Bullet Proof Hosting: Threats and Opportunities

Friday, August 20, 2010

Nathaniel Markowitz


This is the seventh part in series of articles derived from the a graduate research project entitled "A Preliminary Survey of the Bulletproof Hosting Landscape" (Part 1) (Part 2) (Part 3) (Part 4) (Part 5) (Part 6)

Authors: Nathaniel Markowitz, Jonathan Brown, Amanda Cummins, Erin Greathouse, Christopher Kanezo, David McIntire, Thomas Saly, Toby Taylor, Louis Ulrich, Desiree Williams

Several opportunities in the BP hosting operational environment will likely facilitate the growth and expansion of the service. These opportunities include: (1) high demand for services; (2) states with lax or non-existence laws pertaining to cyber-criminal activity; and (3) a lack of international consensus regarding how to combat cyber-crime.

Spammers, hackers, and other fraudsters utilizing the Internet to perpetrate criminal activity will continue to demand the services of hosts who can guarantee domain survivability and client anonymity.

This continued demand will likely result in an increase in the number of BPHs and advances in methods of service delivery. In fact, shutting down a BPH can often have the adverse impact of increasing demand for these services by decreasing the overall supply.

Also, as previously discussed, there is a direct relationship between the prevalence of BP hosting infrastructure and the existence of states with lax or non-existent laws pertaining to the prosecution of cyber-criminals.

Although international law enforcement agencies have begun to establish cooperative relationships to investigate and prosecute perpetrators of cyber-crime, this is unlikely to have an immediate impact on BP hosting.

Considering the length of time needed to initiate legal reforms in states currently perceived as safe havens for cyber-criminals, it is likely that BPHs will continue to have a secure base of operations in the immediate future.

Finally, due to the cross-border nature of the Internet, international cooperation is a critical component for fighting cyber-crime. Unfortunately, there has been a great deal of difficulty in forging a consensus among nations on how best to combat such activities.

This international void provides criminals, including BPHs, with opportunities to continue their operations, even if a specific country does begin to crack down on them.


The profitability and sustainability of the BP hosting infrastructure faces several key threats: (1) increased focus from law enforcement and Internet security researchers; (2) increased citizen awareness of Internet security; and (3) increased sophistication of analytical tools.

In recent years, the prevalence and severity of cyber-crime has attracted heightened scrutiny from governments, law enforcement personnel, and Internet security researchers.

Continued intelligence gathering on cyber-crime trends and tactics is likely to inflate the operational costs and necessary technical sophistication for providing BP hosting.

As more attention is focused upon dismantling the cyber-criminal infrastructure, BPHs’ survivability will become even more dependent upon rapid adaptability and the utilization of back-channel communication and payment processing services. BPHs that are unable to outmaneuver law enforcement in this increasingly dangerous environment will likely fall by the wayside.

Also, much cyber-criminal activity is dependent upon the public’s general ignorance of Internet security. As media outlets around the world increase their coverage of cyber-criminal issues, the public is gradually becoming more cognizant of the risks associated with browsing the Internet.

This increased awareness is likely to increase safe computing practices that could decrease the success of some cyber-criminal activities.

Finally, the tools for analyzing patterns and trends of cyber-criminal activities are becoming increasingly complex10. As data collection becomes automated and analytical tools become more powerful, it will become increasingly easier to target criminal activities.

Already, several patterns of predictable behavior have been identified. Better tools will likely increase analysts’ ability to identify and exploit these patterns.

For more information: bphresearchgroup@gmail.com


We would like to thank the University of Pittsburgh, Graduate School of Public and International Affairs for providing the resources to make this research project possible. We would also like to thank Palantir Technologies for allowing us to use their software in our analysis. Finally, a very special thanks goes to Matt Ziemniak and Jim Beiber for their patience, help and guidance and for creating a research environment that was both enriching and enjoyable.

Possibly Related Articles:
Web Application Security
Post Rating I Like this!
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.