Bulletproof Hosting: Privacy Protection for Criminals

On the heels of the Hitbsecconf2018 (PDF link) in Amsterdam, we take a look at Bulletproof hosting. What is “Bulletproof” hosting? Who uses Bulletproof hosting? Does Bulletproof hosting protect the user?

In the PDF provided by The Hidden Wiki, it goes over the following points:

  • Cyber Threat Landscape
  • Categories of Hosting Providers
  • Threat Intelligence Cycle
  • Threat Intel Ecosystem Focus Areas
  • Umbrella Investigate Intel Production Cycle
  • Enrich with context across various attributes
  • Autonomous System Number (ASN)
  • Leaf (Stub) ASN or leaf ASNs chain
  • Indicator: Offshore Business Registration
  • Anonymous Payment Methods
  • Sample Rogue Hosters with a Dutch footprint
  • Rogue Hoster Recipe
  • Law enforcement: Cross Jurisdictional Business
    Model
  • Law Enforcement Recommendations
  • Security Community Recommendations

Understanding Bulletproof Hosting In a Nutshell

In the realm of the Deep/Dark web, bulletproof hosting (also known as offshore hosting) has become the backbone of those who want to upload and distribute their content with considerable leniency. This service is provided by domain and web hosting firms operating all throughout the world. Created by those who believed that the internet should be free of censorship, spammers, distributors of child porn, scammers, and terrorist organizations have taken advantage of this online freedom.

Nevertheless, there are many bulletproof hosting service providers that say they do not allow certain kinds of material to be uploaded or distributed over their servers. It usually takes a specific number of complaints from outside agencies before action is taken. Bulletproof hosting providers want to minimize complaints so that their IP subnet is not blocked by anti-spam filters employing Internet Protocol (IP) address-based filtering. Furthermore, some service providers may have ethical concerns that are the foundation of their service terms and conditions.

Bulletproof hosting allows a content or online service provider to bypass the contractual terms of service of other hosting firms and any legalities prohibiting such content or service in various countries. This is why many of these bulletproof hosting firms are located overseas, and in some cases, located on the sea in abandoned oil rigs, such as HavenCo located on Sealand which is now defunct as of 2008.

An abandoned oil rig which used to house HavenCo, a bulletproof hosting service.

Does Bulletproof Hosting Truly Protect You

The safety provided by an offshore hosting provider depends totally on the terms and conditions specified by the firm you choose and where the facility is located. Offshore hosting best used when you want to circumvent the laws and internet regulations in your own country or when commercial hosting firms have restricted your content. But if your content is so offensive that it causes even the hardest of criminals to raise an eyebrow, no provider may be able to protect you.

It’s not always law enforcement that steps in and targets groups or organizations using offshore hosting. In 2015, the hacktivist group Anonymous began targetting ISIS owned and operated sites on the Clearnet and Darknet. Some members of the group even spoke out against those providers who were hosting ISIS material. Anonymous has thus far been successful in taking down numerous ISIS or ISIS affiliate sites hosted by offshore hosting firms.

The security of your site and your anonymity is totally in the hands of those operating these services. Not only that but if law enforcement or hackers want to get to you, they will find a way, eventually.  It depends on how bad they want you. If you’re selling cocaine on some Darknet Market, you’ll be less of a target than someone selling child pornography (though a few of these services allow it).

Some of the Top CVPS Firms Out There

If you’re considering using a CVPS (Cloud Virtual Private Servers) hosting solution for your business website or blog, keep reading to learn about the top-rated CVPS hosting providers in 2018. Some of these listed provide hosting in other countries so that you can bypass legal issues in your own country. That’s why they would be considered “offshore hosting” providers.

Nestify Hosting

Founded2002
Server LocationTo be updated
Services
  • Linux VPS Hosting
  • Dedicated WordPress Hosting
  • Dedicated Magento Hosting
  • Other CMS hosting
Unlimited WebsiteNo
Unlimited Storage and BandwidthOnly Available With The “Custom” Plan
Domain HostingNo
Linux HostingYes
Windows HostingNo
WordPressOptimized
JoomlaYes
DrupalYes
MagentoOptimized
PHP HostingOptimized
e-Commerce HostingOptimized
Email HostingLimited Email Account
SSL Support
  • Free Let’s Encrypt SSL
  • Advanced SSL Available
Dedicated IPYes
Free Site MigrationYes
Free DomainNo
Domain Privacy ProtectedNo
Money Back Guarantee30 Days
24/7 SupportSelected Methods Only

  • Email
  • Live Chat
Control Panel
  • Customized
One-Click Installation
  • Yes, Customized
Website BuilderNo
Automated Backup
  • Yes
Content Delivery Network (CDN)
  • Cloudflare
Security Features
  • SSL
  • Smart Firewall
  • Malware Blocking
Payment Methods
  • Visa
  • MasterCard
  • American Express
  • PayPal (Annual Subscription)

Arvixe Web Hosting

  • A free domain name for a lifetime. After renewing your web hosting plans, your free domain will be automatically renewed.
  • Attractive affiliate programs to earn by referring it to others.
  • 60-day money back guarantee
  • One click installer
  • Supports Python, Perl, Ruby, Rails and various others.

LegionBox

  • An uptime guarantee of 99.99%
  • 100% Secured
  • Free SSL certificates with each plan and anti-malware as well as anti-spam protection
  • Updated plugins as well as well add-on
  • 24/7/365 support via live chat or phone
  • A number of experienced technicians are assisted for the customer support
  • LegionBox Wiki as well as the discussion forum
  • An intuitive control panel which also connects the customer with the support team

DataPoint

  • 99.99% Uptime Guarantee
  • Extensive Add-ons to use
  • Cheap VPS Hosting
  • Unlimited Bandwidth and Storage
  • Video Tutorials

iPage Web Hosting

  • Comes in 3 configurations: Basic ($24.99/month), Business($59.99/month) and Optimum($99.99/month)
  • The plans cover different scales of various VPS requirements like:
    • Core CPUs
    • RAM access
    • Memory Storage
    • Bandwidth
    • Domains etc.