Stopping VPN Abuse, Corruption by BPH Providers

Toward the end of 2020, law enforcement agencies from a multi-country task force seized the web domains and server infrastructure of three virtual private network (VPN) services that provided a safe haven for cybercriminals. The services in question had been active for more than a decade, and were extensively advertised on both Russian- and English-speaking underground cybercrime forums. In the aftermath of the raid, information released by the authorities revealed how this provider’s servers were often used to mask the real identities of a variety of criminal operations – Magecart groups, ransomware gangs, hackers and the like. The ability to use such furtive services had allowed cybercriminal gangs to operate very deeply behind a proxy network and carry out their nefarious activities. Further scrutiny revealed that three domains, INSORG.ORG, SAFE-INET.COM, SAFE-INET.NET advertised and offered what they termed “bulletproof hosting services.” This was truly a multinational enterprise, spanning the U.S., Germany, France and Switzerland. So, does this mean the technology is evil? Are VPN services a backstage pass to nefarious activities?

Technology largely benefits us; its myriad forms were created to advance society, to help cure us, entertain us and everything in between. But, like most things, it can be abused or used in ways not envisioned by its creators. An arms dealer, for example, or a drug dealer can easily encrypt a communications device so that they can carry out their business without fear of detection. We can apply the same rationale to the provision of VPN services. The vast majority of VPN users subscribe for entirely legal and legitimate purposes – there are several million consumers and businesses who rely upon VPNs for crucial online protection and privacy. It comes as very unwelcome news to the VPN industry to hear about advertising practices by a small number of service providers who seek to market their services to the criminal fraternity – advertising in underground forums in bad faith, with the appropriate judicial consequences if they are caught.

DevOps Connect:DevSecOps @ RSAC 2022

The practice of offering “bulletproof hosting services” (BPH) is a service usually offered by unscrupulous providers. Those providers who market bulletproof hosting services for websites are, in effect, offering clients the opportunity to run furtive online operations. While it might sound relatively harmless, we are, in fact, talking about activities such as drug running, money laundering, child pornography even murder-for-hire; authorities in Germany successfully shut down just such an operation last year. In that particular case, suspects had converted a former NATO bunker into a base of operations for a bulletproof web hosting service, which was later linked to a botnet attack on Deutsche Telekom.

BPH services often fail to take down criminal content despite requests from law enforcement agencies. The service provider will often ignore inbound communication, and make up excuses to hide any user complaints. A common practice among these shady outfits is to move their customer accounts or data from one IP address to another to try and stay hidden. BPH services tend to strategically allocate resources globally, keeping in mind local regulations and geographical characteristics. Often, hosting on compromised assets is the cheapest option, although those hosts do not survive for long. And they don’t maintain any incriminating logs or evidence that might incriminate them if analyzed by law enforcement agencies. These examples illustrate why we need absolute transparency in the VPN industry, and why we should be promoting consumer safety and privacy online wherever possible.

We strongly believe, as a VPN service provider, that we should be providing internet users with critical privacy and security protections against cybercrime. This is why we sought membership within the i2Coalition and its VPN Trust Initiative (VTI). Specifically, VTI (an industry-led consortium) promotes consumer safety and privacy online by increasing understanding of VPNs and strengthening business practices, which, in turn, serves to strengthen trust and transparency and mitigates risk for end users. Members of the consortium work diligently to deter criminal activity, and to spread the message that VPN abuse is not the norm, but an anomaly perpetrated by a minority.

The vast majority of VPN usage is for entirely legal and legitimate purposes. And while we understand that ultimately, any technology can be abused, there are huge numbers of consumers and businesses who rely on VPNs for essential online protection. If you have any doubts regarding the use of VPN service, then exploring initiatives such as the i2 coalition can help provide transparency and safety.

Featured eBook
7 Must-Read eBooks for Security Professionals

7 Must-Read eBooks for Security Professionals

From AppSec to SecOps, Security Boulevard eBooks deliver in-depth insights into hot topics that matter to the Cybersecurity and DevSecOps professionals. Our staff of writers are the best in the business, with decades of practical and award-winning experience and credentials. We are excited to share our 2019 favorites. Take a look and download some of ... Read More
Security Boulevard

Sebastian Schaub

Sebastian is the founder of hide.me VPN and he has been working in the internet security industry for over a decade. He started hide.me VPN, 8 years ago to make internet security and privacy accessible to everybody.

sebastian-schaub has 4 posts and counting.See all posts by sebastian-schaub

DevSecOps Poll

Step 1 of 6

What is the biggest roadblock implementing DevSecOps practices?