Jump to content

DDoS-Guard

From Wikipedia, the free encyclopedia
(Redirected from DDOS-Guard)

DDoS-Guard
IndustryWeb services
Founded2011; 13 years ago (2011)
FounderEvgeny Marchenko
Headquarters
ServicesDenial-of-service attack protection, content delivery network services, web hosting
Websiteddos-guard.net

DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection and web hosting services.[1][2] Researchers and journalists have alleged that many of DDoS-Guard's clients are engaged in criminal activity, and investigative reporter Brian Krebs reported in January 2021 that a "vast number" of the websites hosted by DDoS-Guard are "phishing sites and domains tied to cybercrime services or forums online".[3][1] Some of DDoS-Guard's notable clients have included the Palestinian Islamic militant nationalist movement Hamas, American alt-tech social network Parler, and various groups associated with the Russian state.[3][4][1]

Company

[edit]

DDoS-Guard is based in Russia, as are most of its employees.[5] The service has existed since 2011.[6] The company was first registered in July 2014 in Sevastopol, by Evgeny Marchenko and Dmitry Sabitov, two Russians formerly from Ukraine.[3] The company is incorporated in Scotland as Cognitive Cloud LP and in Belize as DDoS-Guard Corp.[5] The company runs traffic filtering nodes on clusters located in Russia, Germany, the Netherlands, and Japan.[6]

A company with the same name, owned by the same men, had previously existed in Ukraine since 2011, though spokespeople for the company have said this was only an early stage company created while the software was being developed. The spokespeople stated that DDoS-Guard has always been based in Russia, in Rostov-on-Don, although Meduza reported that the office in that city didn't open until 2015. Meduza reported that the company apparently relocated to Russia after Ukrainian national security and cyberpolice officers began investigations into the company due to its choice to host Verified, a forum notorious for platforming credit card scammers. DDoS-Guard has denied knowledge of the investigation.[3]

In 2021, a researcher observed the DDoS-Guard appeared to have no physical presence in Belize and had likely incorporated there to gain access to IP addresses normally only allocated to local entities. Of more than 11,000 IP addresses assigned to DDoS-Guard's two subsidiaries, the researcher found two thirds had been provided to the Belizean company by LACNIC, the regional Internet registry responsible for Latin America and the Caribbean. DDoS-Guard has rebutted the allegations, and said they do have a presence in Belize. After the researcher reported DDoS-Guard to LACNIC, LACNIC announced they would revoke more than 8,000 IP addresses from the company.[5]

On 1 June 2021, cyber-intelligence company Group-IB reported that they had found DDoS-Guard's database, containing site IP addresses, names, and payment information along with its full source code, for purchase on a cybercrime black market forum. The authenticity of the allegedly stolen data was unverified.[7][8]

Clients

[edit]

Meduza has reported that, according to a former employee, DDoS-Guard has a history of working with customers who operate on the darknet. The employee has said this is because they can charge higher rates to such customers, who have a much smaller range of choices of Internet service providers willing to work with them, and who often especially need website security services.[3] Some of DDoS-Guard's other clients have included the Palestinian Islamic militant nationalist movement Hamas,[1] the cyberstalking site Kiwi Farms,[9] and the imageboard 8kun, formerly known as 8chan, which is the online home of the American far-right QAnon conspiracy theory.[10][11][12][13] The company said they ended services for both Hamas and 8chan after learning about the content on the sites from news sources.[10] DDoS-Guard has ended services for various clients after being informed of their activities by journalists, but Meduza wrote that the company would likely need to deny services for a large portion of its client base if they were to proactively monitor for criminal activity.[3] Brian Krebs, an investigative reporter focusing on cybercrime, wrote in January 2021 that a "review of the several thousand websites hosted by DDoS-Guard is revelatory, as it includes a vast number of phishing sites and domains tied to cybercrime services or forums online."[1][3][14]

DDoS-Guard is suspected of hosting multiple Internet scammers responsible for stealing banking data, and one of the world's largest online stores for illegal drugs operates using infrastructure associated with DDoS-Guard.[3] DDoS-Guard also provides services to The Daily Stormer,[15] an American neo-Nazi, white supremacist, and Holocaust denial website and message board.[16]

In December 2022, the European Commission added DDoS-Guard to its "Counterfeit and Piracy Watch List" based on input from copyright holders, which alleged that they were facilitating piracy.[17] Piracy websites that have used the service include Nyaa Torrents and MangaDex.[18]

Verified

[edit]

Verified is a platform which Meduza has described as "one of the Internet's oldest and most notorious Russian-language forums for credit-card scammers". Meduza reported that beginning in the spring of 2013, Ukrainian national security and cyberpolice began investigating DDoS-Guard for allegedly servicing this platform, and has said this investigation likely led DDoS-Guard to reincarnate itself as a Russian company in 2014. DDoS-Guard has said they have no knowledge of such an investigation.[3]

Russian state

[edit]

In January 2014, before DDoS-Guard moved to Russia, the company partnered with one of the largest domain registrars in the country, REG.RU. Shortly after, the company began working with clients associated with the Russian state.[3] Beginning in 2016, DDoS-Guard began providing denial-of-service protection to the Russian Ministry of Defence.[3][4] In 2018, DDoS-Guard helped test the Russian state's deep packet inspection systems. DDoS-Guard works closely with the Russian Central Bank.[3]

HKLeaks

[edit]

DDoS-Guard hosted a website dedicated to doxing those who participated in the 2019–20 Hong Kong protests. In October 2019, DDoS-Guard acknowledged its business with the doxxing campaign, referring to HKLeaks as "our customer". The company said that they stay out of politics and they receive thousands of abuses claiming that their customer violates the law, but "no legal proofs".[3]

Parler

[edit]

DDoS-Guard was as of January 2021 providing denial-of-service attack protection services to Parler, an American alt-tech social network which was deplatformed by Amazon Web Services and other Internet service providers after the 2021 United States Capitol attack.[4][19] Wired noted that Parler's choice to use a Russian company for DDoS protection "could expose its users to Russian surveillance if the site someday does relaunch in full with DDoS-Guard" because of the Russian government's projects to isolate the country's internet.[19] In January 2021, the United States House Committee on Oversight and Reform began an investigation into Parler in which they asked Parler for, among other things, information about agreements, documents, and communications with Russian entities. In the letter to Parler requesting this information, committee chair Carolyn Maloney described DDoS-Guard as a company "which has ties to the Russian government and counts the Russian Ministry of Defense as one of its clients".[14]

Kiwi Farms

[edit]

DDoS-Guard briefly provided denial-of-service attack protection to online stalking and harassment forum Kiwi Farms after Cloudflare canceled services to the site on 3 September 2022.[20] On 5 September 2022, DDoS-Guard dropped them as a client, writing that they had followed a policy of "net neutrality" for years; "however, there are things that are unacceptable for us under any circumstances".[21] They wrote that after receiving multiple complaints, they "analyzed the content of the site" and decided to end service.[22]

FitGirl Repacks

[edit]

DDoS-Guard provides services for the popular video game piracy website FitGirl Repacks.[23] In 2021, FitGirl Repacks had a dispute with its domain name registrar PublicDomainRegistry (and moved to a different registrar) after The Spamhaus Project named the site on a block list.[23] TorrentFreak stated that the incident may have been caused by other customers of DDoS-Guard engaging in spamming.[23]

Sci-Hub

[edit]

In 2017, a U.S. court ordered all internet infrastructure companies to stop doing business with Sci-Hub, the shadow library which shares scholarly papers without regard to copyright.[24][25] As a result, Sci-Hub switched from Cloudflare to DDoS-Guard for DDoS protection.[25][8] Sci-Hub founder Alexandra Elbakyan says that DDoS-Guard initially contacted her, and that the company volunteered that it works with piracy sites including Rutracker.org.[25] Some experts identify Sci-Hub's use of DDoS-Guard as a security risk given its involvement with the Russian state and that it could monitor Sci-Hub's traffic.[25] Elbakyan says she pays DDoS-Guard about US$1,000 per month (one sixth of Sci-Hub's operating budget), all for DDoS protection; an expert found this amount credible.[25]

Projects

[edit]

In January 2014, the company partnered with one of the largest domain registrars in the country, REG.RU.[26] In October 2017, DDoS-Guard's software was integrated with ispmanager web hosting control panel.[27]

See also

[edit]

References

[edit]
  1. ^ a b c d e Krebs, Brian (21 January 2021). "Hamas May Be Threat to 8chan, QAnon Online". Krebs on Security. Archived from the original on 5 January 2021. Retrieved 19 January 2021.
  2. ^ Murdock, Jason (19 January 2021). "Parler website back thanks to Russian-owned company DDos-Guard". Newsweek. Archived from the original on 19 January 2021. Retrieved 19 January 2021.
  3. ^ a b c d e f g h i j k l m Kolomychenko, Maria (29 January 2021). Igumenov, Valery (ed.). "'Remove this infection from your network': The small Russian company that 'saved' Parler has other, far more odious clients". Meduza. Translated by Kevin Rothrock. Retrieved 9 February 2021.
  4. ^ a b c "Parler website partially returns with support from Russian-owned technology firm". The Guardian. Reuters. 18 January 2021. Retrieved 9 February 2021.
  5. ^ a b c Krebs, Brian (21 January 2021). "DDoS-Guard To Forfeit Internet Space Occupied by Parler — Krebs on Security". Krebs on Security. Archived from the original on 21 January 2021. Retrieved 9 February 2021.
  6. ^ a b "Обзор DDoS-GUARD". Anti-Malware.ru (in Russian). 25 April 2017. Retrieved 6 September 2022.
  7. ^ "Database, source code allegedly related to bulletproof hosting, once Parler's service provider, up for sale on hacker forum" (Press release). Group-IB. 1 June 2021. Retrieved 24 October 2022.
  8. ^ a b Maxwell, Andy. "Database of 'Pirate Site Haven' DDoS-Guard is Reportedly Up For Sale (Updated)". TorrentFreak. Retrieved 3 June 2021.
  9. ^ "Citing imminent danger Cloudflare drops hate site Kiwi Farms". The Associated Press. 4 September 2022. Retrieved 4 September 2022.
  10. ^ a b Paul, Kari; Harding, Luke; Carrell, Severin (15 January 2021). "Far-right website 8kun again loses internet service protection following Capitol attack". The Guardian. Archived from the original on 15 January 2021. Retrieved 19 January 2021.
  11. ^ * Guglielmi, Giorgia (28 October 2020). "The next-generation bots interfering with the US election". Nature. 587 (7832): 21. Bibcode:2020Natur.587...21G. doi:10.1038/d41586-020-03034-5. PMID 33116324. S2CID 226052075.
  12. ^ Weill, Kelly (12 November 2020). "QAnon's Home 8kun Is Imploding—and Q Has Gone Silent". The Daily Beast. Retrieved 21 January 2021.
  13. ^ Thomas, Elise (17 February 2020). "Qanon Deploys 'Information Warfare' to Influence the 2020 Election". Wired. ISSN 1059-1028. Retrieved 21 January 2021.
  14. ^ a b Cox, Kate (18 January 2021). "Parler seems to be sliding back onto the Internet, but not onto mobile". Ars Technica. Archived from the original on 18 January 2021. Retrieved 9 February 2021.
  15. ^ Barrett, Brian (23 January 2021). "The FTC Cracks Down on Bot-Wielding Ticket Scalpers". Wired. ISSN 1059-1028. Retrieved 9 February 2021.
  16. ^ O'Brien, Luke (19 January 2018). "American Neo-Nazi Is Using Holocaust Denial As A Legal Defense". HuffPost. Archived from the original on 23 April 2018. Retrieved 25 April 2018.
  17. ^ Van der Sar, Ernesto (8 December 2022). "EU Adds Mega, FMovies and DDoS-Guard to "Piracy Watchlist"". Torrent Freak.
  18. ^ Van der Sar, Ernesto (8 June 2021). "Why is Verizon Blocking Pirate Sites Such as NYAA and Mangadex?". TorrentFreak.
  19. ^ a b Newman, Lily Hay (20 January 2021). "Parler Finds a Reprieve in Russia—but Not a Solution". Wired. ISSN 1059-1028. Retrieved 20 January 2021.
  20. ^ "Citing imminent danger Cloudflare drops hate site Kiwi Farms". Associated Press. 4 September 2022. Retrieved 5 September 2022.
  21. ^ "Российская компания DDoS-Guard прекратила обслуживать форум Kiwi Farms". www.kommersant.ru (in Russian). 5 September 2022. Retrieved 5 September 2022.
  22. ^ "2nd web-hosting provider drops harassment site Kiwi Farms". The Associated Press. 5 September 2022. Retrieved 6 September 2022.
  23. ^ a b c Maxwell, Andy (30 August 2021). "FitGirl Pirate Repacker Warns Domain Name Could Be Lost, Perhaps Forever". TorrentFreak. Retrieved 1 November 2022.
  24. ^ Singh Chawla, Dalmeet (6 November 2017). "Court demands that search engines and internet service providers block Sci-Hub". News from Science. AAAS/Science. Retrieved 1 November 2022.
  25. ^ a b c d e Grassegger, Hannes (12 March 2022). "Hackerin verschenkt Milliarden – "Bei jeder Anfrage eines Journalisten denke ich, es sei ein Agent, der kommt, um mich zu töten"" [Hacker gives away billions — 'With every request from a journalist, I think it is an agent coming to kill me']. Das Magazin (in German). Zurich: Tages-Anzeiger. Archived from the original on 10 October 2022.
  26. ^ "Хостинг-провайдер Reg.ru включил дополнительную защиту от DDoS-атак". The Village (in Russian). Retrieved 5 September 2022.
  27. ^ "DDoS-GUARD: DDoS protection module for ispmanager |". www.ispmanager.com. Retrieved 29 August 2024.
[edit]