Experiencing a Breach?

What is “Bulletproof Hosting” and Why Should You Worry?

A cursor over the word "Security" as a demonstration of Bulletproof Hosting.

For business leaders who understand the real challenges of today’s online world, it’s no surprise that there are large global networks that can provide havens for hackers and cybercriminals. However, it’s hard for many top career professionals to recognize these cybercriminal safe houses amid the flurry of websites they likely surf on a daily basis. Moreover, business professionals are likely unaware of the impact these sites have on their company’s security strategy.

To better understand cyber threats facing businesses, it’s important to know where these attacks originate. That’s why many CEOs and other top managers are researching about what is bulletproof hosting and similar services.

What is Bulletproof Hosting?

Security experts use the term “bulletproof hosting sites” to refer to hosting services that are considerably lenient about the kinds of material they allow their customers to upload and distribute. One way to understand this is to contrast it with a typical ISP that is strictly regulated by a national government. Credible and legitimate hosting providers often have a laundry list of rules dictating what customers can and cannot do on the Internet. They respond to regulator challenges, and comply with national laws.

Many of the bulletproof hosting sites are starkly different. They don’t have the same scruples or the same rules. Communications from regulators might go straight into the trash can.

What this means for the security community is that companies and government offices have to guard themselves well against these shadowy networks, and the hacking agencies they host.

Why Enforcement is Difficult

Many bulletproof hosting sites are maintained in countries that aren’t subject to the same regulatory structure as the United States, making them an even greater threat. Bulletproof hosting sites are often traced back to Eastern European countries, or to operations in Russia or China, in places where government agencies are unlikely to be knocking their doors down.

Because they are located in these countries, they can be fairly insulated from legal action coming from countries like the U.S., which means U.S. companies affected by their customers won’t have much of a legal remedy.

Even where law enforcement is fairly effective, some of these bulletproof site operators can bribe officials or otherwise shield themselves from regulatory action.

Another obstacle is the use of modern tools like Tor and VPN technologies. Networks can use these kinds of tools to make themselves anonymous and less trackable over the Internet. This may also make it harder for security advocates to act against bulletproof hosts and their customers.

Bulletproof Hosters at Work

Some of the big cases reported in security bulletins and authoritative online sites show the power that bulletproof hosting sites can have, and the difficulty that the security community can has in identifying, containing and controlling them.

An August post at Krebs on Security called “The Reincarnation of a Bulletproof Hoster” provides a real and disturbing example of what bulletproof hosting is and how it can work. The post discusses an interesting case where security firm Trend Micro was said to have pulled punches in naming a hosting firm called HostSailor.com, which experts have tied to Russian cyberespionage campaigns. Reports on the host’s operations (with disclaimers as to identity) show activities like spear-phishing campaigns and credential phishing activities, often directed at government agencies, and other types of seedy international activities.

Krebs on Security also details some of the investigative work that was done in this case such as WHOIS registration record investigations and domain documentation, along with a kind of back-and-forth that shows that a spokesperson for the bulletproof network in question is not backing down, but suggests that his site has the backing of powerful government agencies.

Consequences for Business

So if governments can’t work to take down all of the bulletproof hosting and dark web sites that allow malware, phishing and data leaking attacks, what can businesses do?

Because cybercrime is unenforceable in so many cases, businesses have to address it within their own networks. That means taking more than just a perimeter approach to securing a network. It means a multi-segmented security campaign complete with vibrant endpoint protection and proactive threat monitoring.

SentinelOne’s next generation endpoint and server protection solution contemplates the range of threats that businesses are likely to see, and uses state-of-the-art technology to deploy network monitoring and tracking tools that will preempt a wide spectrum of cyberattacks. Our security goes beyond just antivirus and malware — using a deeper approach to network observation, these security architectures defend clients against all of those faceless attackers moving around the global Internet, and operating from places where law enforcement really can’t go.