[HN Gopher] 911 Proxy Service Implodes After Disclosing Breach ___________________________________________________________________ 911 Proxy Service Implodes After Disclosing Breach Author : todsacerdoti Score : 67 points Date : 2022-07-29 19:39 UTC (3 hours ago) (HTM) web link (krebsonsecurity.com) (TXT) w3m dump (krebsonsecurity.com) | datalopers wrote: | Great. Now can we shutdown HolaVPN and their primary reseller | Luminati/BrightData? It's all backdoored residential proxies just | like 911.re | [deleted] | ratsmack wrote: | >Hola is a freemium web and mobile application... | | When the service is free, you are the product. | RockRobotRock wrote: | Bright Data operates a service where you agree to allow your | network to be used in their proxy system. In return, they | give you a small amount of money per gigabyte of traffic. | https://earnapp.com/ | str3wer wrote: | according to Hola tos you agree to make your device a proxy | accessible to everyone else using the service | jjoonathan wrote: | Yeah, but you can pay to be the product, too. | ranger_danger wrote: | The problem is their proxy backdoor thing is part of an SDK | used by other applications/games/etc., both free and paid. | RockRobotRock wrote: | I mentioned this SDK, EarnApp, in my other comment. I am a | shady web scraper that uses these services when necessary. | The real answer is, STOP USING IP addresses for reputation | scanning. With ipv4 exhaustion and CGN, this is an | inevitable outcome anyways. | Ian_Kerins wrote: | The ethics of these free VPNs and hidden proxy SDKs are very | questionable. But they are crazy profitable for the proxy | providers running them so unlikely to go away. | | Did a teardown on their crazy economics recently | https://scrapeops.io/web-scraping-playbook/residential-mobil... | | The profit margins are insane, easily over 99% profit on | millions in revenue. | donkarma wrote: | For the unprepared this is a website commonly used by credit card | fraudsters to imitate an IP address close to the card's address | walrus01 wrote: | Google "residential proxies for sale" for the tip of a shit | laden shady black market iceberg | rubatuga wrote: | Also called sneaker proxies. Why? Used to bypass restrictions | or limits on buying sneakers/shoes online. | mousetree wrote: | Does anyone know of a service that can be used to determine | whether an IP has been associated/used by one of these proxy | services? It would benefit my company to be able to detect | these types of fraudsters | nightpool wrote: | since these proxy services are created by hijacking | legitimate users' computers and internet connections, I would | imagine any such list would be quickly out of date. Based on | their marketing information, at least hundreds of new | computers were added to their network each day. | RockRobotRock wrote: | My first thought is, "Why would it benefit your company, | unless you were dealing with payments directly?," and then I | read your comment history and it all makes sense now, haha. | | Honestly, for assessing risk of individual users, my worry is | that the only good option right now is to use tools that | require lots of data on the user, like recaptcha v3. You | could set up a honeypot that tries to catch as many IP | addresses implicated in proxy activity as possible. Maybe | that second one would be a good company idea. | charcircuit wrote: | The whole point of these services is to buy proxies that are | not on a list. | spur-us wrote: | Hi! Here at Spur, this is our mission exactly. As another | commenter correctly noted, proxy endpoint data - especially | those of residential or "callback" proxies like 911 - is | highly ephemeral. Our company provides near-real time | tracking for many residential & datacenter proxy services, as | well as VPNs. | | Check us out at https://spur.us | klabb3 wrote: | Does anyone know how this software passed Microsoft smartscreen | and typical antivirus apps? As someone distributing legitimate | software on Windows, I feel like I was heavily scrutinized and | getting code signing certs was a real pain, and costly. What's | the purpose if it can't even weed out crap like this? | chatmasta wrote: | They probably just tell the user to bypass the prompts. For | example, my college roommate went to great lengths to install | what he thought was a Pokemon blue emulator on his laptop. All | the security checks in the world won't protect a user | determined to silence them. | | I don't know that's what happened here, but it sounds like some | of the installs were PPI, so I wouldn't be surprised. That | basically means anyone who can figure out how to bundle the | software with an artifact can distribute it. A long time ago, | and probably today too, people used to crack popular programs, | bundle some adware into them, and then seed the torrent. The | user is already committed to circumventing security checks and | entering strange commands, so I can imagine how they might end | up installing some bonus executables in the process. | ranger_danger wrote: | Smartscreen has always been a joke. | game-of-throws wrote: | I hoped with Lets Encrypt we were past the days of paying for | cryptographic signatures, but Microsoft is keeping the legacy | alive | donmcronald wrote: | It's an absolute sham and Microsoft is using their market | dominance to give us a worse product for more money. | | I would _love_ to see someone start a Windows app store | that 's based on domain validated code signing. Domains are | better trust indicators than business names IMO. | ranger_danger wrote: | AFAIK Lets Encrypt does not provide free code-signing | certificates, but I did hear of a group that was trying to | do that. Can't recall the name right now. | buzer wrote: | This one maybe? https://www.sigstore.dev/ | | > What's the current status? | | > We're working hard to release v1.0 in July. | | Hopefully they are close to release. | OrangeMonkey wrote: | It took me longer than it should to realize we were not talking | about a service to place proxy calls to 911 (emergency dispatch) | but a service called "911" that sells proxy accounts. | [deleted] | A_No_Name_Mouse wrote: | Not wearing my glasses I misread it as 911 Porsche Service :-) | Bluecobra wrote: | Same here, I have used third party 911 services for enterprise | VoIP in the past. | ginja wrote: | Does anyone have any recommendations for legit companies that | provide proxies from ASNs not marked as datacenter/proxy? I need | some for web scraping, but all the ones I've found so far seem | super shady... | [deleted] | leobg wrote: | brightdata, scraperapi | rubatuga wrote: | You won't find one | Ian_Kerins wrote: | this proxy comparison tool shows you the best ones | https://scrapeops.io/proxy-providers/comparison/ | mh- wrote: | This is neat, thanks for building/sharing it. | ranger_danger wrote: | No you don't. | dylan604 wrote: | Exactly my thinking as well. If you have to do some sort of | shady shit to get what you need done, then maybe you're doing | shady shit yourself. ___________________________________________________________________ (page generated 2022-07-29 23:00 UTC)