05
Jan 21

Hamas May Be Threat to 8chan, QAnon Online

In October 2020, KrebsOnSecurity looked at how a web of sites connected to conspiracy theory movements QAnon and 8chan were being kept online by DDoS-Guard, a dodgy Russian firm that also hosts the official site for the terrorist group Hamas. New research shows DDoS-Guard relies on data centers provided by a U.S.-based publicly traded company, which experts say could be exposed to civil and criminal liabilities as a result of DDoS-Guard’s business with Hamas.

Many of the IP address ranges in in this map of QAnon and 8Chan-related sites — are assigned to VanwaTech. Source: twitter.com/Redrum_of_Crows

Last year’s story examined how a phone call to Oregon-based CNServers was all it took to briefly sideline multiple websites related to 8chan/8kun — a controversial online image board linked to several mass shootings — and QAnon, the far-right conspiracy theory which holds that a cabal of Satanic pedophiles is running a global child sex-trafficking ring and plotting against President Donald Trump.

From that piece:

A large number of 8kun and QAnon-related sites (see map above) are connected to the Web via a single Internet provider in Vancouver, Wash. called VanwaTech (a.k.a. “OrcaTech“). Previous appeals to VanwaTech to disconnect these sites have fallen on deaf ears, as the company’s owner Nick Lim reportedly has been working with 8kun’s administrators to keep the sites online in the name of protecting free speech.

After that story, CNServers and a U.K.-based hosting firm called SpartanHost both cut ties with VanwaTech. Following a brief disconnection, the sites came back online with the help of DDoS-Guard, an Internet company based in Russia. DDoS-Guard is now VanwaTech’s sole connection to the larger Internet.

A review of the several thousand websites hosted by DDoS-Guard is revelatory, as it includes a vast number of phishing sites and domains tied to cybercrime services or forums online.

Replying to requests for comment from a CBSNews reporter following up on my Oct. 2020 story, DDoS-Guard issued a statement saying, “We observe network neutrality and are convinced that any activity not prohibited by law in our country has the right to exist.”

But experts say DDoS-Guard’s business arrangement with a Denver-based publicly traded data center firm could create legal headaches for the latter thanks to the Russian company’s support of Hamas.

In a press release issued in late 2019, DDoS-Guard said its services rely in part on a traffic-scrubbing facility in Los Angeles owned by CoreSite [NYSE:COR], a real estate investment trust which invests in “carrier-neutral data centers and provides colocation and peering services.”

This facilities map published by DDoS-Guard suggests the company’s network actually has at least two points of presence in the United States.

Hamas has long been named by the U.S. Treasury and State departments as a Specially Designated Global Terrorist (SDGT) organization. Under such a designation, any U.S. person or organization that provides money, goods or services to an SDGT entity could face civil and/or criminal prosecution and hefty fines ranging from $250,000 to $1 million per violation.

Sean Buckley, a former Justice Department prosecutor with the law firm Kobre & Kim, said U.S. persons and companies within the United States “are prohibited from any transaction or dealing in property or interests in property blocked pursuant to an entity’s designation as a SDGT, including but not limited to the making or receiving of any contribution of funds, goods, or services to or for the benefit of individuals or entities so designated.”

CoreSite did not respond to multiple requests for comment. But Buckley said companies can incur fines and prosecution for violating SDGT sanctions even when they don’t know that they are doing so.

In 2019, for example, a U.S. based cosmetics company was fined $1 million after investigators determined its eyelash kits were sourcing materials from North Korea, even though the supplier in that case told the cosmetics firm the materials had come from China.

“U.S. persons or companies found to willfully violate these regulations can be subject to criminal penalties under the International Emergency Economic Powers Act,” Buckley said. “However, even in the case that they are unaware they’re violating these regulations, or if the transaction isn’t directly with the sanctioned entity, these companies still run a risk of facing substantial civil and monetary penalties by the Department of Treasury’s Office of Foreign Asset Control if the sanctioned entity stands to benefit from such a transaction.”

DDoS-Guard said its partnership with CoreSite will help its stable of websites load more quickly and reliably for people visiting them from the United States. It is possible that when and if CoreSite decides it’s too risky to continue doing business with DDoS-Guard, sites like those affiliated with Hamas, QAnon and 8Chan may become more difficult to reach.

Meanwhile, DDoS-Guard customer VanwaTech continues to host a slew of sites promoting the conspiracy theory that the U.S. 2020 presidential election was stolen from President Donald Trump via widespread voting fraud and hacked voting machines, including maga[.]host, donaldsarmy[.]us, and donaldwon[.]com.

These sites are being used to help coordinate a protest rally in Washington, D.C. on January 6, 2021, the same day the U.S. Congress is slated to count electoral votes certified by the Electoral College, which in December elected Joseph R. Biden as the 46th president of The United States.

In a tweet late last year, President Trump urged his supporters to attend the Jan. 6 protest, saying the event “will be wild.”

8chan, which has rebranded as 8kun, has been linked to white supremacism, neo-Nazism, antisemitism, multiple mass shootings, and child pornography. The FBI in 2019 identified QAnon as a potential domestic terror threat, noting that some of its followers have been linked to violent incidents motivated by fringe beliefs.

Tags: , , , , , , , , , ,

83 comments

  1. This is why Section 230 must go. It’s intent was good, but the devil is in the implementation details. I don’t think Congress had in mind enabling phishers, scammers, or other grifters to have free rein of the Internet with this Act…

  2. I think it’s fair to point out that although the USA considers Hamas to be a terrorist organisation, they are also the elected government of the Gaza Strip.

    • You are absolutely correct! Duly elected, and only because of the Israeli influence throughout the US Congress, have they been named a terrorist organization, by the US. Neither a fair nor accurate description by the US, nor moderator Krebs. Cheers!

      • equitable > equal

        ‘Because of the Israeli influence on the US Congress’ is probably the opening sentence of the template word doc that becomes each US law

      • Many Qanon conspiracies are rooted in antisemitic tropes. They have allies in Hamas.

  3. I've Been Watching ....

    No one seems to consider the positive potential consequences of eliminating the liability immunity of Section 230 – at least not other than in a panic that such would stifle the “free flow of information”.

    There are other possibilities. Including the possibility that putting platforms at risk could encourage other platforms to gain currency. Right now, the protection arguably empowers the powerful. Should Facebook, Twitter, etc., have to slow down to assess the risk of liability, other platforms with other assessments of risk might well come forth and “publish”.

    The single greatest “barrier to entry” is impunity by immunity. That protects the powerful, not the new entrants.

    Why is it that the New York Times is exposed to liability for libel, but not Facebook? Why is Twitter free to ignore slander, but not the Washington Post? Why should the Washington Examiner or Drudge be exposed to the risk of judgment, but not Google?

    Each and every time the playing field is adjusted, new entrants come forth. Level the playing field for all, powerful establ9shed firms and new entrants.

    It ain’t rocket science, it just take guts – and ignoring the lobbyists.

    • Section 230 has nothing to do with this.

      It’s funny. Most IT privacy and security people never heard of Section 230 until Trump’s personal vendetta against social media. Now so many are throwing the term around like candy, as if Section 230 is responsible for everything.
      It isn’t.

    • Really it’s like you are saying the paper that the post prints on is liable for words they print. Google or any other hosting site is merely the paper that independent individuals use to print their message.

      • The newspaper analogy isn’t scalable to the Internet.

        Editorial review in print media is practical.
        On the internet, with blogs and the mass democratization of content… it is not.
        Since the days of MySpace, it was known that we could not have it both ways. Either the platform allows the public to create what they want, or the Internet will remain small.

        • When you editorialize (like a newspaper does), you’re no longer just a platform. You become a publisher.

          THAT is what 230 is about… shielding websites from being liable for troll posts and what would otherwise get a PUBLISHER fined or taken to court.

          Twitter, et. al. have become curators of their content, censoring and eliminating competing views (thoughts/opinions on those views do not matter, it’s about curation) while allowing “friendly” views to violate TOS requirements with impunity. THAT is the problem with all of this. It has nothing to do with Trump/Qanon/Antifa whatever…

          • Editorializing like a newspaper is VERY DIFFERENT than web forum moderation. Removing and banning posts and users who violate pre-established policies and user agreements…. is NOT the same as an editorial review of every article submission and basic fact checking done by a newspaper.

            This argument that moderating a blog comment section on a platform is the equivalent to editorial review as described in Section 230… is ridiculous nonsense.

  4. Brian, you neglected to mention that VanWaTech is also still hosting the us-focused neo-NAZI web site dailystormer[.]su

    Also worthy of note is that the .SU suffix is actually the top-level domain for what used to be the Soviet Union. (That top level domain name nowadays belongs to Russia.) Thus, we have the rather humorous and entirely ridiculous spectacle of a neo-NAZI site which only exists due to the good graces of the government of Vladimir Putin.

    8kun[.]top meanwhile exists in the .TOP top-level domain, which is owned & operated by a commercial enterprise in mainland China.

    Thus, the great U.S. “patriots” behind the whole QAnon farce are in fact beholden to BOTH the Russians (for connectivity) AND the Chinese (for their domain name).

    With U.S. “patriots” like these, who needs enemies?

    • “Any port in storm”
      Pretty sure you could find sites banned by china/russia/hamas/etc operating in west…

      • But they’re not banned for the same reasons.

        They’re banned for criticizing their local govt, not cybercrime etc.

    • Hampton M DeJarnette

      Is anyone willing to bet $100 that Beijing and Moscow intelligence have abstained from writing entries on these websites? $10? 10 cents?

  5. The Sunshine State

    In the article it states “convinced that any activity not prohibited by law in our country has the right to exist.”

    The key words here are “our country” which mean the Russian federation and we all know that country has very lax cyber-crime laws

  6. Count me as one who thinks our country’s greatest and most violent challenge is from within (sponsored by Putin and Trump). Getting that Qanon, proud (aka poor boy), and other white supremacist stuff under wraps will be our biggest challenges. Putin has been a direct sponsor of it.

    • Steve J,

      Proud Boys aren’t White Supremacists, but your statement does show how colossally ignorant you are of the situation as a whole.

      Didn’t you also back Chris Krebs as a vanguard of ITSEC despite his abject failure in the role?

      Also Steve J: “Count me as one who thinks….”. No, you clearly don’t.

      • Liar.

        • does the truth make you angry and sad? Try researching before commenting Piehole.

          • They admit to having a strong white supremacist support internally, which means they deny it organizationally only to hide that.

            If their leader weren’t caught and arrested _yesterday_ for burning a sign not belonging to him merely proclaiming that the lives of black people mattered, you might have a less obvious problem.

            Also they’ve been banned from DC and are being investigated for designation as a Specifically Designated Terrorist Group.

            If it helps you to pretend there’s no white supremacist bent there, so be it. There’s no law against pretending.

            • White supremacist? I presume you’re also against Japanese people ruling Japan? You oppose Nigerians ruling Nigeria? Jew ruling Israel? Or is it just nations where European people live where you have a problem allowing Europeans to rule over their ancestral lands?

              You are obviously an anti-white.

              • “I presume you’re also against Japanese people ruling Japan? You oppose Nigerians ruling Nigeria? Jew ruling Israel? Or is it just nations where European people live where you have a problem allowing Europeans to rule over their ancestral lands?”

                “America” being the US of North America, is a country where “caucasian” people are actually a minority, by law, right now.

                Depending on how you divide people up (with broad strokes thus)
                you make yourself less relevant as a bloc of voting interests, potentially, by going purely by some purile base criteria like “race” as listed on a census sheet alone. If you think all Europeans “get along fine” you’re entirely uneducated.

                There’s really no hope for racism in the future. You’ll either expose yourself and be killed as a threat to civil society, declare war and kill yourselves, or basically fade out of the public milieu over the coming years with the well earned backlash Trump’s neo-nazi autocratic insurgency deserves.

                America is a secular, multi-racial nation whether you like it or not and unless you’re objectively disabled so, you understand that.

                • Are you, or the Proud Boys against America being ruled by native indigenous peoples? What about Mexicans ruling the Southwest?

                  You want to excuse colonialism and reset history to whatever ethnicity you belong to.

                  • No, you’re being intentionally obtuse by conflating issues.
                    Thanks for not doing that – intentionally.

                    • My reply was not meant for you. But Hello’s comment that you quoted.

                      It is meant to show the hypocrisy of his nativism which is just another brand of racism.

                    • JamminJ – I thought you meant it for my comment due to reply.

                      That makes more sense, I was wondering WTF you meant.

              • *Boom Mic Drop*

              • Congratulations. (not!) you have been awarded the most ignorant comment of the day award!

              • This is the type of logic that would be used by a white supremacist to excuse their crimes

      • One would have to be naive, blind or an agent of those who would benefit directly from a civilian revolution in the USA. The Russians and others are sinking every resource at their control to maintaining the state of chaos in the USA. Proud Boys, Qanon, Nazism, White Supremacists and the rest of the fringe are looking to paint our soil with blood..they are all willfully ignorant and players who are being easily manipulated by the Russians and others. The USA it’s on its way to a very violent end if the stupid like TBJ don’t wake up.

      • Says Putin’s sick puppet?

    • “Will be our greatest challenges” Interesting! Thank you, and God bless

  7. There is no such thing as a conspiracy.
    Governments and all the people in them are 100% honest, caring, and the most responsible people in the world.
    Money has no influence on politics because everyone is so credible and independently wealthy they have no need for money.
    You want proof? just look at history. It’s the poor people problem that need to be solved, and fees are the solution.

  8. TBJ,
    Proud boys current leader (after a “coup” against Enrique Tarrio, the former leader) Kyle Chapman, is “is trying to rebrand the organization as explicitly white supremacist and anti-Semitic” according to multiple news sources including the Sun Sentinal.

    Chris Krebs said before a Senate committee, “”The trick about elections is that you’re not so much trying to convince the winner that they won, it’s the loser that they lost,” he said. “You need willing participants on both sides. I think we’ve got to get back to that point, otherwise we’re going to have a very difficult time going forward maintaining confidence in this American experiment.” Krebs has never been accused of abject failure at protecting elections except by Trump and his lawyers.

    Steve J clearly thinks, TBJ. You react. Look it up. There is a difference.

    Stu

  9. Not happy with your blatant designation naming Hamas as a terrorist organization, and accepting the US designation of Hamas as an SDGT! Further, spend a week or so in Gaza, then report back as to who are the “terrorists” in that area. Suggestion: Take water and a power source with you, because Israel stringently controls the amount of both necessities allowed to go to the Gaza strip.

    • Blatant designation of the facts? They Are designated as a terrorist organization. Fact. Probably has something to do with their terrorist activities…

      • And when their lands were stolen by the Rothschild’s and Russian Jews, they had no right to fight back?

        Lets hope wherever you live is never sold out… oops, I guess that already happened.

        • Again the racist, antisemitic, ranting Qanon nutjobs are spamming this forum.
          Go away, retreat back to your dark basements.

  10. terribly confusing headline. Is Hamas a problem for QAnon? Or are the Russians a problem for both?

    • The current bizarre & chaotic state of the world makes for strange bedfellows.

      The web site for hamas[.]ps is hosted by & on the Russian Internet company ddos-guard[.]net. The web sites of 8kun[.]top and dailystormer[.]us are hosted by and on the U.S. company VanWaTech (also known as OrcaTech) but THAT company is currently getting 100% of its Internet connectivity by and through ddos-guard[.]net.

      In short, ddos-guard[.]net is a nexus of evil on the Internet. Give them enough money and as long as you don’t criticize Vladimir Putin, they will host, directly or indirectly, literally anything.

      We could all just shrug about this and say “Oh well, they are Russian, so what can anyone do about this?” but ddos-guard[.]net is getting critical help is spreading this crap to the U.S. from a U.S.-based publicly traded company called CoreSite. And as Brian has gone to great lengths to point out, CoreSite is playing with fire, legally speaking, in doing business with, and providing key support to ddos-guard[.]net, and thus to all of these hate-filled web sites whose operators would like nothing better than to see the destruction of the U.S. and/or its democratic system of government.

      • What is your problem with people being allowed to offer an alternative point of view to the establishment one? How did you end up as a shill for the establishment? Maybe you should consider that actually the world benefits from diversity of opinion and not just the opinions of the elites who you are shilling for. Be youre own man, stop following the pack.

        • An alternate point of view is a very good thing but most of these nasty groups pedal intolerance. As a county we need to reject intolerance. USA is a melting pot and we ought to welcome all races, colors and religions.

        • Hitler was offering the world an ‘alternate point of view’. But his mistake was in not asking if anyone wanted it…

        • There is a difference between Opinion and Point of View… and Conspiracy Theorists and Fake News.

          We can advocate for both the freedom of speech and freedom of the press… but do not conflate the two.
          The problem in this Internet Age, is that everyone’s opinion is being amplified to a deafening loudness and even masquerading as journalism.

          Read and listen to what they are saying, and how they are saying it. They are NOT trying to express opinions and points of view… they are trying to present fantasy as fact.

  11. That’s some real nice reporting. Not just an article about a breach, which I also appreciate, btw, but connecting the dots to reveal a big story. Good work.

  12. My guess is that TBJ is a Proud Phuck Boi himself.

  13. Is Krebs some sort of Zionist who opposes the rights of Palestinian freedom fighters and opposes Freedom of Speech on the internet? Unsubscribe..

    • You won’t unsubscribe. You are just another racist anti-Semite trying to troll.

    • The arabs have 22 countries. There are 44 Muslim counties. They hate that the Jews have one single country. That one single country where the Jews are protected from attack and genocide. Arabs targeting and killing Jews because they refuse to lay down and die are not ‘freedom fighers.’

      • You’re completely sheep-dipped lol.

        Rockets fly from Gaza because it is an occupied territory.
        You are basically excusing one genocide with another.
        Nothing excuses attacks on civilians like IDF media.

  14. if you give someone a place to hide, you know where they are hiding….

    • ‘Giving someone a place to hide’ would be called a honeypot operation if it had the aim of ‘knowing where someone is hiding’

      But I suspect this is more a case of slowly feeling that stabbing sensation in your heart as you begin to realize everything you believed in had been highjacked by a foreign government & Krebs is simply giving you the chance to think about your choices in life…

  15. Selling my stock right this second! Thanks for heads-up!

  16. If I submit a letter to the editor of my local newspaper, he or she is free to publish or not publish it to the world based on their criteria – not mine. Ditto for comments posted to websites that inform viewers up front that they will review comments before posting. In each of these examples the publishing entity exercises control over what appears on their website. Do we rend our garments or tear our hair in the name of freedom of speech in these cases? Mostly not; there seems to be an acceptance that those who operate publishing sites – paper or Internet – have the right to control what appears on their site. But with that freedom also comes responsibility; entities that publish untrue, illegal, defamatory or otherwise harmful material – whether of their own creation or submitted by their audience – deserve to be called out.

    But some websites are not publishers; they are the online manifestation of a village square where everyone is free to get up on a soapbox and harangue passersby with their view of the world – even if theirs is a minority viewpoint. Do we hold the mayor or village board responsible for policing what is said by soapbox orators? Typically not. So how do we hold similar websites responsible for what their online orators have to say?

  17. This conversation has veered off-topic, and commenters are lobbing insults at each other. I’ve skipped over most of it.

    In the past, KrebsonSecurity.com didn’t have such degraded conversations.

    I wish the moderator would knock these off-topic comments out and let us get back to learning about cybersecurity issues.

    Make the rules of engagement plain, and suffer not fools.

    • Agreed. This is what happens when Brian Krebs is made a target of the Qanon mob.

    • You just awnsered your own question didn’t you? whats the point in having a brain if you don’t use it? literal waste of energy, people like you breed apathy within other humans, ‘do your own research’ maybe take a page from your own book you absolute soft brain.

    • Valthirian Sunstrider

      I’m sorry, but Krebs took sides and slanted this entire article against QAnon, labelling it as a “far-right fringe” group and ridiculously grouping it together with Hamas. What’s clear is that Krebs has taken a stance that parallels the Establishment Left and their cronies who are destroying this country, all the while lying about his political opponents to frame them as fringe. It is sickening to see.

      The people discussing these things are on-topic because Krebs not only brought it up, but took sides rather than presenting a neutral and balanced view.

    • If your comment were in some way on the topic of security,
      it’d wax less hypocritically off-topic and whiny on its face… YMMV

  18. After today’s events in the US capital why is DDoS-Guard even allowed to remain online to continue to support insurrection. They should be shuttered and thrown in jail for supporting terrorists under the existing laws of the US.

  19. Hi everybody

    DDoS-Guard is here. My name is Evgeniy Marchenko and I’m DDoS-Guard CEO.

    First of all – we never support or protect any terrorists or other people violating the US or any other laws.

    We are a global network and service career and are content neutral but we are not neutral to law violation.
    Our service is completely automated and it’s sometimes possible that some people try to use it for illegal purposes.
    But every day and every minute we do everything we can to prevent such abuse attempts of our great security services.

    I don’t understand why Brian lies about hamas.ps domain. It was blocked in minutes after we got information about it.
    And it’s easy to verify that we have nothing related to it. There are a plenty of open DNS history sources. Here is an example report – https://securitytrails.com/domain/hamas.ps/dns
    Look there, they are hosted on Sucuri – the US based company.

    Isn’t this just a good move to draw public attention to us?

    • It doesn’t matter how good the research is, but still, you are trying to convince everybody that you are not involved in this situation, showing current DNS records of hamas.ps. I don’t have a SecurityTrails subscription to check the DNS history, but Spyse indicates that you have something to explain.

      On this service, you can check DNS history without registration and see the IPS and AS organization which is “DDOS-GUARD CORP”.

      Link: https://spyse.com/target/domain/hamas.ps/dns-history?dnsType=A

      I’m entirely skeptical about your claim that you have blocked it very shortly. The website must have been active for some time to be noticed by spyse.

    • It doesn’t matter how good the research is, but still, you are trying to convince everybody that you are not involved in this situation, showing current DNS records of hamas.ps. I don’t have a SecurityTrails subscription to check the DNS history, but Spyse indicates that you have something to explain.

      On this service, you can check DNS history without registration and see the IPS and AS organization which is “DDOS-GUARD CORP”.

      Link: https://spyse.com/target/domain/hamas.ps/dns-history?dnsType=A

      I’m entirely skeptical about your claim that you have blocked it very shortly. It must have been active for some time to be noticed by spyse

  20. There are exceptions to free speech. No entity should have to make themselves liable for the actions of its users. Reading through this thread makes me sad that so many know so little about their own government and how it works.

    https://fas.org/sgp/crs/misc/95-815.pdf

  21. This is one of the dumbest, low integrity articles I have ever seen you write.
    I used to respect you. This is a garbage hit piece.
    You are a liar, and you should be sued in court for purposefully and knowingly smearing the Good Name of VanwaTech.

    Go get a job at CNN where you belong now. You are a hack, and phony, and a loser. I am ashamed I ever stuck up for you.

  22. When you stifle freedom of expression, the hate grows!

    May the bombings and workplace violence begin!

Leave a comment