Doug Madory

Expert in Internet routing disruptions
  • B.S. University of Virginia, 1999[1]
  • M.S. Dartmouth College, 2006
OccupationDirector of Internet AnalysisEmployerKentikKnown forAnalyzing Internet communications disruptionsParents
  • Marticia Madory
  • Edward Madory

Doug Madory is an American Internet routing infrastructure expert, who specializes in analyzing Internet Border Gateway Protocol (BGP) routing data to diagnose Internet routing disruptions, such as those caused by communications fiber cable cuts, routing equipment failures, and governmental censorship. His academic background is in computer engineering, and he was a signals specialist in the U.S. Air Force, before arriving at his present specialty, which has occupied his professional career.[2][3]

Education

Madory received a bachelor's degree in computer engineering from the University of Virginia in 1999. He received a master's degree in computer engineering from Dartmouth College in 2006.

Career

Madory joined Internet intelligence and technical analysis firm Renesys in 2009. Renesys was sold to DynDNS in May 2014, which in turn was sold to Oracle in April 2017. Madory remained in the same Director of Internet Analysis position throughout each of these transitions, before leaving Oracle to join Kentik in November 2020, in much the same role.

Discoveries

Madory is best known for the discoveries that are the product of his Internet routing analysis: sometimes of interesting new phenomena on the Internet and sometimes of malfeasance online.

ALBA-1 cable activation

In 2013, Madory observed that Internet connection speeds in Cuba had suddenly improved. His investigation revealed that the ALBA-1 undersea fiber cable, which had been run from Venezuela to Cuba by the Venezuelan government in 2010 and 2011, had been activated following an unexplained dormancy of two years. This cable, linking the Cuban domestic network to the Internet via Telefonica, was Cuba's first non-satellite international connection, and was a major milestone in Cuba's liberalization.[4][5][6] Uncharacteristically, the Cuban state organ Granma issued a confirmation two days later.[7]

National Internet shutdowns to prevent exam cheating

Madory observed daily nationwide Internet shutdowns in Iraq for three hours each morning for several consecutive days, on the same dates in 2014 and 2015, and discovered that the government had mandated the shutdowns to coincide with gradeschool final examinations, in order to hamper test cheating.[8][9][10] He has subsequently observed the same events in Syria.[11][12]

BackConnect IP address and BGP route hijacking

In 2016, Madory collaborated with cybersecurity journalist Brian Krebs in an investigation of the Mirai botnet and DDoS attacks.[13] In the course of that investigation, they discovered that DDoS mitigation firm BackConnect was engaging in "hack back" cyber-attacks against alleged DDoS perpetrators, engaging in the BGP hijacking of IP prefixes and routes, specifically those of vDOS, an Israeli "booter" DDoS-for-hire service hosted by Cloudflare.[14] In the wake of publication, both Krebs[15][16] and Madory's employer Dyn[17][18] suffered retaliatory DDoS attacks.

Global Resource Systems IP address hijacking

On January 20, 2021, Madory observed a previously unknown Delaware shell company launching a process which would ultimately BGP advertise more than 175 million IPv4 addresses.[19] Worth $5.6 billion at February 2021 prices,[20][21] this was by far the largest aggregate block on the Internet, more than twice the size of Comcast. The addresses belonged to the US Department of Defense, so this initially appeared to be the largest IP address hijacking in history. Madory's analysis identified a stranger situation, though: the shell company, "Global Resource Systems," was in fact contracted to the DoD, but was one of a family of shell companies controlled by Rodney Joffe which were exposed by the indictment of Michael Sussmann and depositions conducted by Alfa-Bank, ongoing in parallel at the time of the apparent hijacking. What appeared to be a simple, if vast, IP address hijacking turned out to instead be a DoD contracting scandal linked to an election disinformation scandal.[22][23][24]

Patents

  • US patent 2020389535, "Methods, systems, and apparatus for geographic location using trace routes", published 2019-01-03 
  • WO patent 2017147166, "Methods and apparatus for finding global routing hijacks", published 2017-08-31 
  • US patent 11025553, "Methods and apparatus for real-time traffic steering using real-time user monitoring data", published 2021-06-01 

References

  1. ^ University of Virginia (1999). Student Directory. Charlottesville, VA: University of Virginia.
  2. ^ Scola, Nancy (6 August 2014). "The man who can see the Internet". Washington Post. Retrieved 25 October 2021.
  3. ^ Rosen, Armin (24 May 2015). "This former Air Force officer is one of the US' most renowned private-sector experts on the structure of the internet". Business Insider. Retrieved 25 October 2021.
  4. ^ "'Curious' Cuban net cable has activated, researchers say". BBC. 21 January 2013. Retrieved 25 October 2021.
  5. ^ Frank, Marc (22 January 2013). "Cuba's mystery fiber-optic Internet cable stirs to life". Reuters. Retrieved 25 October 2021.
  6. ^ Werman, Marco (22 January 2013). "Cuba Activates Undersea Internet Cable Line". PRI: The World. Retrieved 25 October 2021.
  7. ^ "Comienzan pruebas para el tráfico de Internet por el cable submarino ALBA-1". Granma. 24 January 2013. Archived from the original on 2018-03-03. Retrieved 25 October 2021.
  8. ^ Waddell, Kaveh (16 May 2016). "Iraq Shut Down Its Internet to Prevent Sixth-Graders From Cheating". The Atlantic. Retrieved 25 October 2021.
  9. ^ Toor, Amar (17 May 2016). "Iraq shuts down internet to prevent students from cheating on exams". The Verge. Retrieved 25 October 2021.
  10. ^ Burgess, Matt (4 July 2016). "How Iraq turned off the internet". Wired. Retrieved 25 October 2021.
  11. ^ Koebler, Jason (12 August 2016). "Syrian Internet Outages Correspond Exactly to National High School Test Schedule". Vice. Retrieved 25 October 2021.
  12. ^ "Syria Shuts Down Internet to Prevent Cheating During National High School Exams, Say Insiders". CircleID. 11 August 2016.
  13. ^ Krebs, Brian (20 September 2016). "DDoS Mitigation Firm Has History of Hijacks". Krebs on Security. Retrieved 25 October 2021.
  14. ^ Krebs, Brian. "Alleged vDOS Proprietors Arrested in Israel". No. 10 September 2016. Krebs on Security. Retrieved 25 October 2021.
  15. ^ Franceschi-Bicchierai, Lorenzo (29 September 2016). "How 1.5 Million Connected Cameras Were Hijacked to Make an Unprecedented Botnet". Vice. Retrieved 26 October 2021.
  16. ^ "Massive web attack hits security blogger". BBC. 22 September 2016. Retrieved 26 October 2021.
  17. ^ Schuetz, Molly (21 October 2016). "Hacking vendetta seen in attack on Manchester's Dyn Inc". Bloomberg. Retrieved 26 October 2021.
  18. ^ Krebs, Brian (21 October 2016). "DDoS on Dyn Impacts Twitter, Spotify, Reddit". Krebs on Security. Retrieved 26 October 2021.
  19. ^ Timberg, Craig (24 April 2021). "Minutes before Trump left office, millions of the Pentagon's dormant IP addresses sprang to life". Washington Post. Retrieved 26 October 2021.
  20. ^ Cimpanu, Catalin (13 May 2021). "Price of IPv4 addresses, one of the Internet's hottest commodities, reaches all-time high". The Record. Retrieved 26 October 2021.
  21. ^ IPv4 Market Group. "IPv4 Transfer Pricing". Archived from the original on 2021-10-26. Retrieved 26 October 2021.{{cite web}}: CS1 maint: numeric names: authors list (link)
  22. ^ Kay, Grace (1 May 2021). "4 unanswered questions about the mysterious company that began managing a big chunk of the internet minutes before Biden was sworn in". Business Insider. Retrieved 26 October 2021. Global Resource Systems LLC was created in September and has no prior government contracts. The company also does not have an online presence or a business license where it is registered in Plantation, Florida, though the company filed paperwork in October, for incorporation in Delaware. The name on the company's business papers, Raymon Saulino, matches a name tied to Packet Forensics. Packet Forensic had nearly $40 million in federal contracts over the past 10 years. It currently sells intercept equipment that allows law enforcement agencies to selectively wiretap individuals. The company received national attention in 2011 when a Wired story reported Packet Forensics was selling an application to the federal government that could spy on people's online browsers. Global Resource Systems LLC also has the same name as a firm that shut down over 10 years ago and was sending out email spam, internet fraud researcher Ron Guilmette told Associated Press. The company had the same street address and used the same internet routing identifier.
  23. ^ Naraine, Ryan (29 April 2021). "Doug Madory on the mysterious AS8003 global routing story". Security Conversations.
  24. ^ Bajak, Frank (25 April 2021). "The big Pentagon internet mystery now partially solved". Associated Press. Retrieved 26 October 2021.

External links

  • Kentik blog (November 2020 – present)
  • Oracle blog (April 2017-November 2020)
  • Dyn blog (May 2014-April 2017)
  • Renesys blog (October 2009-May 2014)