DDoS-Guard

From Wikipedia, the free encyclopedia

DDoS-Guard
IndustryWeb services
Founded2011; 10 years ago (2011) in Ukraine
FounderEvgeny Marchenko and Dmitry Sabitov
Headquarters
Russia
ServicesDenial-of-service attack protection, content delivery network services, web hosting
Websiteddos-guard.net

DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.[1][2] Researchers and journalists have alleged that many of DDoS-Guard's clients are engaged in criminal activity, and investigative reporter Brian Krebs reported in January 2021 that a "vast number" of the websites hosted by DDoS-Guard are "phishing sites and domains tied to cybercrime services or forums online".[3][1] Some of DDoS-Guard's notable clients have included the Palestinian Islamic militant nationalist movement Hamas, American alt-tech social network Parler, and various groups associated with the Russian state.[3][4][1]

Company[]

DDoS-Guard is based in Russia, as are most of its employees.[5] It was first registered in July 2014 in Sevastopol, by Evgeny Marchenko and Dmitry Sabitov, two Russians formerly from Ukraine.[3] The company is incorporated in Scotland as Cognitive Cloud LLP and in Belize as DDoS-Guard Corp.[5]

A company with the same name, owned by the same men, had previously existed in Ukraine since 2011, though spokespeople for the company have said this was only an early stage company created while the software was being developed. The spokespeople stated that DDoS-Guard has always been based in Russia, in Rostov-on-Don, although Meduza reported that the office in that city didn't open until 2015. Meduza reported that the company apparently relocated to Russia after Ukrainian national security and cyberpolice officers began investigations into the company due to its choice to host Verified, a forum notorious for platforming credit card scammers. DDoS-Guard has denied knowledge of the investigation.[3]

In 2021, a researcher observed the DDoS-Guard appeared to have no physical presence in Belize and had likely incorporated there to gain access to IP addresses normally only allocated to local entities. Of more than 11,000 IP addresses assigned to DDoS-Guard's two subsidiaries, the researcher found two thirds had been provided to the Belizean company by LACNIC, the regional Internet registry responsible for Latin America and the Caribbean. DDoS-Guard has rebutted the allegations, and said they do have a presence in Belize. After the researcher reported DDoS-Guard to LACNIC, LACNIC announced they would revoke more than 8,000 IP addresses from the company.[5]

On 1 June 2021, cyber-intelligence company Group-IB reported that they had found DDoS-Guard's database, containing site IP addresses, names, and payment information along with its full source code, for purchase on a cybercrime black market forum. The authenticity of the allegedly stolen data was unverified.[6][7]

Clients[]

Meduza has reported that, according to a former employee, DDoS-Guard has a history of working with customers who operate on the darknet. The employee has said this is because they can charge higher rates to such customers, who have a much smaller range of choices of Internet service providers willing to work with them, and who often especially need website security services.[3] Some of DDoS-Guard's other clients have included the Palestinian Islamic militant nationalist movement Hamas,[1] and the imageboard 8kun, formerly known as 8chan, which is the online home of the American far-right QAnon conspiracy theory.[8][9][10][11] The company said they ended services for both Hamas and 8chan after learning about the content on the sites from news sources.[8] DDoS-Guard has ended services for various clients after being informed of their activities by journalists, but Meduza wrote that the company would likely need to deny services for a large portion of its client base if they were to proactively monitor for criminal activity.[3] Brian Krebs, an investigative reporter focusing on cybercrime, wrote in January 2021 that a "review of the several thousand websites hosted by DDoS-Guard is revelatory, as it includes a vast number of phishing sites and domains tied to cybercrime services or forums online."[1][3][12]

DDoS-Guard is suspected of hosting multiple Internet scammers responsible for stealing banking data, and one of the world's largest online stores for illegal drugs operates using infrastructure associated with DDoS-Guard.[3] DDoS-Guard has also hosted a website dedicated to doxing those who participated in the 2019–20 Hong Kong protests. According to Meduza, the website has been directly linked to Chinese authorities.[3] DDoS-Guard also provides services to The Daily Stormer, an American neo-Nazi, white supremacist, and Holocaust denial website and message board.[13][14]

Verified[]

Verified is a platform which Meduza has described as "one of the Internet's oldest and most notorious Russian-language forums for credit-card scammers". Meduza reported that beginning in the spring of 2013, Ukrainian national security and cyberpolice began investigating DDoS-Guard for allegedly servicing this platform, and has said this investigation likely led DDoS-Guard to reincarnate itself as a Russian company in 2014. DDoS-Guard has said they have no knowledge of such an investigation.[3]

Russian state[]

In January 2014, before DDoS-Guard moved to Russia, the company partnered with one of the largest domain registrars in the country, REG.RU. Shortly after, the company began working with clients associated with the Russian state.[3] Beginning in 2016, DDoS-Guard began providing denial-of-service protection to the Russian Ministry of Defence.[3][4] In 2018, DDoS-Guard helped test the Russian state's deep packet inspection systems. It is also cooperates closely with the Russian Central Bank.[3]

Parler[]

See also: Parler

DDoS-Guard was as of January 2021 providing denial-of-service attack protection services to Parler, an American alt-tech social network which was deplatformed by Amazon Web Services and other Internet service providers after the 2021 United States Capitol attack.[4][15] Wired noted that Parler's choice to use a Russian company for DDoS protection "could expose its users to Russian surveillance if the site someday does relaunch in full with DDoS-Guard" because of the Russian government's projects to isolate the country's internet.[15] In January 2021, the United States House Committee on Oversight and Reform began an investigation into Parler in which they asked Parler for, among other things, information about agreements, documents, and communications with Russian entities. In the letter to Parler requesting this information, committee chair Carolyn Maloney described DDoS-Guard as a company "which has ties to the Russian government and counts the Russian Ministry of Defense as one of its clients".[12]

See also[]

References[]

  1. ^ Jump up to: a b c d e Krebs, Brian (21 January 2021). "Hamas May Be Threat to 8chan, QAnon Online". Krebs on Security. Retrieved 19 January 2021.
  2. ^ Murdock, Jason (19 January 2021). "Parler website back thanks to Russian-owned company DDos-Guard". Newsweek. Retrieved 19 January 2021.
  3. ^ Jump up to: a b c d e f g h i j k l m Kolomychenko, Maria (29 January 2021). Igumenov, Valery (ed.). "'Remove this infection from your network': The small Russian company that 'saved' Parler has other, far more odious clients". Meduza. Translated by Kevin Rothrock. Retrieved 9 February 2021.
  4. ^ Jump up to: a b c "Parler website partially returns with support from Russian-owned technology firm". The Guardian. Reuters. 18 January 2021. Retrieved 9 February 2021.
  5. ^ Jump up to: a b c Krebs, Brian (21 January 2021). "DDoS-Guard To Forfeit Internet Space Occupied by Parler — Krebs on Security". Krebs on Security. Retrieved 9 February 2021.
  6. ^ "Database, source code allegedly related to bulletproof hosting, once Parler's service provider, up for sale on hacker forum". Group-IB. Retrieved 3 June 2021.
  7. ^ "Database of 'Pirate Site Haven' DDoS-Guard is Reportedly Up For Sale (Updated) * TorrentFreak". Retrieved 3 June 2021.
  8. ^ Jump up to: a b Paul, Kari; Harding, Luke; Carrell, Severin (15 January 2021). "Far-right website 8kun again loses internet service protection following Capitol attack". The Guardian. Retrieved 19 January 2021.
  9. ^
  10. ^ Weill, Kelly (12 November 2020). "QAnon's Home 8kun Is Imploding—and Q Has Gone Silent". The Daily Beast. Retrieved 21 January 2021.
  11. ^ Thomas, Elise (17 February 2020). "Qanon Deploys 'Information Warfare' to Influence the 2020 Election". Wired. ISSN 1059-1028. Retrieved 21 January 2021.
  12. ^ Jump up to: a b Cox, Kate (18 January 2021). "Parler seems to be sliding back onto the Internet, but not onto mobile". Ars Technica. Retrieved 9 February 2021.
  13. ^ Barrett, Brian (23 January 2021). "The FTC Cracks Down on Bot-Wielding Ticket Scalpers". Wired. ISSN 1059-1028. Retrieved 9 February 2021.
  14. ^ O'Brien, Luke (19 January 2018). "American Neo-Nazi Is Using Holocaust Denial As A Legal Defense". HuffPost. Archived from the original on 23 April 2018. Retrieved 25 April 2018.
  15. ^ Jump up to: a b Newman, Lily Hay (20 January 2021). "Parler Finds a Reprieve in Russia—but Not a Solution". Wired. ISSN 1059-1028. Retrieved 20 January 2021.

External links[]

Retrieved from ""