Jart Armin

Biography

Jart Armin is a prominent investigator, and analyst on cybercrime operations, communication intelligence, Internet security, and hacking.
He became prominent for the analysis of the RBN (Russian Business Network), the first reports and analysis of cyber-attacks on Estonia and Georgia, and the dismantling of major cybercrime operations e.g. Atrivo, McColo, Real-Host, and others.

He leads a specialist international full time team and volunteers via HostExploit and SiteVet that provides daily and quarterly reports on all the world’s hosts and public Internet servers. He also heads CyberDefcon which is a commercial entity that provides cybercrime Intelligence and analysis to leading financial and industrial enterprises, and governmental institutions. He is a founder of the non-profit CSF (Cyber Security Foundation), and an activist in the international open source security community.

He is a regular presenter on cybercrime and cyber threats at various academic centers, recently in: Stanford, Sofia, Dublin, Zagreb, and Kiev, also at various governmental and military conferences and workshops.

Presentation: The Rise of GHOSTing - Bulletproof hosting below the radar, DNS tunneling, and the Zombies

The Rise of GHOSTing is an introduction to the how, the why and the art of modern cybercriminal bullet-proof operations. This increasingly provides a secure base for major data hacking, malware botnet operations, and inter-communications between cybercriminals. Increasingly, major cybercriminal bulletproof hosting operations are offering bone fide VPN (virtual private network) / VPS (virtual private servers) to clients who in turn use the services provided to churn out illicit and objectionable badness e.g. malware, data hacking, botnet C&Cs, phishing and spam operations. By all intents and purposes this type of operation gives the impression of clean and responsible hosting as no sign of criminal activity is detected on the providers’ servers; the actual badness is held at arms’ length and hidden away from direct investigation and attribution. However, this establishes it is placed on large and low cost international hosting & data storage providers. Used in this way the actual bulletproof host needs only to act as a recipient of the illicit material or stolen data, and can, therefore claim no direct knowledge of any wrong doing. Real examples of detected commercial GHOSTing services on offer from well-known bullet proof hosts shows the strict rules on what can and cannot be stored on the hosts’ actual server. These major cybercrime operations are also invariably utilizing DNS tunnelling methods, and encrypted intercommunications via Jabber, iP2, etc.  Examples of SSH hack and data-exfiltration based attacks assessed using GHOSTing also utilize hijacked zombies to further disguise their location. This again raises the public health analogy and international plea for quarantining / cleaning existing zombies, as they are a serious threat to the Internet and for individual country’s national security.