Organized Crime Data Centers:
Remember that after traffic arrives from China and other parts of Asia in the US, it usually is coming from Hurricane Electric of Fremont, California. This is because it needs the IPv6 to IPv4 interconnect discussed at length in a previous post.
From there it goes to several data center facilities and/or companies in the United States. One of the major stops is NCAR in Cheyenne, Wyoming. We can also guess though, and have gone into detail previously or will later go into detail that Data Foundry, CyrusOne, Huntel Engineering, certain Equinix Facilities, IBM Softlayer, and Microsoft Azure are also points of passage.
Organized Crime ISPs:
There are companies that run data centers, and then there are internet service providers or “ISPs”. In this post we are going to refer to ISPs and web hosting providers as the same thing ultimately, so please note.
Have data centers that you control and operate as fronts is not enough to have an end-to-end hacking and botnet platform. One must also spin up an ISP/hosting front companies as internet traffic comes ultimately from them most of the time.
A data center just provides colo space, heating, cooling, disaster recovery, and only sometimes routers and switches. The ISP must bring their own server hardware and install all of their software required software. They must purchase IP address blocks and advertise their availability.
Please note that in the case of certain hypercloud providers like AWS, Azure, Oracle, and Google, the role of data center ownership and web hosting provider is actually combined, but that is the exception rather than the rule.
In other words one can infer that the mass flood of traffic that flows into Cheyenne, Wyoming ultimately doesn’t stop there, and really isn’t even that close to its final destination. It still must be “laundered” through various front ISPs and hosting companies. And indeed that is what we find.
Bill Gertz’s 2015 Article:
In July of 2015, Bill Gertz published an article that is one of the very few to name names regarding complicit technology companies in the US that help aid Chinese hacking.
The article, seen above, further goes on to state:
The Chinese hacker infrastructure stretched from China’s southeastern Guangdong Province and implicated service providers Sharktech, Psychz Networks, WebNX/GorillaServers Inc., Quadranet, PEG TECH, Colocrossing.com, and Enzu.
Listed out the firms are:
- Gorilla Servers
- PEG TECH
This, coincidentally, matches ISPs #1, #5, #7, #13, #23, and #25 on Lee Neubacker’s list below, drawn from his post mentioned at the beginning of this article.
Through our research, we can also attest that #8, #9, #10, #11, #14, #15, #16, #20, and #22 are Chinese front as well.
Many other groups and respected cybersecurity orgs make similar comments about the ISPs on this list.
The full list can be seen below: