CEO of Brazilian DDoS Protection Firm Denies Role in Attacks, Blames Breach and Rivals
Exclusive: Huge Networks CEO Says Security Breach Behind Botnet Attacks
SÃO PAULO, Brazil — The CEO of a Brazilian cybersecurity firm that specializes in DDoS protection has denied involvement in a sustained botnet campaign targeting internet service providers across the country, claiming a security breach is to blame.
Huge Networks, a Miami-founded ISP with operations centered in Brazil, has been secretly compromised for years by an unknown threat actor who built a powerful DDoS botnet using the company's own infrastructure, according to documents obtained by KrebsOnSecurity.
“Our systems were violated,” said CEO Ricardo Santos, speaking exclusively to this reporter. “This was likely the work of a competitor trying to destroy our reputation.”
The Exposed Evidence
Earlier this month, a trusted source who requested anonymity shared a file archive found in an open directory online. The archive contained Portuguese-language Python malware and the private SSH authentication keys of Huge Networks' CEO.
Security analysts who reviewed the archive confirmed that the malware was designed to scan the internet for vulnerable routers and misconfigured DNS servers, then recruit them into a botnet used for massive DDoS attacks.
“The scale of this operation is alarming,” said Dr. Ana Costa, a cybersecurity researcher at the University of São Paulo. “The attacker had root access to Huge Networks' core infrastructure for an extended period.”
Background: DNS Amplification Attacks
DNS reflection attacks exploit open DNS servers that respond to queries from any internet address. Attackers send spoofed requests that appear to originate from the target, causing the server to flood the victim with responses.
When combined with the EDNS0 protocol extension, a small query of under 100 bytes can trigger a response 60 to 70 times larger. This amplification effect is multiplied across thousands of compromised devices, generating powerful traffic floods.
“These attacks have plagued Brazilian ISPs for years,” said Marcos Oliveira, a network engineer at a major Brazilian telecom. “Now we finally have a lead on the infrastructure behind them.”
What This Means
The revelation raises serious questions about the security of anti-DDoS providers themselves. If a company specializing in mitigation can be compromised, its customers are indirectly at risk.
Huge Networks has not previously appeared in public abuse complaints or been linked to DDoS-for-hire services. But the archive shows the company’s systems were actively used to build and direct attacks against other Brazilian network operators.
“This is a wake-up call for the entire industry,” Costa added. “Trust in DDoS protection firms must be backed by rigorous security audits, not just marketing.”
Next Steps
Huge Networks says it is cooperating with Brazilian law enforcement and has implemented additional security measures since discovering the breach. The company declined to comment on whether the attacker has been identified.
Security experts recommend that all ISPs review their DNS server configurations and disable recursive queries for external IPs where possible. Botnet take-down efforts are ongoing, but the full extent of the compromise remains unknown.
Related Articles
- Cybersecurity Week 19: Landmark Sentencings and a Sophisticated Cloud Credential Thief
- Breaking: Session Timeout Flaws Lock Out Millions of Disabled Users – Experts Call for Urgent Fix
- Yarbo's Promise: A Detailed Plan to Secure Their Robot Mowers After Critical Vulnerability
- Google Revamps Bug Bounty Program: Now Pays Up to $1.5 Million for Top Android Exploits
- Everything About Learning from the Vercel breach: Shadow AI & OAuth sprawl
- Everything About New Wave of DPRK Attacks Uses AI-Inserted npm Malware, Fake ...
- Partial Fix for 'Dirty Frag' Vulnerability Rolls Out in New Stable Kernel Releases
- Foxconn Cyberattack Exposes Data from Major Tech Firms, Apple Remains Unscathed