Parler’s new partner has ties to the Russian government
Publicly available internet information shows Parler’s data flows through a DDoS-Guard server registered to an address in Belize, which cybersecurity experts believe is a tool to protect the true identity and location of Parler’s web host.
Parler LLC, the social media app popular with Trump supporters and conspiracy theorists, is attempting to get back online with the help of a Russian company whose clients include an internet service provider to Russian intelligence, raising concerns about the conservative social forum's security if it ever formally returns.
U.S-based Parler began working with DDoS-Guard on Jan. 17 after getting cut off from Amazon Web Services. The Russian company offers its customers cybersecurity services and web hosting, which includes reserving website names, collecting platform data and piecing it together to present on the internet.
Publicly available internet information shows Parler's data flows through a DDoS-Guard server registered to an address in Belize, which cybersecurity experts believe is a tool to protect the true identity and location of Parler's web host. The Russian company declined to say what services it's offering Parler.
Nevertheless, cybersecurity researchers said Parler's relationship with DDoS-Guard -- which has fulfilled contracts with several government entities including the state-owned telecommunications company TransTeleCom Co ZAO -- raises concerns that its millions of users could be susceptible to surveillance if the platform returns online. Russian telecommunications companies play an essential role in the government's digital surveillance program, SORM, which requires service providers and carriers to install backdoors to state intelligence.
“Most people would be afraid of being fronted by Russians, but Parler actually signed up for it,” said Justin Shattuck, senior security solutions engineer at Resilience Cyber Insurance Solutions. “It's a little crazy.”
A data analysis indicates that Parler is the only American company -- aside from some phishing and crypto scam pages -- entrusting DDoS-Guard to host or secure any portion of its platform, Shattuck said.
Mike Convertino, the former chief information security officer at F5 Networks, CrowdStrike Inc. and Twitter Inc., said that if bad actors got access to Parler's unencrypted data, they could alert, insert or delete content on the platform.
“They could insert anything they want -- cram words in the Parler CEO's mouth or Sean Hannity's,” said Convertino, now the chief security officer at Resilience Cyber Insurance Solutions. “You could also build a massive compendium of our citizens, or at least those who follow Trump. To see a conservative entity go into the waiting arms of a Russian hoster is out of some dystopian dream.”
Parler didn't respond to calls and emails seeking comment. The app became a popular alternative for supporters of Donald Trump after Twitter and Facebook cracked down on false claims by former U.S. president and his followers. It was then taken offline on Jan. 11 after AWS pulled its web hosting, determining that the social media site had failed to moderate content which contributed to rioting at the U.S. Capitol building on Jan. 6.
On Thursday, a federal judge in Seattle refused Parler's request to order Amazon.com Inc. to immediately restore hosting.
A DDoS-Guard spokesman said Parler doesn't use its hosting service but wouldn't say exactly what services it provides. “As far as we know, the social network did not violate any laws or policies in the past.” DDoS-Guard didn't comment on its relationship with Russian intelligence or TransTeleCom Co ZAO.
TransTeleCom, among DDoS Guard's other clients, is a state-owned telecommunications company that in turn provides internet services to a Russian intelligence agency. DDoS-Guard has also worked with the Russian Ministry of Defense, Sberbank Insurance -- majority owned by the Russian central bank -- and a regional digital development and communications committee along the Russia-Ukraine border, according to contracts and filings reviewed by Bloomberg News.
When asked about Parler's relationship with DDoS Guard, Kremlin spokesman Dmitry Peskov said the government isn't familiar with the company.
“Of course we don't know about this company so I can't tell you anything,” he said. “Undoubtedly there are many competitive firms in Russia's IT sphere and even more in cyber-security area.”
U.S. Representative Carolyn Maloney, chair of the House Committee on Oversight and Reform, called on Jan. 21 for the FBI to investigate Parler's role in the Capitol insurrection, as well as the company's finances and ties to Russia “given the company has re-emerged on a Russian hosting service.”
So long as Parler remains in its state of internet purgatory -- its homepage currently explains its technical difficulties but little more -- the platform's user data isn't at risk. The concerns only become a reality if Parler returns to form on its desktop and mobile apps.
Despite its struggles, Chief Executive Officer John Matze said on the website that the platform's “return is inevitable.”
But even its relationship with DDoS-Guard remains in doubt. On Thursday, the cybersecurity blog KrebsOnSecurity reported that DDoS-Guard may lose a massive volume of server addresses in Belize. This could either prompt DDoS Guard to find a server closer to home, or force Parler to find yet another partner.
DDoS-Guard is run by two Russians, Evgenii Marchenko and Dmitry Sabitov, and since 2017, it has offered its services to TransTeleCom. The telecom provides services to the Federal Security Service, known as FSB, the successor to the Soviet Union's KGB, according to contracts and public records reviewed by Bloomberg News. The intelligence agency has been sanctioned and indicted by the U.S. for waging cyber-attacks against corporate and government networks, according to the U.S. Treasury and Justice departments.
The FSB's efforts to spy on telecommunications systems is rather explicit. The Russian government requires telecommunications providers to install the FSB's hardware so it can conduct surveillance on its population, including monitoring phone calls, web activity and email communications, according to the Russian Ministry of Communications and critics of the program.
Parler's decision to hire DDoS-Guard came six weeks after the U.S. government discovered a sprawling cyber-attack that breached government agencies and private companies, including cybersecurity firms. U.S. intelligence and the FBI have said that Russia was likely behind the attack, which utilized several methods including inserting malicious code in updates for software from Texas-based SolarWinds Corp. Cybersecurity researchers have found similarities in the techniques used in the recent hacking campaign, which was first disclosed last month, to tools used in the past by Russia's FSB.
As its name suggests, DDoS-Guard provides protection against what are known as distributed denial of service attacks, or DDoS for short, in which a massive amount of junk traffic is directed at a server or network to disrupt service. Essential to DDoS protection service are filters used to scrub user data for malicious traffic when it arrives at the host server.
As these data packets speed through the filters, service providers may receive unencrypted access to review the incoming traffic -- a place where an impostor could lurk to intercept data, according to Convertino.
Access to such unencrypted data could allow adversaries to collect information about Parler's user base, which accounts for a chunk of former Trump's base of supporters, said Gene Yoo, chief executive officer at the cyber intelligence firm Resecurity.
“Foreign intelligence may collect unique data using DDoS-Guard to filter Parler's traffic, which would allow them to enumerate all of Trump's fans and far-right supporters,” Yoo said. “Having this kind of data is a priceless asset for any foreign intelligence agency, which we know has already targeted Trump's base with digital influence campaigns.”