– Major Proxy Providers Implicated in digital attack on Philippine Media Giant Rappler
5 December 2023
Rappler, the Philippines’ digital media leader, faced a massive distributed denial-of-service (DDoS) in the end of October with more than 40 million requests in under an hour. The investigation of the attack, leveraging 90GB of traffic logs from Rappler, exposes FineProxy and RayoByte as a part of the attack infrastructure.
FineProxy and RayoByte, significant players in the proxy industry, have been unmasked as proxy service providers with their infrastructures linked to a pay-as-you-go DDoS service. Rather than rectifying the abuse, both actors have suggested a selective approach, proposing blocking all outgoing traffic from their infrastructure to organizations hosted by Qurium, leaving other potential targets exposed. This revelation spotlights the urgent need for scrutiny and regulation within the proxy industry, exposing potential collaboration in large-scale DDoS attacks.
The investigation further reveals the actors behind the Russian proxy provider “Fineproxy” and how they have managed to obtain hundreds of thousands of IP addresses from regional registrars like RIPE and ARIN and faked geo-location data to make their proxy service more valuable.
Finally, the investigation takes a deep dive into Rayobyte’s founder, Neil Emeigh, who in difference to FineProxy, makes great promises to be an “ethical proxy provider” and claims to have commitment to the “highest ethical standards”. A scratch on the surface reveals a person being connected to BlackHat SEO since early teenage years and having been selling proxy services with fake geo-location data since 2016.
This is Qurium’s fifth report in the investigative series “Weaponizing proxy and VPN providers” revealing the negligence among large proxy and VPN providers who allow clients to use their infrastructure for malicious activities such as DDoS attacks.
Qurium’s report: Proxy providers weaponized to launch denial of service attack against Rappler
Rappler’s report: DDoS on Rappler shows proxy firms still used for attacks, safety measures questioned
Weaponizing proxy and VPN providers
- Report 1: RayoByte infrastructure enabling DDoS attacks (7 Sept 2023)
- Report 2: Infrastructure of VPN providers is used to launch DDoS attacks. (7 Sept 2023)
- Report 3: Volatile networks as a source of Denial of Service (19 Sept 2023)
- Report 4: DDoS attacks against Hungarian media traced to proxy infrastructure “White Proxies” (2 Nov 2023)
- Report 5: Proxy providers weaponized to launch denial of service attack against Rappler (5 Dec 2023)
Contacts
Digital forensics: Tord Lundström <t@virtualroad.org> Technical Director
Media: Clara Zid <info@virtualroad.org> Media and Outreach Manager