, partnership between government, law enforcement, and the private sector should be encouraged.

The private and public sectors offer complimentary resources and expertise that could be combined to increase the effectiveness of analysis.

Along these lines, there are a variety of powerful analytical tools that the public has only limited access to. Many of these tools require paid subscriptions to access their most powerful components.

Directing resources that would allow cheaper (or even free) access to these tools could truly unleash the untapped potential of the open-source community to research and investigate criminal activity.

Finally, resources would be well spent educating the public on safe computing practices. Many of the commodities that cyber-criminals sell are collected through social engineering schemes or malware that exploit popular ignorance.

This strategy has the potential to at least mitigate the supply of some of the inputs that make cyber-crime so profitable (such as credit card numbers, logins/passwords, and important identifying information such as social security numbers).

These strategies represent but a handful of the weapons available to attack the BP hosting landscape. While effective individually, there is a force multiplier effect that would accompany simultaneous implementation.

A concerted, sustained attack should be mounted on all components of the BP hosting model. All it takes is dislodging one of the elements of this model to disrupt their operations.

For more information: bphresearchgroup@gmail.com


We would like to thank the University of Pittsburgh, Graduate School of Public and International Affairs for providing the resources to make this research project possible. We would also like to thank Palantir Technologies for allowing us to use their software in our analysis. Finally, a very special thanks goes to Matt Ziemniak and Jim Beiber for their patience, help and guidance and for creating a research environment that was both enriching and enjoyable.

Possibly Related Articles:
Web Application Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.