Trend Micro has released a new report looking to shed some light on the shadowy world of bullet proof hosting services (BPHS), which are available in some countries from as little as $2 per month.
It found that hosters frequently adopt two basic rules: no child exploitation content and no cyber attacks targeting victims in their own country.
There are three main types of BPHS, according to Trend Micro.
The first involves dedicated servers run by those “who know exactly what they’re doing,” says the report.“These BPHS operators make their infrastructure appear as legitimate as possible to avoid arousing suspicion from law enforcement. They also make their servers as takedown-proof as possible. This is why cybercriminals often avail of their services. They will continue to make their servers available to customers unless they are mandated to stop serving bad content.”
The second type of BPHS is run by people who compromise legitimate servers belonging to someone else and hire them out – until they are discovered. These servers are frequently used for blackhat SEO and brute force attacks, says Trend Micro.
The final category involves “strict landlords who run an honest business,” like Amazon Web Services. "They lease their units to tenants and don’t tolerate rule breakers. This doesn’t stop their tenants from engaging in illegal operations in the privacy of their own units though,” the report noted.
There are also “toxicity” rules governing what kind of content can be hosted on a bulletproof server.
Child exploitation is rated the highest toxicity so it will be extremely difficult to find a BPHS to host that kind of content, the report claimed.
C&C components, exploits and malware are rated “high”, while spam, brute-forcing and torrent download sites are easier to get hosted.
Blackhat SEO, adult content, pirated content and VPNs are the easiest to have hosted.
BPHS providers are often also careful to ensure that any illegal content hosted on their servers is directed outside of the host country.
This is to ensure law enforcers don’t start to take an interest, and the fact that in some countries, the state actively sponsors some BPHS providers, Trend Micro claimed.
Prices can range from as low as $2 per month for low risk content to over $300 for high-risk content “mainly in China, Bolivia, Iran and the Ukraine.”