Doug Madory

Last updated
Doug Madory
Born
Douglas Carl Madory

(1977-03-24) 24 March 1977 (age 45)
Poughkeepsie, New York, USA
NationalityAmerican
Alma mater
OccupationDirector of Internet Analysis
Employer Kentik
Known forAnalyzing Internet communications disruptions
Parents
  • Marticia Madory
  • Edward Madory

Doug Madory is an American Internet routing infrastructure expert, who specializes in analyzing Internet Border Gateway Protocol (BGP) routing data to diagnose Internet routing disruptions, such as those caused by communications fiber cable cuts, routing equipment failures, and governmental censorship. His academic background is in computer engineering, and he was a signals specialist in the U.S. Air Force, before arriving at his present specialty, which has occupied his professional career. [2] [3]

Contents

Education

Madory received a bachelor's degree in computer engineering from the University of Virginia in 1999. He received a master's degree in computer engineering from Dartmouth College in 2006.

Career

Madory joined Internet intelligence and technical analysis firm Renesys in 2009. Renesys was sold to DynDNS in May 2014, which in turn was sold to Oracle in April 2017. Madory remained in the same Director of Internet Analysis position throughout each of these transitions, before leaving Oracle to join Kentik in November 2020, in much the same role.

Discoveries

Madory is best known for the discoveries that are the product of his Internet routing analysis: sometimes of interesting new phenomena on the Internet and sometimes of malfeasance online.

ALBA-1 cable activation

In 2013, Madory observed that Internet connection speeds in Cuba had suddenly improved. His investigation revealed that the ALBA-1 undersea fiber cable, which had been run from Venezuela to Cuba by the Venezuelan government in 2010 and 2011, had been activated following an unexplained dormancy of two years. This cable, linking the Cuban domestic network to the Internet via Telefonica, was Cuba's first non-satellite international connection, and was a major milestone in Cuba's liberalization. [4] [5] [6] Uncharacteristically, the Cuban state organ Granma issued a confirmation two days later. [7]

National Internet shutdowns to prevent exam cheating

Madory observed daily nationwide Internet shutdowns in Iraq for three hours each morning for several consecutive days, on the same dates in 2014 and 2015, and discovered that the government had mandated the shutdowns to coincide with gradeschool final examinations, in order to hamper test cheating. [8] [9] [10] He has subsequently observed the same events in Syria. [11] [12]

BackConnect IP address and BGP route hijacking

In 2016, Madory collaborated with cybersecurity journalist Brian Krebs in an investigation of the Mirai botnet and DDoS attacks. [13] In the course of that investigation, they discovered that DDoS mitigation firm BackConnect was engaging in "hack back" cyber-attacks against alleged DDoS perpetrators, engaging in the BGP hijacking of IP prefixes and routes, specifically those of vDOS, an Israeli "booter" DDoS-for-hire service hosted by Cloudflare. [14] In the wake of publication, both Krebs [15] [16] and Madory's employer Dyn [17] [18] suffered retaliatory DDoS attacks.

Global Resource Systems IP address hijacking

On January 20, 2021, Madory observed a previously unknown Delaware shell company launching a process which would ultimately BGP advertise more than 175 million IPv4 addresses. [19] Worth $5.6 billion at February 2021 prices, [20] [21] this was by far the largest aggregate block on the Internet, more than twice the size of Comcast. The addresses belonged to the US Department of Defense, so this initially appeared to be the largest IP address hijacking in history. Madory's analysis identified a stranger situation, though: the shell company, "Global Resource Systems," was in fact contracted to the DoD, but was one of a family of shell companies controlled by Rodney Joffe which were exposed by the indictment of Michael Sussmann and depositions conducted by Alfa-Bank, ongoing in parallel at the time of the apparent hijacking. What appeared to be a simple, if vast, IP address hijacking turned out to instead be a DoD contracting scandal linked to an election disinformation scandal. [22] [23] [24]

Patents

Related Research Articles

<span class="mw-page-title-main">Internet Protocol version 4</span> Fourth version of the Internet Protocol

Internet Protocol version 4 (IPv4) is the fourth version of the Internet Protocol (IP). It is one of the core protocols of standards-based internetworking methods in the Internet and other packet-switched networks. IPv4 was the first version deployed for production on SATNET in 1982 and on the ARPANET in January 1983. It is still used to route most Internet traffic today, even with the ongoing deployment of Internet Protocol version 6 (IPv6), its successor.

The Internet Protocol (IP) is the network layer communications protocol in the Internet protocol suite for relaying datagrams across network boundaries. Its routing function enables internetworking, and essentially establishes the Internet.

<span class="mw-page-title-main">Router (computing)</span> Device that forwards data packets between computer networks

A router is a networking device that forwards data packets between computer networks. Routers perform the traffic directing functions between networks and on the global Internet. Data sent through a network, such as a web page or email, is in the form of data packets. A packet is typically forwarded from one router to another router through the networks that constitute an internetwork until it reaches its destination node.

Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. BGP is classified as a path-vector routing protocol, and it makes routing decisions based on paths, network policies, or rule-sets configured by a network administrator.

<span class="mw-page-title-main">Tier 1 network</span> Top level network on the internet

A Tier 1 network is an Internet Protocol (IP) network that can reach every other network on the Internet solely via settlement-free interconnection. Tier 1 networks can exchange traffic with other Tier 1 networks without paying any fees for the exchange of traffic in either direction. In contrast, some Tier 2 networks and all Tier 3 networks must pay to transmit traffic on other networks.

A virtual private network (VPN) is a mechanism for creating a secure connection between a computing device and a computer network, or between two networks, using an insecure communication medium such as the public Internet. A VPN can extend a private network, enabling users to send and receive data across public networks as if their devices were directly connected to the private network. The benefits of a VPN include security, reduced costs for dedicated communication lines, and greater flexibility for remote workers. VPNs are also used to bypass internet censorship. Encryption is common, although not an inherent part of a VPN connection.

<span class="mw-page-title-main">Anycast</span> Network addressing and routing methodology

Anycast is a network addressing and routing methodology in which a single destination IP address is shared by devices in multiple locations. Routers direct packets addressed to this destination to the location nearest the sender, using their normal decision-making algorithms, typically the lowest number of BGP network hops. Anycast routing is widely used by content delivery networks such as web and DNS hosts, to bring their content closer to end users.

A route distinguisher is an address qualifier used only within a single internet service provider's Multiprotocol Label Switching (MPLS) network. It is used to distinguish the distinct virtual private network (VPN) routes of separate customers who connect to the provider.

<span class="mw-page-title-main">The Spamhaus Project</span> Organization targetting email spammers

The Spamhaus Project is an international organisation based in the Principality of Andorra, founded in 1998 by Steve Linford to track email spammers and spam-related activity. The name spamhaus, a pseudo-German expression, was coined by Linford to refer to an internet service provider, or other firm, which spams or knowingly provides service to spammers.

Dyn, Inc. was an Internet performance management and web application security company, offering products to monitor, control, and optimize online infrastructure, and also domain registration services and email products. The company was acquired by Oracle Corporation in 2016, and has operated as a global business unit of Oracle after the acquisition completed in 2017. Some Dyn services are planned to be retired by Oracle on May 31, 2023.

BGP hijacking is the illegitimate takeover of groups of IP addresses by corrupting Internet routing tables maintained using the Border Gateway Protocol (BGP).

<span class="mw-page-title-main">Routing protocol</span> Network protocol for distributing routing information to network equipment

A routing protocol specifies how routers communicate with each other to distribute information that enables them to select routes between nodes on a computer network. Routers perform the traffic directing functions on the Internet; data packets are forwarded through the networks of the internet from router to router until they reach their destination computer. Routing algorithms determine the specific choice of route. Each router has a prior knowledge only of networks attached to it directly. A routing protocol shares this information first among immediate neighbors, and then throughout the network. This way, routers gain knowledge of the topology of the network. The ability of routing protocols to dynamically adjust to changing conditions such as disabled connections and components and route data around obstructions is what gives the Internet its fault tolerance and high availability.

An IP header is header information at the beginning of an Internet Protocol (IP) packet. An IP packet is the smallest message entity exchanged via the Internet Protocol across an IP network. IP packets consist of a header for addressing and routing, and a payload for user data. The header contains information about IP version, source IP address, destination IP address, time-to-live, etc. The payload of an IP packet is typically a datagram or segment of the higher-level transport layer protocol, but may be data for an internet layer or link layer instead.

Resource Public Key Infrastructure (RPKI), also known as Resource Certification, is a specialized public key infrastructure (PKI) framework to support improved security for the Internet's BGP routing infrastructure.

An Internet outage or Internet blackout or Internet shutdown is the complete or partial failure of the internet services. It can occur due to censorship, cyberattacks, disasters, police or security services actions or errors.

Mirai is a malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer devices such as IP cameras and home routers. The Mirai botnet was first found in August 2016 by MalwareMustDie, a white hat malware research group, and has been used in some of the largest and most disruptive distributed denial of service (DDoS) attacks, including an attack on 20 September 2016 on computer security journalist Brian Krebs' website, an attack on French web host OVH, and the October 2016 Dyn cyberattack. According to a chat log between Anna-senpai and Robert Coelho, Mirai was named after the 2011 TV anime series Mirai Nikki.

<span class="mw-page-title-main">DDoS attacks on Dyn</span> 2016 cyberattack in Europe and North America

On October 21, 2016, three consecutive distributed denial-of-service attacks were launched against the Domain Name System (DNS) provider Dyn. The attack caused major Internet platforms and services to be unavailable to large swathes of users in Europe and North America. The groups Anonymous and New World Hackers claimed responsibility for the attack, but scant evidence was provided.

<span class="mw-page-title-main">Multicast routing</span> Computer networking protocol for forwarding transmissions from one sender to multiple receivers

Multicast routing is one of the routing protocols in IP networking.

<span class="mw-page-title-main">2021 Facebook outage</span> Outage affecting all Facebook operated services

On October 4, 2021, at 15:39 UTC, the social network Facebook and its subsidiaries, Messenger, Instagram, WhatsApp, Mapillary, and Oculus, became globally unavailable for a period of six to seven hours. The outage also prevented anyone trying to use "Log in with Facebook" from accessing third-party sites.

Kentik is an American network observability, network monitoring and anomaly detection company headquartered in San Francisco, California.

References

  1. University of Virginia (1999). Student Directory. Charlottesville, VA: University of Virginia.
  2. Scola, Nancy (6 August 2014). "The man who can see the Internet". Washington Post. Retrieved 25 October 2021.
  3. Rosen, Armin (24 May 2015). "This former Air Force officer is one of the US' most renowned private-sector experts on the structure of the internet". Business Insider. Retrieved 25 October 2021.
  4. "'Curious' Cuban net cable has activated, researchers say". BBC. 21 January 2013. Retrieved 25 October 2021.
  5. Frank, Marc (22 January 2013). "Cuba's mystery fiber-optic Internet cable stirs to life". Reuters. Retrieved 25 October 2021.
  6. Werman, Marco (22 January 2013). "Cuba Activates Undersea Internet Cable Line". PRI: The World. Retrieved 25 October 2021.
  7. "Comienzan pruebas para el tráfico de Internet por el cable submarino ALBA-1". Granma. 24 January 2013. Archived from the original on 2018-03-03. Retrieved 25 October 2021.
  8. Waddell, Kaveh (16 May 2016). "Iraq Shut Down Its Internet to Prevent Sixth-Graders From Cheating". The Atlantic. Retrieved 25 October 2021.
  9. Toor, Amar (17 May 2016). "Iraq shuts down internet to prevent students from cheating on exams". The Verge. Retrieved 25 October 2021.
  10. Burgess, Matt (4 July 2016). "How Iraq turned off the internet". Wired. Retrieved 25 October 2021.
  11. Koebler, Jason (12 August 2016). "Syrian Internet Outages Correspond Exactly to National High School Test Schedule". Vice. Retrieved 25 October 2021.
  12. "Syria Shuts Down Internet to Prevent Cheating During National High School Exams, Say Insiders". CircleID. 11 August 2016.
  13. Krebs, Brian (20 September 2016). "DDoS Mitigation Firm Has History of Hijacks". Krebs on Security. Retrieved 25 October 2021.
  14. Krebs, Brian. "Alleged vDOS Proprietors Arrested in Israel". No. 10 September 2016. Krebs on Security. Retrieved 25 October 2021.
  15. Franceschi-Bicchierai, Lorenzo (29 September 2016). "How 1.5 Million Connected Cameras Were Hijacked to Make an Unprecedented Botnet". Vice. Retrieved 26 October 2021.
  16. "Massive web attack hits security blogger". BBC. 22 September 2016. Retrieved 26 October 2021.
  17. Schuetz, Molly (21 October 2016). "Hacking vendetta seen in attack on Manchester's Dyn Inc". Bloomberg. Retrieved 26 October 2021.
  18. Krebs, Brian (21 October 2016). "DDoS on Dyn Impacts Twitter, Spotify, Reddit". Krebs on Security. Retrieved 26 October 2021.
  19. Timberg, Craig (24 April 2021). "Minutes before Trump left office, millions of the Pentagon's dormant IP addresses sprang to life". Washington Post. Retrieved 26 October 2021.
  20. Cimpanu, Catalin (13 May 2021). "Price of IPv4 addresses, one of the Internet's hottest commodities, reaches all-time high". The Record. Retrieved 26 October 2021.
  21. IPv4 Market Group. "IPv4 Transfer Pricing". Archived from the original on 2021-10-26. Retrieved 26 October 2021.
  22. Kay, Grace (1 May 2021). "4 unanswered questions about the mysterious company that began managing a big chunk of the internet minutes before Biden was sworn in". Business Insider. Retrieved 26 October 2021. Global Resource Systems LLC was created in September and has no prior government contracts. The company also does not have an online presence or a business license where it is registered in Plantation, Florida, though the company filed paperwork in October, for incorporation in Delaware. The name on the company's business papers, Raymon Saulino, matches a name tied to Packet Forensics. Packet Forensic had nearly $40 million in federal contracts over the past 10 years. It currently sells intercept equipment that allows law enforcement agencies to selectively wiretap individuals. The company received national attention in 2011 when a Wired story reported Packet Forensics was selling an application to the federal government that could spy on people's online browsers. Global Resource Systems LLC also has the same name as a firm that shut down over 10 years ago and was sending out email spam, internet fraud researcher Ron Guilmette told Associated Press. The company had the same street address and used the same internet routing identifier.
  23. Naraine, Ryan (29 April 2021). "Doug Madory on the mysterious AS8003 global routing story". Security Conversations.
  24. Bajak, Frank (25 April 2021). "The big Pentagon internet mystery now partially solved". Associated Press. Retrieved 26 October 2021.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.