IBM Acquires SoftLayer - Who cares that it serves a shit-ton of malware?

The SoftLayer - StopGeorgia.ru Network (Source - Inside Cyber Warfare, p.107)

During the Russia-Georgia war in August, 2008, Russian hackers created a forum called StopGeorgia.ru to conduct recruitment, training, and attack operations against a list of Georgian government websites. That forum and many other malicious sites before and afterwards were hosted by a U.S. company - SoftLayer Technologies. Today, IBM announced that it's buying SoftLayer for $2 billion; approximately eight times its earnings of 2010.

HostExploit.com has been publishing a list of the world's top 50 bad ISPs since 2009, and SoftLayer and The Planet, which became part of SoftLayer in 2010, has been included each year since then. In 2011, SoftLayer was rated #30 and The Planet was #14. In 2012, SoftLayer moved up to #17. The ratings indicate an estimate of the amount of exploit servers, phishing servers, C&C servers, badware, Zeus servers and infected websites found on each company's respective hardware.

When President Obama issued an Executive Order slapping Syria with sanctions in 2012, SoftLayer was one of the companies that violated sanctions through its hosting of Syrian government websites. SoftLayer and The Planet have always operated and profited in that grey area that so many U.S. ISPs enjoy; i.e., when called on the carpet for its customers' hosting and serving malware they that they aren't responsible for scanning and identifying what's on their leased servers. This is what makes U.S. IP space so popular among international cyber criminals: high uptime, competitive rates, and no one gives a shit what you do. And it's all perfectly legal, not to mention highly profitable.

Add to Cart View detail

HostDime, SoftLayer, et al, Need to be Federally Bitch-Slapped For Violating Syrian Sanctions

Source: HostDime.com website

When the New York Times released its story that some of the Syrian government's websites were hosted outside of Syria, I wasn't surprised to see SoftLayer Technologies as one of the hosts. They are also the company that hosted StopGeorgia.ru, the Russian forum which coordinated many of the cyber attacks against Georgian government websites during the Russia Georgia war (2008).

Other U.S. ISPs in addition to SoftLayer who are hosting Syrian government websites in violation of an Executive Order by President Obama (EO 13582) are HostDime.com, WeHostWebSites.com, 383Inc., HopOne, Net2EZ, Tiggee, and PEER 1. Of those seven, HostDime and Softlayer are consistently among the world's 50 worst hosts for serving malicious content.

Furthermore, this isn't the first time that Softlayer and the other offending ISPs learned of their violation of EO 13582. CitizenLab first created their report The Canadian Connection: An investigation of Syrian government and Hezbullah web hosting in Canada in November 2011. A blog posting by HostJury.com shows that SoftLayer didn't respond to their inquiry back then and still hasn't. A spokesperson for HostDime responded on the HostJury blog last November by saying "We are currently aware of all OFAC (Office of Foreign Assets Control) rules and regulations and continue to comply and monitor to the best of our ability." Since they have continued to hosting a Syrian government website (MOW.GOV.SY) more than a year ago and have done nothing about it, they and the other ISPs involved are knowingly in violation of EO 13582.

In my opinion, these ISPs need to be federally bitch-slapped for this. I hope that one or more of my federal government readers takes the hint and sets a much-needed example with HostDime, SoftLayer and the others.

UPDATE (30NOV2012 0634PST): VF (Vicki Fraser) of HostDime (@HostDime) responded to me on Twitter shortly after I published this article: "We do not host any Syrian websites and are not in violation of federal sanctions.   ^VF". Say, Vicki. Do you know how to use ROBTEX?

VF responded via Twitter: "@jeffreycarr it is hosted within our datacenter but not by us, we've reached out to our direct client expressing our concerns ^VF".

UPDATE (30NOV2012 0829PST): @HostDime announced via their Twitter feed: "@jeffreycarr Update: Our client (the host of the Syrian site) has taken action and taken the site offline. ^VF"

Add to Cart View detail