On May 7, 2021, the US Department of Justice announced four Eastern European nationals pled guilty to RICO charges. The culprits were accused of running a bulletproof hosting operation targeting US victims.
Bulletproof hosting is different from traditional services. Aside from providing standard web hosting and DNS, it also helps criminals remain private online, hide from authorities, and avoid blacklisting.
The organization in question operated for years, assisting cybercriminals in disseminating malware, running phishing scams, and managing malicious botnets. The operation caused millions in losses.
Most modern companies stay away from bulletproof hosting and similar services. However, the criminal group employed a modern tactic—running as an anonymous organization while exploiting existing hosting providers for their infrastructure.
The strategy revolves around using stolen identities to register virtual private servers with providers with weak identity checks. The organization would then let its customers use the servers.
The servers are only running for a few minutes up to several hours and are constantly monitored. Whenever one machine gets flagged for malicious activity, the bulletproof hosting service would move everything to a different server. The whole procedure lets malicious actors run their operations in perpetuity with little to no interruption.
That said, the latest law enforcement successes might signal a turning point in the world of security. This was just the latest international legal action taken against bulletproof hosting services, another notable one being Operation Nova.
While the department of justice might not have control over European hosting companies or Chinese DNS servers, it has certainly demonstrated the ability to apprehend culprits.
As things stand, however, it still pays off to be extra careful online. ID theft protection services, a password manager, and a VPN are still some of the most useful solutions for maintaining privacy and data security.