For many years, cybercriminals seeking to maintain web infrastructure secretly and without being questioned have relied heavily on gray market services referred to as "bulletproof" servers. However, in their haste to combat cyberthreats, law enforcement agencies around the world have devised methods for obtaining client data from these servers and have been increasingly pursuing indictments against the service providers. Thibault Seret, a researcher, described how this change has forced both criminal clients and bulletproof hosting businesses to take a different tack at Friday's cybercrime-focused conference Sleuthcon in Arlington, Virginia.
Some service providers are now offering purpose-built VPNs and other proxy services as a means of rotating and circumventing law enforcement's reach, rather than depending on web hosts to do so.
Addressing cybercriminal behavior concealed by proxies is fundamentally difficult because the services may also—or even primarily—be enabling safe, lawful communications. The so-called "residential proxies," which are a collection of decentralized nodes that can run on consumer devices, including low-end laptops or outdated Android phones, have been especially popular among criminals and businesses that don't want to lose them as clients. These proxies provide real, rotating IP addresses that are assigned to homes and offices. These services provide privacy and anonymity, but they can also block harmful traffic.