[HN Gopher] 911 Proxy Service Implodes After Disclosing Breach
___________________________________________________________________
911 Proxy Service Implodes After Disclosing Breach
Author : todsacerdoti
Score : 67 points
Date : 2022-07-29 19:39 UTC (3 hours ago)
(HTM) web link (krebsonsecurity.com)
(TXT) w3m dump (krebsonsecurity.com)
| datalopers wrote:
| Great. Now can we shutdown HolaVPN and their primary reseller
| Luminati/BrightData? It's all backdoored residential proxies just
| like 911.re
| [deleted]
| ratsmack wrote:
| >Hola is a freemium web and mobile application...
|
| When the service is free, you are the product.
| RockRobotRock wrote:
| Bright Data operates a service where you agree to allow your
| network to be used in their proxy system. In return, they
| give you a small amount of money per gigabyte of traffic.
| https://earnapp.com/
| str3wer wrote:
| according to Hola tos you agree to make your device a proxy
| accessible to everyone else using the service
| jjoonathan wrote:
| Yeah, but you can pay to be the product, too.
| ranger_danger wrote:
| The problem is their proxy backdoor thing is part of an SDK
| used by other applications/games/etc., both free and paid.
| RockRobotRock wrote:
| I mentioned this SDK, EarnApp, in my other comment. I am a
| shady web scraper that uses these services when necessary.
| The real answer is, STOP USING IP addresses for reputation
| scanning. With ipv4 exhaustion and CGN, this is an
| inevitable outcome anyways.
| Ian_Kerins wrote:
| The ethics of these free VPNs and hidden proxy SDKs are very
| questionable. But they are crazy profitable for the proxy
| providers running them so unlikely to go away.
|
| Did a teardown on their crazy economics recently
| https://scrapeops.io/web-scraping-playbook/residential-mobil...
|
| The profit margins are insane, easily over 99% profit on
| millions in revenue.
| donkarma wrote:
| For the unprepared this is a website commonly used by credit card
| fraudsters to imitate an IP address close to the card's address
| walrus01 wrote:
| Google "residential proxies for sale" for the tip of a shit
| laden shady black market iceberg
| rubatuga wrote:
| Also called sneaker proxies. Why? Used to bypass restrictions
| or limits on buying sneakers/shoes online.
| mousetree wrote:
| Does anyone know of a service that can be used to determine
| whether an IP has been associated/used by one of these proxy
| services? It would benefit my company to be able to detect
| these types of fraudsters
| nightpool wrote:
| since these proxy services are created by hijacking
| legitimate users' computers and internet connections, I would
| imagine any such list would be quickly out of date. Based on
| their marketing information, at least hundreds of new
| computers were added to their network each day.
| RockRobotRock wrote:
| My first thought is, "Why would it benefit your company,
| unless you were dealing with payments directly?," and then I
| read your comment history and it all makes sense now, haha.
|
| Honestly, for assessing risk of individual users, my worry is
| that the only good option right now is to use tools that
| require lots of data on the user, like recaptcha v3. You
| could set up a honeypot that tries to catch as many IP
| addresses implicated in proxy activity as possible. Maybe
| that second one would be a good company idea.
| charcircuit wrote:
| The whole point of these services is to buy proxies that are
| not on a list.
| spur-us wrote:
| Hi! Here at Spur, this is our mission exactly. As another
| commenter correctly noted, proxy endpoint data - especially
| those of residential or "callback" proxies like 911 - is
| highly ephemeral. Our company provides near-real time
| tracking for many residential & datacenter proxy services, as
| well as VPNs.
|
| Check us out at https://spur.us
| klabb3 wrote:
| Does anyone know how this software passed Microsoft smartscreen
| and typical antivirus apps? As someone distributing legitimate
| software on Windows, I feel like I was heavily scrutinized and
| getting code signing certs was a real pain, and costly. What's
| the purpose if it can't even weed out crap like this?
| chatmasta wrote:
| They probably just tell the user to bypass the prompts. For
| example, my college roommate went to great lengths to install
| what he thought was a Pokemon blue emulator on his laptop. All
| the security checks in the world won't protect a user
| determined to silence them.
|
| I don't know that's what happened here, but it sounds like some
| of the installs were PPI, so I wouldn't be surprised. That
| basically means anyone who can figure out how to bundle the
| software with an artifact can distribute it. A long time ago,
| and probably today too, people used to crack popular programs,
| bundle some adware into them, and then seed the torrent. The
| user is already committed to circumventing security checks and
| entering strange commands, so I can imagine how they might end
| up installing some bonus executables in the process.
| ranger_danger wrote:
| Smartscreen has always been a joke.
| game-of-throws wrote:
| I hoped with Lets Encrypt we were past the days of paying for
| cryptographic signatures, but Microsoft is keeping the legacy
| alive
| donmcronald wrote:
| It's an absolute sham and Microsoft is using their market
| dominance to give us a worse product for more money.
|
| I would _love_ to see someone start a Windows app store
| that 's based on domain validated code signing. Domains are
| better trust indicators than business names IMO.
| ranger_danger wrote:
| AFAIK Lets Encrypt does not provide free code-signing
| certificates, but I did hear of a group that was trying to
| do that. Can't recall the name right now.
| buzer wrote:
| This one maybe? https://www.sigstore.dev/
|
| > What's the current status?
|
| > We're working hard to release v1.0 in July.
|
| Hopefully they are close to release.
| OrangeMonkey wrote:
| It took me longer than it should to realize we were not talking
| about a service to place proxy calls to 911 (emergency dispatch)
| but a service called "911" that sells proxy accounts.
| [deleted]
| A_No_Name_Mouse wrote:
| Not wearing my glasses I misread it as 911 Porsche Service :-)
| Bluecobra wrote:
| Same here, I have used third party 911 services for enterprise
| VoIP in the past.
| ginja wrote:
| Does anyone have any recommendations for legit companies that
| provide proxies from ASNs not marked as datacenter/proxy? I need
| some for web scraping, but all the ones I've found so far seem
| super shady...
| [deleted]
| leobg wrote:
| brightdata, scraperapi
| rubatuga wrote:
| You won't find one
| Ian_Kerins wrote:
| this proxy comparison tool shows you the best ones
| https://scrapeops.io/proxy-providers/comparison/
| mh- wrote:
| This is neat, thanks for building/sharing it.
| ranger_danger wrote:
| No you don't.
| dylan604 wrote:
| Exactly my thinking as well. If you have to do some sort of
| shady shit to get what you need done, then maybe you're doing
| shady shit yourself.
___________________________________________________________________
(page generated 2022-07-29 23:00 UTC)