Wired Magazine reports on a new kind of ISP: an "invisible" hosting service, based in the former Soviet Union, which uses a network of compromised machines and some redirection-fu to make it very hard to determine where a web-server actually lives. The service is reportedly marketed to spammers as an untraceable base-of-operations. I'm pretty skeptical about the untraceability of these systems — I suspect that rather, they are resistant to some tools, not resistant to others, and not hard to write new tools to uncover. Still, it's juicy, lurid reading.
Another site hosted by the Polish group offers free credit consultations. Traceroutes to the site, removeform.com, also provided ever-changing results, ranging from a computer connected to a DSL line in Israel to another provided by EarthLink. However, the title of the site's home page consistently read "Yahoo Web Hosting," suggesting it was actually located on a server run by the Internet giant.
According to Tubul, his group controls 450,000 "Trojaned" systems, most of them home computers running Windows with high-speed connections. The hacked systems contain special software developed by the Polish group that routes traffic between Internet users and customers' websites through thousands of the hijacked computers. The numerous intermediary systems confound tools such as traceroute, effectively laundering the true location of the website. To utilize the service, customers simply configure their sites to use any of several domain-name system servers controlled by the Polish group, Tubul said.
