Internet pirates find ‘bulletproof’ havens for illegal file sharing

Internet pirates are moving away from safe havens such as Sweden to new territories that include China and Ukraine, as they try to avoid prosecution for illegal file sharing, according to experts.

For several years, piracy groups that run services allowing music, video and software to be illegally shared online have been using legal loopholes across a wide range of countries as a way of escaping prosecution for copyright infringement.

In the last year there has been a significant shift, say piracy experts, as the groups have worked to stay beyond the reach of western law enforcement.

The change is rooted in the evolution of “bulletproof hosting”, or website provision by companies that make a virtue of being impervious to legal threats and blocks. Not all bulletproof services are linked to illegal activities, but they are popular among criminal groups, spammers and file-sharing services.

Rob Holmes, of the Texas law firm IP Cybercrime, which has worked to close down several bulletproof operations, said successful hosts were now starting to get stronger. “Some of the more popular ones have become more strongholds than they were previously,” he said. “It’s an industry and it always will be. When you think about it, bulletproof hosting is just a data version of money laundering.”

Late last year a Swedish court found four men guilty of breaking copyright law through their links to the Pirate Bay website, one of the internet’s most notorious gateways for pirated films and television shows.

That decision prompted many piracy services to seek jurisdictions beyond the reach of western law. Pirate Bay moved its web servers to Ukraine, while another popular file-sharing service, Demonoid, which started in Serbia, also relocated.

“Before going completely dark in October [2009], Demonoid physically moved their servers to Ukraine, and remotely controlled them,” said John Robinson, of BigChampagne, a media tracking service based in Los Angeles. “Ukrainian communications law, as they paraphrase it, says that providers are not responsible for what their customers do. Therefore, they feel no need to speak about or defend what they do.”

Not every controversial service has fled beyond traditional jurisdictions, however. Some problematic hosts still exist in the US, such as the infamous host McColo, which was based in San Jose, California, and remained in operation until last year.

Pirate Bay, after its brief excursion to Ukraine, is now run out of a Dutch data centre called CyberBunker, which is based in an old nuclear facility of the 1950s, about 120 miles south-west of Amsterdam.

Research published last year showed that most bulletproof hosts are located in China, where criminals are able to take advantage of low costs and legal loopholes to avoid prosecution.

Despite officials in Beijing talking in tough terms about computer crime ,— hacking potentially carries a death sentence in China ,— the authorities rarely co-operate with other countries to take action against hi-tech criminals. As a result, just a handful of firms in China are responsible for hosting thousands of criminal enterprises online.

A study of online crime conducted by the University of Alabama at Birmingham, in the US showed that more than 22,000 websites which sent pharmaceutical spam were hosted by six bulletproof servers in China.

Richard Cox of Spamhaus, a British organisation that watches spammers and monitors bulletproof hosts, said it was almost impossible to stop expansion of such services. “At the moment there are a number of individuals who are setting up bulletproof hosting sites in China,” he said. “No matter how big a part of the Chinese network we block, the administrators there just do not care.”

Not every controversial service has fled beyond traditional jurisdictions, however. Some problematic hosts still exist in the US, such as ,— the infamous host McColo, which was based in San Jose, California, and remained in operation until last year.

But the long-term impact of offshore hosting is becoming more problematic as investigators worldwide try to cut the links between criminal groups and protected internet servers.

One notorious gang of hackers, known as the Russian Business Network, after disappearing for two years amid scrutiny from the authorities in Moscow, has also reportedly returned to action. The group started as a bulletproof host in St Petersburg but had connections to a wide range of criminal activities online. Widely known in the computer security community, it is being investigated by the FBI. The Russian authorities, meanwhile, have been keen to foster greater communication to stop the spread of criminal activity online.

Some are hopeful that greater co-operation between international governments will help prevent the development of new piracy havens, but others suggest that it is unlikely that a complete block on such activities will ever be possible.

“There will always be a place to run to,” said Rob Holmes, of IP Cybercrime. “Each time a law passes, or a new country creates some kind of stumbling block for them, they’ll always find another place to do this. It goes back to the speakeasies in the 1920s ,— when one place got busted, they would just congregate in another place.”

Bobbie Johnson, technology correspondent

The Guardian, Tuesday 5 January 2010