Internet Anthropologist Think Tank: Complications in the "cybercrime cloud"

  • Search our BLOG

  • HOME
    Terrorist Names SEARCH:

    Thursday, February 26, 2009

    Complications in the "cybercrime cloud"

    Genius article by Dancho Danchev


    With VPN-enabled malware infected hosts easily acting as stepping stones thanks to modules within popular malware bots, next to commercial VPN-based services, the cost of anonymizing a cybecriminal's Internet activities is not only getting lower, but the process is ironically managed in data retention heavens such as the Netherlands, Luxembourg, USA and Germany in this particular case, by using the services of the following ISPs: LeaseWeb AS Amsterdam, Netherlands; ROOT-AS root eSolutions; HOPONE-DCA HopOne Internet Corp.; NETDIRECT AS NETDIRECT Frankfurt, DE...

    Operating since 2004, yet another "cybercrime anonymization" service is using the bandwidth of legitimate data centers in order to run its VPN/Double/Triple VPN channels service 

    Description of the service:

    "- We will never sought to make the service cheaper than saving the safety of customers.
    - Our servers are located in one of the most stable and high-speed date points (total channel gigabita 1.2) 
    - Only we have the full support service to the date of the center, which prevents the installation of sniffers and monitoring. 
    - We do not use standard solutions, our software is based on the modified code. 
    - Only here you get a stable and reliable service. 

    Characteristics of Sites: 
    - Channel 100MB, total channels gigabita 1.2. 
    - MPPE encryption algorithm is 128 bit
    - Complete lack of logs and monitoring - a guarantee of your safety. 
    - Completely unlimited traffic. 
    - Support for all protocols of the Internet."

    On the basis of chaining several different VPN channels located in different countries all managed by the same service, combined with a Socks-to-VPN functionality where the Socks host is a malware compromised one, all of which maintain no logs at all, is directly undermining the usefulness of already implemented data retention laws. Moreover, even a not so technically sophisticated user is aware that chaining these and adding more VPN servers in countries where no data retention laws exist at all, would result in the perfect anonymization service where the degree of anonymization would be proportional with the speed of the connection. In this case, it's the mix of legitimate and compromised infrastructure that makes it so cybercrime-friendly

     However, an interesting perspective is worth pointing out - are the owners of the cybecrime-friendly VPN service forwarding the responsibility to their customers, or are in fact the customers forwarding the responsibility for their activities to the owners which are directly violating data retention laws and on purposely getting rid of forensic evidence?

    Things are getting more complicated in the "cybercrime cloud" these days.

    Dancho Danchev:
    Independent Security Consultancy, Threat Intell Analyses and Competitive Intelligence research on Demand. Insightful, unbiased, and client-tailored assessments, neatly communicated in the form of interactive reports - because anticipating the emerging threatscape is what shapes the big picture at the end of the day. Approach me at





    Post a Comment

    Subscribe to Post Comments [Atom]

    << Home