However fast forward to the present day and I notice that M247 Ltd is operating an estimated 65-85% of these VPN servers, and 90% of the USA servers are operated by them. Now they have VPN exits everywhere. All over USA, all over Europe, they have some in Asia, even Australia. The fact that so many VPN servers are using their network concerns me for a number of reasons, the first being that with all the VPN traffic flowing through their network, there is now a target on their back by government organizations, etc, what's stopping them from putting DPI boxes on their upstream ISP, or forcing them to log all traffic?
The second is more concerning: What if M247 is just a front, not really a network provider at all but really an intelligence operation, created specifically so that VPN provider owners would rent servers with them so the traffic could be analyzed? I heard from some other sources that M247 has been known to conduct shady deals, etc. What if the government is offering up these servers for dirt cheap to VPN providers purposefully, and that is why they are all using them?
Another fishy thing that concerns me is the number of false names that M247 VPN IP addresses are registered with, previously I noticed they were all registered under the name "M247 Ltd" , "M247 Europe SRL" , "M247 Miami/Phoenix/etc Infrastructure" , but recently I notice they are registering their IP addresses under completely false names that don't turn up any results on google, such as "Ppman Services SRL" , "Secure Data Systems SRL" , "Venus Business Communications Limited" , "UK Web Solutions Limited" , "FirstClassIT Solutions" , and a few others that I can't remember at the time. These IPs all use the M247's ASN (AS9009) , and under "Organization" it does say "M247 Ltd" , but "ISP" says those false names.
Another strange thing I noticed was that they even used "Cogent Communications" as one of the false names attatched to some of their IP addresses (however just like usual Organization was M247 and AS was 9009). If they are a regular legal company, how can they possibly be making up ISP names out of thin air and using them, as well as using the name of an already existing network provier, Cogent.
All these signs point to M247 conducting some less than kosher business, whatever that may be. I'm now very suspicious of connecting to VPN servers where the ISP is M247, for fear that they are some kind of government front/data collection firm/etc. Has anyone other than myself felt suspicious of M247 and thinks they are up to something? Or better yet, is there anyone who knows more about them than I do who is willing to shed some light on them?
1) they're fairly cheap to run, so groups spin up from nowhere fast.
2) due to being cheap to run, they seem to gather industry newcomers with little experience who are seeking a low-hanging-fruit first project.
3) they have a quick business 'period'. They come fast and they go fast. Probably due to the low-experience and extreme competition in that sector.
4) they consolidate quickly into large groups, and those large groups are fairly fast to buy up smaller competition in an effort to control commodity price.
>What if the government is offering up these servers for dirt cheap to VPN providers purposefully, and that is why they are all using them?
I guess that's just dependent on the threat model you're abiding by. Most casual vpn-as-a-business isn't going to do much to protect from state level adversaries, anyway.
The same phenomenon has happened in the US on the vpn market a few times now. I haven't checked recently, but a good chunk of exit structure was owned by London Trust Media last time I checked, a group that's affiliated with PIA and KAPE.
I can appreciate the suspicion. I think that it's warranted; but personally i'm of the opinion that the market consolidation is more due to the nature of the product and the market that it exists within. Whether or not a state group is gaming that consolidation.. I would suspect yes, but hold no proof.
I can vouch for them and don't think they have anything to do with what you accuse them of. They are just a big company with a lot of locations, which makes it fairly easy for VPN companies to get started.
Regarding the IP addresses... They announce IPs for free, which is a very nice service (some providers charge absurd amounts for it). They also do it for my company, so my IPs show up under their ASN, but this is nothing shady and just regular business.
As for the rest of your concerns. First, I would like to see some empirical data on your research. Second,what is your security model? VPNs are not that great at anonymity.
You're not trying to hide from a global adversary (like nsa,gru,gchq,etc..) Using VPNs right...because even slapping Tor on that won't help you there.
My theory is that they're cheap enough as a resellerand they target VPN providers as customers because there is a lot less support cost with them.
The thing about suspicions and conspiracies is that they mean little without independently corroborating evidence. Try to collect facts that prove your suspicion.
Here's M247: https://beta.companieshouse.gov.uk/company/04968341
There's a reasonable amount of information about the company in their full accounts from March 2018 (PDF, 650K): https://beta.companieshouse.gov.uk/company/04968341/filing-h...
Assume your VPN traffic is monitored, because it is, regardless of how much you trust or don’t trust your provider or their network.
If you look at my previous posts on HN I've written extensively about this topic.
Ignore some (but not all) of the dissenters on here. I don't mean to be rude, but these fake hosting companies are backed by quite the army of pr crisis tech support people, and they will dogpile on a thread like this quickly. You'll sometimes see them leave Yelp and Google Local reviews of their beloved friendly neighborhood data center too (which is preposterous no one does this in real life).
Anyway the clusters you are seeing do not appear to be about observation as much as destruction. From the analysis that I and others have done, our best guess is that someone is buying out hosting provider after hosting provider, and then peering at the 1 Gbs and 10 Gbs level as much as possible.
The purpose of this is two fold. First you are denying your enemy freedom of movement in that area. So think "squatting" or just taking up the board in monopoly.
The second more disturbing piece is that someone is building a kind of DDOS death star that will be unlike anything seen so far. From all the papers I've read, such an attack is likely to come through some novel IOT exploit and perhaps using one of the newer protocols like MQTT or COAP. But owning this much hosting space would be a terrific backup / serve as good defense for the expected counter attack.
This does not bode well at all for Europe. Even if the internet was off for months in the US the country could recover and rearm. All of Europe on the other hand, if stripped of the internet, could be overtaken in weeks if not days if Russia or China were so motivated.
The enormous capital expenditures that these IaaS providers have been sustaining points to China most certainly. Check out also Choopa, Tucows, Enom, Psychz, Shaw, Sharktech, Joe's Data Center, Hetzner, UnityMedia, Incapsula, and Mimecast.
This report is also very helpful : https://transparencyreport.google.com/safe-browsing/malware
If you’re a pirate, I wouldn’t worry. Likewise if you’re a Chinese dissident or tax cheat. The NSA isn’t going to blow its cover over Frozen 2 or your $3 million bitcoin wallet. Recent news accounts also suggest that the Feds are dismissing child porn cases rather than disclosing methods.
That leaves espionage and terrorism. If you’re involved in those, maybe going cheap on a vpn isn’t best practices to begin with.