DDoS-Guard is a Russian Internet infrastructure company which provides DDoS protection and

web hosting A web hosting service is a type of Internet hosting service that hosts websites for clients, i.e. it offers the facilities required for them to create and maintain a site and makes it accessible on the World Wide Web. Companies providing we ...

services. Researchers and journalists have alleged that many of DDoS-Guard's clients are engaged in criminal activity, and investigative reporter

Brian Krebs Brian Krebs (born 1972) is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals.Perlroth, Nicole.Reporting From the Web's Underbelly. ''The New York Times''. Retrieved February 28, ...

reported in January 2021 that a "vast number" of the websites hosted by DDoS-Guard are "

phishing Phishing is a type of social engineering where an attacker sends a fraudulent (e.g., spoofed, fake, or otherwise deceptive) message designed to trick a person into revealing sensitive information to the attacker or to deploy malicious softwa ...

sites and domains tied to cybercrime services or forums online". Some of DDoS-Guard's notable clients have included the Palestinian Islamic militant nationalist movement

Hamas Hamas (, ; , ; an acronym of , "Islamic Resistance Movement") is a Palestinian Sunni-Islamic fundamentalist, militant, and nationalist organization. It has a social service wing, Dawah, and a military wing, the Izz ad-Din al-Qassam ...

, American

alt-tech Alt-tech are social media platforms and Internet service providers that have become popular among the alt-right, far-right, and others who espouse extreme or fringe opinions, in the belief that these alternatives moderate content less stringe ...

social network

Parler Parler () is an American alt-tech social networking service associated with conservatives. Journalists have described Parler as an alt-tech alternative to Twitter, and users include those banned from mainstream social networks or who oppose ...

, and various groups associated with the

Russian state Russian(s) refers to anything related to Russia, including: *Russians (, ''russkiye''), an ethnic group of the East Slavic peoples, primarily living in Russia and neighboring countries * Rossiyane (), Russian language term for all citizens and pe ...

Company

DDoS-Guard is based in Russia, as are most of its employees. The service has existed since 2011. The company was first registered in July 2014 in

Sevastopol Sevastopol (; uk, Севасто́поль, Sevastópolʹ, ; gkm, Σεβαστούπολις, Sevastoúpolis, ; crh, Акъя́р, Aqyár, ), sometimes written Sebastopol, is the largest city in Crimea, and a major port on the Black Sea ...

, by Evgeny Marchenko and Dmitry Sabitov, two Russians formerly from

Ukraine Ukraine ( uk, Україна, Ukraïna, ) is a country in Eastern Europe. It is the second-largest European country after Russia, which it borders to the east and northeast. Ukraine covers approximately . Prior to the ongoing Russian inv ...

. The company is incorporated in

Scotland Scotland (, ) is a country that is part of the United Kingdom. Covering the northern third of the island of Great Britain, mainland Scotland has a border with England to the southeast and is otherwise surrounded by the Atlantic Ocean to the ...

as Cognitive Cloud LP and in

Belize Belize (; bzj, Bileez) is a Caribbean and Central American country on the northeastern coast of Central America. It is bordered by Mexico to the north, the Caribbean Sea to the east, and Guatemala to the west and south. It also shares a wate ...

as DDoS-Guard Corp. The company runs traffic filtering nodes on clusters located in Russia, Germany, the Netherlands, and Japan. A company with the same name, owned by the same men, had previously existed in Ukraine since 2011, though spokespeople for the company have said this was only an early stage company created while the software was being developed. The spokespeople stated that DDoS-Guard has always been based in Russia, in

Rostov-on-Don Rostov-on-Don ( rus, Ростов-на-Дону, r=Rostov-na-Donu, p=rɐˈstof nə dɐˈnu) is a port city and the administrative centre of Rostov Oblast and the Southern Federal District of Russia. It lies in the southeastern part of the East Eu ...

, although '' Meduza'' reported that the office in that city didn't open until 2015. ''Meduza'' reported that the company apparently relocated to Russia after Ukrainian national security and cyberpolice officers began investigations into the company due to its choice to host ''Verified'', a forum notorious for platforming credit card scammers. DDoS-Guard has denied knowledge of the investigation. In 2021, a researcher observed the DDoS-Guard appeared to have no physical presence in Belize and had likely incorporated there to gain access to

IP address An Internet Protocol address (IP address) is a numerical label such as that is connected to a computer network that uses the Internet Protocol for communication.. Updated by . An IP address serves two main functions: network interface ident ...

es normally only allocated to local entities. Of more than 11,000 IP addresses assigned to DDoS-Guard's two subsidiaries, the researcher found two thirds had been provided to the Belizean company by LACNIC, the

regional Internet registry A regional Internet registry (RIR) is an organization that manages the allocation and registration of Internet number resources within a region of the world. Internet number resources include IP addresses and autonomous system (AS) numbers. ...

responsible for Latin America and the Caribbean. DDoS-Guard has rebutted the allegations, and said they do have a presence in Belize. After the researcher reported DDoS-Guard to LACNIC, LACNIC announced they would revoke more than 8,000 IP addresses from the company. On 1 June 2021, cyber-intelligence company Group-IB reported that they had found DDoS-Guard's database, containing site IP addresses, names, and payment information along with its full source code, for purchase on a

cybercrime A cybercrime is a crime that involves a computer or a computer network.Moore, R. (2005) "Cyber crime: Investigating High-Technology Computer Crime," Cleveland, Mississippi: Anderson Publishing. The computer may have been used in committing th ...

black market forum. The authenticity of the allegedly stolen data was unverified.

Clients

''Meduza'' has reported that, according to a former employee, DDoS-Guard has a history of working with customers who operate on the

darknet A dark net or darknet is an overlay network within the Internet that can only be accessed with specific software, configurations, or authorization, and often uses a unique customized communication protocol. Two typical darknet types are social ne ...

. The employee has said this is because they can charge higher rates to such customers, who have a much smaller range of choices of Internet service providers willing to work with them, and who often especially need website security services. Some of DDoS-Guard's other clients have included the Palestinian Islamic militant nationalist movement

, the

cyberstalking Cyberstalking is the use of the Internet or other electronic means to stalk or harass an individual, group, or organization. It may include false accusations, defamation, slander and libel. It may also include monitoring, identity theft, thre ...

site

Kiwi Farms Kiwi Farms, formerly known as CWCki Forums ( ), is an Internet forum that facilitates the discussion and harassment of online figures and communities. Their targets are often subject to organized group trolling and stalking, as well as doxx ...

, and the

imageboard An imageboard is a type of Internet forum that focuses on the posting of images, often alongside text and discussion. The first imageboards were created in Japan as an extension of the textboard concept. These sites later inspired the creation of ...

8kun 8kun, previously called 8chan, Infinitechan or Infinitychan (stylized as ∞chan), is an imageboard website composed of user-created message boards. An owner moderates each board, with minimal interaction from site administration. The site ha ...

, formerly known as 8chan, which is the online home of the American far-right

QAnon conspiracy theory QAnon ( , ) is an American political conspiracy theory and political movement. It originated in the American far-right political sphere in 2017. QAnon centers on fabricated claims made by an anonymous individual or individuals known as "Q". T ...

.* * * * * * * The company said they ended services for both Hamas and 8chan after learning about the content on the sites from news sources. DDoS-Guard has ended services for various clients after being informed of their activities by journalists, but ''Meduza'' wrote that the company would likely need to deny services for a large portion of its client base if they were to proactively monitor for criminal activity.

, an investigative reporter focusing on cybercrime, wrote in January 2021 that a "review of the several thousand websites hosted by DDoS-Guard is revelatory, as it includes a vast number of phishing sites and domains tied to cybercrime services or forums online." DDoS-Guard is suspected of hosting multiple Internet scammers responsible for stealing banking data, and one of the world's largest online stores for illegal drugs operates using infrastructure associated with DDoS-Guard. DDoS-Guard also provides services to ''

The Daily Stormer ''The Daily Stormer'' is an American far-right, neo-Nazi, white supremacist, misogynist, Islamophobic, antisemitic, and Holocaust denial commentary and message board website that advocates for a second genocide of Jews. It is part of the al ...

'', an American neo-Nazi,

white supremacist White supremacy or white supremacism is the belief that white people are superior to those of other races and thus should dominate them. The belief favors the maintenance and defense of any power and privilege held by white people. White s ...

, and

Holocaust denial Holocaust denial is an antisemitic conspiracy theory that falsely asserts that the Nazi genocide of Jews, known as the Holocaust, is a myth, fabrication, or exaggeration. Holocaust deniers make one or more of the following false statements: ...

website and message board.

''Verified''

''Verified'' is a platform which ''Meduza'' has described as "one of the Internet's oldest and most notorious Russian-language forums for credit-card scammers". ''Meduza'' reported that beginning in the spring of 2013, Ukrainian national security and cyberpolice began investigating DDoS-Guard for allegedly servicing this platform, and has said this investigation likely led DDoS-Guard to reincarnate itself as a Russian company in 2014. DDoS-Guard has said they have no knowledge of such an investigation.

Russian state

In January 2014, before DDoS-Guard moved to Russia, the company partnered with one of the largest

domain registrars A domain name registrar is a company that manages the reservation of Internet domain names. A domain name registrar must be accredited by a generic top-level domain (gTLD) registry or a country code top-level domain (ccTLD) registry. A registra ...

in the country, REG.RU. Shortly after, the company began working with clients associated with the Russian state. Beginning in 2016, DDoS-Guard began providing denial-of-service protection to the

Russian Ministry of Defence The Ministry of Defence of the Russian Federation (russian: Министерство обороны Российской Федерации, Минобороны России, informally abbreviated as МО, МО РФ or Minoboron) is the govern ...

. In 2018, DDoS-Guard helped test the Russian state's

deep packet inspection Deep packet inspection (DPI) is a type of data processing that inspects in detail the data being sent over a computer network, and may take actions such as alerting, blocking, re-routing, or logging it accordingly. Deep packet inspection is oft ...

systems. DDoS-Guard works closely with the

Russian Central Bank The Central Bank of the Russian Federation (CBR; ), doing business as the Bank of Russia (russian: Банк России}), is the central bank of the Russian Federation. The bank was established on July 13, 1990. The predecessor of the bank can ...

HKLeaks

DDoS-Guard hosted a website dedicated to

doxing Doxing or doxxing is the act of publicly providing personally identifiable information about an individual or organization, usually via the internet. Historically, the term has been used interchangeably to refer to both the aggregation of this in ...

those who participated in the 2019–20 Hong Kong protests. In October 2019, DDoS-Guard acknowledged its business with the doxxing campaign, referring to HKLeaks as "our customer". The company said that they stay out of politics and they receive thousands of abuses claiming that their customer violates the law, but "no legal proofs".

Parler

DDoS-Guard was providing

denial-of-service attack In computing, a denial-of-service attack (DoS attack) is a cyber-attack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conn ...

protection services to

, an American alt-tech social network which was deplatformed by

Amazon Web Services Amazon Web Services, Inc. (AWS) is a subsidiary of Amazon that provides on-demand cloud computing platforms and APIs to individuals, companies, and governments, on a metered pay-as-you-go basis. These cloud computing web services provide d ...

and other Internet service providers after the 2021 United States Capitol attack. ''

Wired ''Wired'' (stylized as ''WIRED'') is a monthly American magazine, published in print and online editions, that focuses on how emerging technologies affect culture, the economy, and politics. Owned by Condé Nast, it is headquartered in San ...

'' noted that Parler's choice to use a Russian company for DDoS protection "could expose its users to Russian surveillance if the site someday does relaunch in full with DDoS-Guard" because of the Russian government's projects to isolate the country's internet. In January 2021, the

United States House Committee on Oversight and Reform The Committee on Oversight and Reform is the main investigative committee of the United States House of Representatives. The committee's broad jurisdiction and legislative authority make it one of the most influential and powerful panels in the ...

began an investigation into Parler in which they asked Parler for, among other things, information about agreements, documents, and communications with Russian entities. In the letter to Parler requesting this information, committee chair

Carolyn Maloney Carolyn Jane Maloney (née Bosher, February 19, 1946) is an American politician serving as the U.S. representative for since 2013, and for from 1993 to 2013. The district includes most of Manhattan's East Side, Astoria and Long Island City ...

described DDoS-Guard as a company "which has ties to the Russian government and counts the Russian Ministry of Defense as one of its clients".

Kiwi Farms

DDoS-Guard briefly provided denial-of-service attack protection to online stalking and harassment forum

after

Cloudflare Cloudflare, Inc. is an American content delivery network and DDoS mitigation company, founded in 2009. It primarily acts as a reverse proxy between a website's visitor and the Cloudflare customer's hosting provider. Its headquarters are in San ...

canceled services to the site on 3 September 2022. On 5 September 2022, DDoS-Guard dropped them as a client, writing that they had followed a policy of "

net neutrality Network neutrality, often referred to as net neutrality, is the principle that Internet service providers (ISPs) must treat all Internet communications equally, offering users and online content providers consistent rates irrespective of co ...

" for years; "however, there are things that are unacceptable for us under any circumstances". They wrote that after receiving multiple complaints, they "analyzed the content of the site" and decided to end service.

FitGirl Repacks

DDoS-Guard provides services for the popular

video game piracy Video game piracy is the unauthorized copying and distributing of video game software, and is a form of copyright infringement. It is often cited as a major problem that video game publishers face when distributing their products, due to the ease o ...

website FitGirl Repacks. In 2021, FitGirl Repacks had a dispute with its domain name registrar PublicDomainRegistry (and moved to a different registrar) after

The Spamhaus Project The Spamhaus Project is an international organisation based in the Principality of Andorra, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name ''spamhaus'', a pseudo-German expression, was coined by Linf ...

named the site on a block list. ''

TorrentFreak __NOTOC__ TorrentFreak (TF) is a blog dedicated to reporting the latest news and trends on the BitTorrent protocol and file sharing, as well as on copyright infringement and digital rights. The website was started in November 2005 by a Dutchma ...

'' stated that the incident may have been caused by other customers of DDoS-Guard engaging in

spamming Spamming is the use of messaging systems to send multiple unsolicited messages (spam) to large numbers of recipients for the purpose of commercial advertising, for the purpose of non-commercial proselytizing, for any prohibited purpose (especia ...

Sci-Hub

In 2017, a U.S. court ordered all internet infrastructure companies to stop doing business with Sci-Hub, the

shadow library Shadow libraries are online databases of readily available content that is normally obscured or otherwise not readily accessible. Such content may be inaccessible for a number of reasons, including the use of paywalls, copyright controls, or othe ...

which shares

scholarly paper Academic publishing is the subfield of publishing which distributes academic research and scholarship. Most academic work is published in academic journal articles, books or theses. The part of academic written output that is not formally pub ...

s without regard to copyright. As a result, Sci-Hub switched from

to DDoS-Guard for DDoS protection. Sci-Hub founder

Alexandra Elbakyan Alexandra Asanovna Elbakyan (russian: Алекса́ндра Аса́новна Элбакя́н, born 6 November 1988) is a Kazakhstani computer programmer and creator of the website Sci-Hub, which provides free access to research papers with ...

says that DDoS-Guard initially contacted her, and that the company volunteered that it works with

piracy Piracy is an act of robbery or criminal violence by ship or boat-borne attackers upon another ship or a coastal area, typically with the goal of stealing cargo and other valuable goods. Those who conduct acts of piracy are called pirates, v ...

sites including Rutracker.org. Some experts identify Sci-Hub's use of DDoS-Guard as a security risk given its involvement with the Russian state and that it could monitor Sci-Hub's traffic. Elbakyan says she pays DDoS-Guard about US$1,000 per month (one sixth of Sci-Hub's operating budget), all for DDoS protection; an expert found this amount credible.

Projects

In January 2014, the company partnered with one of the largest

in the country, REG.RU. In October 2017, DDoS-Guard's software was integrated with ISPmanager, which is a hosting control panel developed by ISPsystem.

References

External links

* {{DEFAULTSORT:DDoS-Guard Content delivery networks DDoS mitigation companies Internet security Internet service providers Internet technology companies of Russia Russian companies established in 2014 Ukrainian companies established in 2011 Web hosting