Dhia Mahjoub, Principal Engineer, OpenDNS Research Labs
Bulletproof and anonymous hosting providers are key enabling factors of ransomware, phishing, and other cybercrime operations. Bulletproof hosters shield criminal content from abuse complaints and takedowns, whereas anonymous offshore hosters preserve privacy and free speech for their customers. Despite being conceptually different, the distinction between both classes tends to blur in practice. These hosters leverage multiple factors in their operations: the anonymity of the internet when establishing their businesses, heterogeneous laws and norms that exist in cross-border online spaces, and jurisdictions with little or no legislation to enforce laws against cyber criminals. Focusing threat intelligence efforts on these services and the actors that provide them is an important step to identifying and removing illegal and malicious content on the Internet. As an example, we choose The Netherlands, one of the world’s top transit and hosting spaces, and through our research we bring together findings from the network and the field to shed light on criminal hosting in the Dutch IP space. This talk will be useful to threat analysts, security researchers, and law enforcement.
This is a joint work with Sarah Brown (Security Links/NATO).
Sign up to find out more about Enigma conferences: https://www.usenix.org/conference/enigma2017#signup
Watch all Enigma 2017 videos at: http://enigma.usenix.org/youtube