Saturday, January 16, 2021

Far-right website 8kun again loses internet service protection following Capitol attack

Shell company owned by two Russians cut ties with internet host of 8kun, which has been linked to other acts of violence

Cognitive Cloud LP allegedly operates out of 18 Forth Street, Edinburgh. 
Photograph: Murdo MacLeod/The Guardian


Kari Paul, Luke Harding and Severin Carrell
Fri 15 Jan 2021 THE GUARDIAN


A far-right website that was among the platforms used to organize the deadly violence at the US Capitol has again been forced to find new internet service protection after a shell company owned by two Russians and registered in Scotland cut ties with the platform’s internet host.

The website 8kun, previously known as 8chan, has long been one of the preferred platforms of the far right and followers of the baseless conspiracy theory QAnon. It was used by rioters ahead of the 6 January attack to mobilize other “patriots” to “help storm the Capitol”, with some on the message board debating which politicians to kill once they got inside.

In the aftermath of the riot, users continued to post content fomenting violence, including maps of government buildings to target and combat techniques for a proposed civil war.


Revealed: walkie-talkie app Zello hosted far-right groups who stormed Capitol
Read more


It wasn’t the first time the platform had been linked to acts of violence. Its predecessor site, 8chan, was linked to a series of white nationalist terrorist attacks, including the massacres in Christchurch, New Zealand, and El Paso, Texas.

8kun has faced significant hurdles to remain online since at least 2019, when the El Paso attack occurred. All websites are kept online by a network of services including web hosts and domain name registrars. 8kun has had a loyal internet provider in the Washington state-based VanwaTech, whose CEO has repeatedly defended its connections to the hate site in the name of freedom of speech.
8kun was used by rioters ahead of the 6 January attack to mobilize other ‘patriots’ to ‘help storm the Capitol’. Photograph: Ahmed Gaber/Reuters
LUCKY THE MAJORITY WERE ONLY ARMED WITH SMART PHONES FOR SELFIES

But the site cannot function without platform protection services that prevent DDoS attacks, or distributed denial of service attacks, and few providers have been willing to work with it.
Advertisement

Following its removal from the infrastructure company Cloudflare, 8kun, throughVanwaTech, worked with the Oregon-based CNServers LLC for DDoS protection. That company, too, cut ties with 8kun when it was alerted to the site’s violent history.

Since October 2020, 8kun had received DDoS protection from DDoS-Guard, a company that provides protection to a number of controversial websites, including the neo-Nazi site the Daily Stormer. 8kun’s ties to DDoS-Guard were first reported by the security researcher and journalist Brian Krebs.

This week, DDoS-Guard became the latest company to cut ties with 8kun’s hosting company, VanwaTech, following inquiries from the Guardian.

8kun is now being protected by the US-based firm FiberHub, which is based in Las Vegas, Nevada, according to analysis from the independent web researcher Ron Guilmette viewed by the Guardian.

FiberHub does not provide infrastructure directly to 8chan but does support VanwaTech as a client, FiberHub’s co-founder and chief technology officer Rob Tyree confirmed to the Guardian by email.

“We have received no reports that content hosted by VanwaTech supported by our infrastructure is in violation of our terms of service or acceptable use policy, which includes a requirement to abide by all US federal and state laws and regulations,” Tyree said. “Should we receive any such reports, we would follow our internal policies and observe any legal requirements to resolve those matters as swiftly as possible.”

DDoS-Guard, the company that provided services to VanwaTech until earlier this week, was registered under a limited partnership, a financial structure in Scotland that allows non-residents to create companies with little scrutiny, on 24 November 2017 by Aleksei Likhachev and Evgeniy Marchenko – two Russian businessmen who remain owners of the company. The partnership under which DDoS-Guard is registered is called Cognitive Cloud and is listed at an address in Edinburgh’s Forth Street.

Speaking from the southern Russian city of Rostov-on-Don earlier this week, Marchenko told the Guardian that 8kun was not a direct client of DDoS-Guard, but that his company provided services to VanwaTech.

He described DDoS-Guard as a global information security service. It hosted “thousands of websites”, he said, adding that it merely provided VanwaTech with “transit protection services” to stop it from falling victim to DDoS or other “brute force” attacks.

“It looks like they host some dubious sites like Qanon/8chan/8kun. I still don’t understand what are they about and have no information about their content or activity,” he added.
The partnership under which DDoS-Guard is registered is called Cognitive Cloud and is listed at an address in Edinburgh’s Forth Street. Photograph: Murdo MacLeod/The Guardian

“We are not related to any politic issues and don’t want to be associated in
any sense with customer hosting such toxic sites like QAnon/8chan,” Machenko said after the company severed ties with VanwaTech.

Asked why he used a company based in Scotland, Marchenko said: “Why not? The UK is very comfortable for business. I visited London one time, 14 years ago.” He said: “We don’t support any illegal activity. We know nothing about what happened in Washington or support one side or another. This company [VanwaTech] is just one of our many customers.”

DDoS-Guard’s other clients include the Russian ministry of defense, as well as media organizations in Moscow. The firm’s webpage links to an official ministry history, which sets out recent steps the Kremlin has taken to ban the use of smartphones by Russian soldiers, after a series of leaks.

“It’s OK to earn money from the Russian government or from any other government. It’s just business,” Marchenko said.

DDoS-Guard’s Edinburgh office is at 18 Forth Street, a terrace of small Georgian townhouses in the eastern part of Edinburgh’s New Town. There was no evidence of any office belonging to Cognitive Cloud at that address or any of the five other neighbouring townhouses. An employee at a neighbouring business said in his seven years working there, he had never met anyone from Cognitive Cloud but had frequently fielded requests to take mail and parcels for the firm. A manager at the Edinburgh site said Cognitive Cloud was not a tenant at the address but referred the Guardian to another company of a different name based in London, to which she said mail addressed to Cognitive Cloud was meant to be forwarded.

The Scottish number listed on the site for DDoS-Guard is disconnected. A tech support representative contacted through the Russian phone number on the site said the majority of its clients were based in Russia and declined to answer any other questions.

Marchenko said its Edinburgh office was an “EU subdivision” staffed by a “representative”.

VanwaTech did not respond to a request for comment.

This article was amended on 15 January 2020 in one paragraph to reflect that 8kun is being protected, not hosted, by FiberHub.

No comments: