Doug Madory is an American Internet routing infrastructure expert, who specializes in analyzing Internet Border Gateway Protocol (BGP) routing data to diagnose Internet routing disruptions, such as those caused by communications fiber cable cuts, routing equipment failures, and governmental censorship. His academic background is in computer engineering, and he was a signals specialist in the U.S. Air Force, before arriving at his present specialty, which has occupied his professional career.

Education

Madory received a bachelor's degree in computer engineering from the University of Virginia in 1999. He received a master's degree in computer engineering from Dartmouth College in 2006.

Career

Madory joined Internet intelligence and technical analysis firm Renesys in 2009. Renesys was sold to DynDNS in May 2014, which in turn was sold to

Oracle An oracle is a person or agency considered to provide wise and insightful counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. As such, it is a form of divination. Description The word '' ...

in April 2017. Madory remained in the same Director of Internet Analysis position throughout each of these transitions, before leaving Oracle to join

Kentik Kentik is an American network observability, network monitoring and anomaly detection company headquartered in San Francisco, California. History Kentik was founded in 2014 as CloudHelix by Co-founders Avi Freedman, Ian Applegate, Ian Pye, a ...

in November 2020, in much the same role.

Discoveries

Madory is best known for the discoveries that are the product of his Internet routing analysis: sometimes of interesting new phenomena on the Internet and sometimes of malfeasance online.

ALBA-1 cable activation

In 2013, Madory observed that Internet connection speeds in Cuba had suddenly improved. His investigation revealed that the ALBA-1 undersea fiber cable, which had been run from Venezuela to Cuba by the Venezuelan government in 2010 and 2011, had been activated following an unexplained dormancy of two years. This cable, linking the Cuban domestic network to the Internet via Telefonica, was Cuba's first non-satellite international connection, and was a major milestone in Cuba's liberalization. Uncharacteristically, the Cuban state organ Granma issued a confirmation two days later.

National Internet shutdowns to prevent exam cheating

Madory observed daily nationwide Internet shutdowns in Iraq for three hours each morning for several consecutive days, on the same dates in 2014 and 2015, and discovered that the government had mandated the shutdowns to coincide with gradeschool final examinations, in order to hamper test cheating. He has subsequently observed the same events in

Syria Syria ( ar, سُورِيَا or سُورِيَة, translit=Sūriyā), officially the Syrian Arab Republic ( ar, الجمهورية العربية السورية, al-Jumhūrīyah al-ʻArabīyah as-Sūrīyah), is a Western Asian country loc ...

BackConnect IP address and BGP route hijacking

In 2016, Madory collaborated with cybersecurity journalist Brian Krebs in an investigation of the Mirai botnet and

DDoS attacks In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host connect ...

. In the course of that investigation, they discovered that

DDoS mitigation DDoS mitigation is a set of network management techniques and/or tools, for resisting or mitigating the impact of distributed denial-of-service (DDoS) attacks on networks attached to the Internet, by protecting the target, and relay networks. DD ...

firm BackConnect was engaging in " hack back" cyber-attacks against alleged DDoS perpetrators, engaging in the BGP hijacking of IP prefixes and routes, specifically those of vDOS, an Israeli "booter" DDoS-for-hire service hosted by Cloudflare. In the wake of publication, both Krebs and Madory's employer Dyn suffered retaliatory DDoS attacks.

Global Resource Systems IP address hijacking

On January 20, 2021, Madory observed a previously unknown Delaware shell company launching a process which would ultimately BGP advertise more than 175 million IPv4 addresses. Worth $5.6 billion at February 2021 prices, this was by far the largest aggregate block on the Internet, more than twice the size of

Comcast Comcast Corporation (formerly known as American Cable Systems and Comcast Holdings),Before the AT&T merger in 2001, the parent company was Comcast Holdings Corporation. Comcast Holdings Corporation now refers to a subsidiary of Comcast Corpora ...

. The addresses belonged to the US Department of Defense, so this initially appeared to be the largest IP address hijacking in history. Madory's analysis identified a stranger situation, though: the shell company, "Global Resource Systems," was in fact contracted to the DoD, but was one of a family of shell companies controlled by Rodney Joffe which were exposed by the indictment of

Michael Sussmann Michael A. Sussmann (born 1964) is an American former Assistant United States Attorney, federal prosecutor and a former partner at the law firm Perkins Coie, who focused on privacy and cybersecurity law. Sussmann represented the Democratic Natio ...

and depositions conducted by Alfa-Bank, ongoing in parallel at the time of the apparent hijacking. What appeared to be a simple, if vast, IP address hijacking turned out to instead be a DoD contracting scandal linked to an election disinformation scandal.

Patents

* * *