Wednesday, 6 January 2010

Goodbye Sweden, hello Ukraine: bulletproof havens for your holidays ...

Yesterday's Guardian featured an article ("Internet pirates find 'bulletproof' havens for illegal file sharing") by Bobbie Johnson, that newspaper's tech correspondent, which carries some useful pointers as to where file-sharers might choose to go for their holidays this summer. According to this article,
"Internet pirates are moving away from safe havens such as Sweden to new territories that include China and Ukraine, as they try to avoid prosecution for illegal file sharing ...

For several years, piracy groups that run services allowing music, video and software to be illegally shared online have been using legal loopholes across a wide range of countries as a way of escaping prosecution for copyright infringement.

In the last year there has been a significant shift, say piracy experts, as the groups have worked to stay beyond the reach of western law enforcement.

The change is rooted in the evolution of "bulletproof hosting", or website provision by companies that make a virtue of being impervious to legal threats and blocks. Not all bulletproof services are linked to illegal activities, but they are popular among criminal groups, spammers and file-sharing services.

Rob Holmes, of ... IP Cybercrime, ... said successful hosts were now starting to get stronger. "Some of the more popular ones have become more strongholds than they were previously," he said. "It's an industry and it always will be. When you think about it, bulletproof hosting is just a data version of money laundering."

Late last year a Swedish court found four men guilty of breaking copyright law through their links to the Pirate Bay website, ....

That decision prompted many piracy services to seek jurisdictions beyond the reach of western law. Pirate Bay moved its web servers to Ukraine, while another popular file-sharing service, Demonoid, which started in Serbia, also relocated.

"Before going completely dark in October [2009], Demonoid physically moved their servers to Ukraine, and remotely controlled them," said John Robinson, of BigChampagne, .... "Ukrainian communications law, as they paraphrase it, says that providers are not responsible for what their customers do. Therefore, they feel no need to speak about or defend what they do."

Not every controversial service has fled beyond traditional jurisdictions, however. Some problematic hosts still exist in the US, such as the infamous host McColo, which was based in San Jose, California, and remained in operation until last year.

Pirate Bay, after its brief excursion to Ukraine, is now run out of a Dutch data centre called CyberBunker, which is based in an old nuclear facility of the 1950s, about 120 miles south-west of Amsterdam.

Research published last year showed that most bulletproof hosts are located in China, where criminals are able to take advantage of low costs and legal loopholes to avoid prosecution.

Despite officials in Beijing talking in tough terms about computer crime – hacking potentially carries a death sentence in China – the authorities rarely co-operate with other countries to take action against hi-tech criminals. As a result, just a handful of firms in China are responsible for hosting thousands of criminal enterprises online. ...
Richard Cox of Spamhaus, a British organisation that watches spammers and monitors bulletproof hosts, said it was almost impossible to stop expansion of such services. "At the moment there are a number of individuals who are setting up bulletproof hosting sites in China," he said. "No matter how big a part of the Chinese network we block, the administrators there just do not care."

Not every controversial service has fled beyond traditional jurisdictions, however. Some problematic hosts still exist in the US, such as – the infamous host McColo, which was based in San Jose, California, and remained in operation until last year.

But the long-term impact of offshore hosting is becoming more problematic as investigators worldwide try to cut the links between criminal groups and protected internet servers.

One notorious gang of hackers, known as the Russian Business Network, ... started as a bulletproof host in St Petersburg but had connections to a wide range of criminal activities online. Widely known in the computer security community, it is being investigated by the FBI. The Russian authorities, meanwhile, have been keen to foster greater communication to stop the spread of criminal activity online.

Some are hopeful that greater co-operation between international governments will help prevent the development of new piracy havens, but others suggest that it is unlikely that a complete block on such activities will ever be possible.

"There will always be a place to run to," said Rob Holmes ... "Each time a law passes, or a new country creates some kind of stumbling block for them, they'll always find another place to do this. It goes back to the speakeasies in the 1920s – when one place got busted, they would just congregate in another place."
It can be argued that bulletproof havens are a positive step when viewed in broad terms: they are a sign that diplomacy, economic pressure and other measures can at least be targeted at the havens themselves, which can be worked on individually with a view to their cooperation. This is not much consolation to IP rights owners, however, since it is their rights which cannot be enforced.

Holiday in Ukraine here
Ukraine luxury hotels here


Richard McD Bridge said...

It is worth pointing out that distasteful and racist organisations like the BNP and their shock troop cronies such as Redwatch and Combat 88 are often hosted in the USA to take advantage of the US's refusal to enforce other countries' libel and hate speech laws.

Trying, for example, to get Facebook to remove fake BNP identities that are used to threaten opponents of the BNP is nigh on impossible, unless one wants to fling writs agains such a giant organisation.

Then, of course, there are the Islamist websites that carry death threats to apostates...

Sometimes I think that these are more important than filling the coffers of music capitalists.

Frank L. Ludwig said...

It probably won't surprise you to learn the Ukranian government disrespects copyright laws themselves. On their website, the Ukranian Ministry of Science and Education have published a German course which uses one of my copyrighted poems ('Eltern, welche nur verbieten...') from my collection at without my knowledge or consent and without even crediting me as the author (, top of page 38). All my takedown notices since January have been ignored.

If the government themselves are above the law (I checked, and they do have copyright laws in Ukraine), how could you expect their subjects to care about intellectual property?