DDoS-Guard
IndustryWeb services
Founded2011; 13 years ago (2011)
FounderEvgeny Marchenko
Headquarters
Russia
ServicesDenial-of-service attack protection, content delivery network services, web hosting
Websiteddos-guard.net

DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection, content delivery network services, and web hosting services.[1][2] Researchers and journalists have alleged that many of DDoS-Guard's clients are engaged in criminal activity, and investigative reporter Brian Krebs reported in January 2021 that a "vast number" of the websites hosted by DDoS-Guard are "phishing sites and domains tied to cybercrime services or forums online".[3][1] Some of DDoS-Guard's notable clients have included the Palestinian Islamic militant nationalist movement Hamas, American alt-tech social network Parler, Kiwi Farms, and various groups associated with the Russian state.[3][4][1]

Company

DDoS-Guard is based in Russia, as are most of its employees.[5] It's registered in July 2014 in Rostov-on-Don, by Evgeny Marchenko.[6] The company is incorporated in Scotland as Cognitive Cloud LP and in Belize as DDoS-Guard Corp.[5]

Projects

In January 2014, the company partnered with one of the largest domain registrars in the country, REG.RU.[7]

Beginning in 2016, DDoS-Guard began providing denial-of-service protection to the Russian Ministry of Defence. In April, the company signed a partnership agreement with Mastertel to provide DDoS protection services to its customers. In August, the company switched to a new low-level traffic inspection platform, which was presented at the InfoSecurity Russia 2016 exhibition.

In October 2017, DDoS-Guard's module was integrated in ISPmanager, which is a hosting control panel developed by ISPsystem.

In March 2018, the company started to provide customers Let's Encrypt certificates.

In April 2018, an agreement was signed with Selectel to protect their network and the network of their customers.

Controversy

A company with the same name, owned by the same men, had previously existed in Ukraine since 2011, though spokespeople for the company have said this was only an early stage company created while the software was being developed. The spokespeople stated that DDoS-Guard has always been based in Russia, in Rostov-on-Don.[3]

Researchers and journalists have alleged that many of DDoS-Guard's clients are engaged in criminal activity, and investigative reporter Brian Krebs reported in January 2021 that a "vast number" of the websites hosted by DDoS-Guard are "phishing sites and domains tied to cybercrime services or forums online".[3][1]

DDoS-Guard's clients have previously included the Palestinian Islamic militant nationalist movement Hamas, and the imageboard 8kun, formerly known as 8chan.[3][4][1] The company said that they were unaware of the fact that both Hamas and 8chan use its services, and they ended services for both of them after learning about the content on the sites from news sources.[8]

In 2021, a researcher observed the DDoS-Guard appeared to have no physical presence in Belize and had likely incorporated there to gain access to IP addresses normally only allocated to local entities. Of more than 11,000 IP addresses assigned to DDoS-Guard's two subsidiaries, the researcher found two thirds had been provided to the Belizean company by LACNIC, the regional Internet registry responsible for Latin America and the Caribbean. DDoS-Guard has rebutted the allegations, and said they do have a presence in Belize.[5]

Meduza Claims

Meduza has reported that, according to a former employee, DDoS-Guard has a history of working with customers who operate on the darknet. The employee has said this is because they can charge higher rates to such customers, who have a much smaller range of choices of Internet service providers willing to work with them, and who often especially need website security services.[3] DDoS-Guard has ended services for various clients after being informed of their activities by journalists, but Meduza wrote that the company would likely need to deny services for a large portion of its client base if they were to proactively monitor for criminal activity.[3]

DDoS-Guard is suspected of hosting multiple Internet scammers responsible for stealing banking data, and one of the world's largest online stores for illegal drugs operates using infrastructure associated with DDoS-Guard.[3]

According to Meduza, a website dedicated to doxing those who participated in the 2019–20 Hong Kong protests had DNS records pointing to DDoS-Guard. Meduza does not say if the website was active, or if it was, after how long it was removed.[3]

Verified

Meduza reported that the company apparently relocated to Russia after Ukrainian national security and cyberpolice officers began investigations into the company due to its choice to host Verified. DDoS-Guard has denied knowledge of the investigation.

Verified is a platform which Meduza has described as "one of the Internet's oldest and most notorious Russian-language forums for credit-card scammers". Meduza reported that beginning in the spring of 2013, Ukrainian national security and cyberpolice began investigating DDoS-Guard for allegedly servicing this platform, and has said this investigation likely led DDoS-Guard to reincarnate itself as a Russian company in 2014. DDoS-Guard has said they have no knowledge of such an investigation.[3]

Parler

In January 2021, American alt-tech social network Parler started to use DDoS-Guard after the shutdown of their website by Amazon Web Services.[9][10]

As of September 2022, Parler is not a client of DDoS-Guard.

Kiwi Farms

After Cloudflare canceled services to Kiwi Farms on Saturday 3rd September 2022, they moved to DDoS-Guard.[11][12]. On Monday 5th September 2022, DDoS-Guard dropped Kiwi Farms as a client.[13]

Hacks

On 1 June 2021, cyber-intelligence company Group-IB reported that they had found DDoS-Guard's database, containing site IP addresses, names, and payment information along with its full source code, for purchase on a cybercrime black market forum. The authenticity of the allegedly stolen data was unverified.[14][15]

See also

References

  1. ^ a b c d e Krebs, Brian (21 January 2021). "Hamas May Be Threat to 8chan, QAnon Online". Krebs on Security. Archived from the original on 5 January 2021. Retrieved 19 January 2021.
  2. ^ Murdock, Jason (19 January 2021). "Parler website back thanks to Russian-owned company DDos-Guard". Newsweek. Archived from the original on 19 January 2021. Retrieved 19 January 2021.
  3. ^ a b c d e f g h i j Kolomychenko, Maria (29 January 2021). Igumenov, Valery (ed.). "'Remove this infection from your network': The small Russian company that 'saved' Parler has other, far more odious clients". Meduza. Translated by Kevin Rothrock. Retrieved 9 February 2021.((cite news)): CS1 maint: url-status (link) Cite error: The named reference "meduza" was defined multiple times with different content (see the help page).
  4. ^ a b "Parler website partially returns with support from Russian-owned technology firm". The Guardian. Reuters. 18 January 2021. Retrieved 9 February 2021.((cite news)): CS1 maint: url-status (link)
  5. ^ a b c Krebs, Brian (21 January 2021). "DDoS-Guard To Forfeit Internet Space Occupied by Parler — Krebs on Security". Krebs on Security. Archived from the original on 21 January 2021. Retrieved 9 February 2021.
  6. ^ "ООО ДДОС-ГВАРД — ОГРН 1149204010988, ИНН 9204005780 | РБК Компании". companies.rbc.ru (in Russian). Retrieved 5 September 2022.
  7. ^ "Хостинг-провайдер Reg.ru включил дополнительную защиту от DDoS-атак". The Village (in Russian). Retrieved 5 September 2022.
  8. ^ Paul, Kari; Harding, Luke; Carrell, Severin (15 January 2021). "Far-right website 8kun again loses internet service protection following Capitol attack". The Guardian. Archived from the original on 15 January 2021. Retrieved 19 January 2021.
  9. ^ "Cервис Parler переехал на российский хостинг?". Хабр (in Russian). Retrieved 5 September 2022.
  10. ^ "Complaint – #1 in Parler LLC v. Amazon Web Services Inc (W.D. Wash., 2:21-cv-00031) – CourtListener.com". CourtListener. Retrieved 5 September 2022.
  11. ^ "Citing imminent danger Cloudflare drops hate site Kiwi Farms". Associated Press. 4 September 2022. Retrieved 5 September 2022.
  12. ^ "Американский форум Kiwi Farms переехал на DDoS-Guard и RU-CENTER после блокировки Cloudflare". Habr (in Russian). Retrieved 5 September 2022.
  13. ^ "Российская компания DDoS-Guard прекратила обслуживать форум Kiwi Farms". www.kommersant.ru (in Russian). 5 September 2022. Retrieved 5 September 2022.
  14. ^ "Database, source code allegedly related to bulletproof hosting, once Parler's service provider, up for sale on hacker forum". Group-IB. Retrieved 3 June 2021.
  15. ^ "Database of 'Pirate Site Haven' DDoS-Guard is Reportedly Up For Sale (Updated) * TorrentFreak". Retrieved 3 June 2021.
Categories