enabling-malware-dcaU.S. firms enable scammers to bait consumers and steal personal info

Spam and scams have become a way of life.  Every day my in-box is full of emails warning that my Apple, PayPal or Wells Fargo credentials have been compromised and instructing me to click a link to restore my good standing.  Of course, I’m well aware these are scams but clearly there are many who aren’t.

The same thing holds true with websites.  It’s a well-known fact that for many–if not most– piracy peddlers, online malware supplies their lifeblood, their income.  The Digital Citizens Alliance* just release a new study highlighting the role U.S. companies are playing in support of this scourge.

In the case of content theft, the pirated movies, TV shows and music is the draw. Bad actors dangle free content, consumers take the bait, and the end result is millions of identities at risk and billions of dollars stolen. Then these computers are taken over to wreak more havoc, causing a nightmare for everyone from Internet users to advertisers who get defrauded, to corporations blackmailed into paying off hackers who threaten to use those rogue computers to launch attacks.

While these rogue sites are run by overseas operators, the DCA found that many are hosted by companies headquartered here in the United States.  The study singles out two U.S.-based firms, CloudFlare and Hawk Host as routinely offering up services to malware infested sites.

CloudFlare helps these criminals mask their locations by shrouding their network hosting and domain info:

In order to utilize CloudFlare’s CDN, DNS, and other protection services customers have to run all of their website traffic through the CloudFlare network. The end result of doing so is masked hosting information. Instead of the actual hosting provider, IP address, domain name server, etc., a Whois search provides the information for CloudFlare’s network.

When researchers at the DCA contacted CloudFlare for comment, they received the typical boiler-plate, we aren’t responsible for our customers response:

CloudFlare’s service protects and accelerates websites and applications. Because CloudFlare is not a host, we cannot control or remove customer content from the Internet. CloudFlare leaves the removal of online content to law enforcement agencies and complies with any legal requests made by the authorities. If we believe that one of our customers’ websites is distributing malware, CloudFlare will post an interstitial page that warns site visitors and asks them if they would like to proceed despite the warning. This practice follows established industry norms



The DCA’s investigation into Hawk Host highlighted the same scenario.  Use pirated films and music to attract visitors and entice them to download malware (before they can download the pirated content).  The response from Hawk Host was somewhat different in that their tech support staff agreed that the malware sites reported by the DCA were indeed violating the companies terms of service and should be closed.  According to the report:

After an exchange of information, Hawk Host agreed the sites did violate their policies and told Digital Citizens the sites would come down. Cody Robertson (Chief Technical Officer) said the sites “clearly violate our TOS / AUP.” He did add that it would be impossible for Hawk Host to audit all of the 100,000-plus sites they host and that they would continue to rely on abuse reports. Hawk Host’s swift action is an encouraging sign and Digital Citizens is hopeful that the company will continue to take steps to protect Internet users from malicious content.

This is a step in the right direction.   For many websites, piracy is a means to and end and in order for win the fight against it, the problem must be tackled on many fronts from search, to infrastructure, to income.  The threat of the public being victimized by malicious malware only adds to the damage done by online pirates.  You can read the entire DCA report here.

*I’m a member of the DCA advisory board.