Doug Madory is an American Internet routing infrastructure expert, who specializes in analyzing Internet

Border Gateway Protocol Border Gateway Protocol (BGP) is a standardized exterior gateway protocol designed to exchange routing and reachability information among autonomous systems (AS) on the Internet. BGP is classified as a path-vector routing protocol, and it ...

(BGP) routing data to diagnose Internet routing disruptions, such as those caused by communications fiber cable cuts, routing equipment failures, and governmental censorship. His academic background is in computer engineering, and he was a signals specialist in the U.S. Air Force, before arriving at his present specialty, which has occupied his professional career.

Education

Madory received a bachelor's degree in computer engineering from the

University of Virginia The University of Virginia (UVA) is a Public university#United States, public research university in Charlottesville, Virginia, United States. It was founded in 1819 by Thomas Jefferson and contains his The Lawn, Academical Village, a World H ...

in 1999. He received a master's degree in computer engineering from

Dartmouth College Dartmouth College ( ) is a Private university, private Ivy League research university in Hanover, New Hampshire, United States. Established in 1769 by Eleazar Wheelock, Dartmouth is one of the nine colonial colleges chartered before the America ...

in 2006, where his thesis was on "New Methods of Spoof Detection in 802.11b Wireless Networking".

Career

Madory joined Internet intelligence and technical analysis firm Renesys in 2009. Renesys was sold to

DynDNS Dyn, Inc. () was an Internet IT performance management, performance management company that also dealt with web application security, offering products to monitor, control, and optimize Critical Internet infrastructure, online infrastructure, an ...

in May 2014, which in turn was sold to

Oracle An oracle is a person or thing considered to provide insight, wise counsel or prophetic predictions, most notably including precognition of the future, inspired by deities. If done through occultic means, it is a form of divination. Descript ...

in April 2017. Madory remained in the same Director of Internet Analysis position throughout each of these transitions, before leaving Oracle to join

Kentik Kentik is an American network observability, network monitoring and anomaly detection company headquartered in San Francisco, California. History Kentik was founded in 2014 as CloudHelix by Co-founders Avi Freedman, Ian Applegate, Ian Pye, and ...

in November 2020, in much the same role.

Discoveries

Madory is best known for the discoveries that are the product of his Internet routing analysis: sometimes of interesting new phenomena on the Internet and sometimes of malfeasance online.

ALBA-1 cable activation

In 2013, Madory observed that Internet connection speeds in

Cuba Cuba, officially the Republic of Cuba, is an island country, comprising the island of Cuba (largest island), Isla de la Juventud, and List of islands of Cuba, 4,195 islands, islets and cays surrounding the main island. It is located where the ...

had suddenly improved. His investigation revealed that the ALBA-1 undersea fiber cable, which had been run from

Venezuela Venezuela, officially the Bolivarian Republic of Venezuela, is a country on the northern coast of South America, consisting of a continental landmass and many Federal Dependencies of Venezuela, islands and islets in the Caribbean Sea. It com ...

to Cuba by the Venezuelan government in 2010 and 2011, had been activated following an unexplained dormancy of two years. This cable, linking the Cuban domestic network to the Internet via Telefonica, was Cuba's first non-satellite international connection, and was a major milestone in Cuba's liberalization. Uncharacteristically, the Cuban state organ Granma issued a confirmation two days later.

National Internet shutdowns to prevent exam cheating

Madory observed daily nationwide Internet shutdowns in

Iraq Iraq, officially the Republic of Iraq, is a country in West Asia. It is bordered by Saudi Arabia to Iraq–Saudi Arabia border, the south, Turkey to Iraq–Turkey border, the north, Iran to Iran–Iraq border, the east, the Persian Gulf and ...

for three hours each morning for several consecutive days, on the same dates in 2014 and 2015, and discovered that the government had mandated the shutdowns to coincide with grade school final examinations, in order to hamper test cheating. He has subsequently observed the same events in

Syria Syria, officially the Syrian Arab Republic, is a country in West Asia located in the Eastern Mediterranean and the Levant. It borders the Mediterranean Sea to the west, Turkey to Syria–Turkey border, the north, Iraq to Iraq–Syria border, t ...

BackConnect IP address and BGP route hijacking

In 2016, Madory collaborated with cybersecurity journalist

Brian Krebs Brian Krebs (born 1972) is an American journalist and investigative reporter. He is best known for his coverage of profit-seeking cybercriminals.Perlroth, Nicole.Reporting From the Web's Underbelly. ''The New York Times''. Retrieved February 2 ...

in an investigation of the

Mirai botnet Mirai (from the Japanese word for "future", 未来) is malware that turns networked devices running Linux into remotely controlled bots that can be used as part of a botnet in large-scale network attacks. It primarily targets online consumer dev ...

and

DDoS attacks In computing, a denial-of-service attack (DoS attack) is a cyberattack in which the perpetrator seeks to make a machine or network resource unavailable to its intended users by temporarily or indefinitely disrupting services of a host conne ...

. In the course of that investigation, they discovered that

DDoS mitigation DDoS mitigation is a set of network management techniques and tools for resisting or mitigating the impact of distributed denial-of-service (DDoS) attacks on networks attached to the Internet by protecting the target and relay networks. DDoS atta ...

firm BackConnect was engaging in " hack back" cyber-attacks against alleged DDoS perpetrators, engaging in the BGP hijacking of IP prefixes and routes, specifically those of vDOS, an Israeli "booter" DDoS-for-hire service hosted by

Cloudflare Cloudflare, Inc., is an American company that provides content delivery network services, cybersecurity, DDoS mitigation, wide area network services, reverse proxies, Domain Name Service, ICANN-accredited domain registration, and other se ...

. In the wake of publication, both Krebs and Madory's employer Dyn suffered retaliatory DDoS attacks.

Global Resource Systems IP address hijacking

On January 20, 2021, Madory observed a previously unknown Delaware shell company launching a process which would ultimately BGP advertise more than 175 million IPv4 addresses. Worth $5.6 billion at February 2021 prices, this was by far the largest aggregate block on the Internet, more than twice the size of

Comcast Comcast Corporation, formerly known as Comcast Holdings,Before the AT&T Broadband, AT&T merger in 2001, the parent company was Comcast Holdings Corporation. Comcast Holdings Corporation now refers to a subsidiary of Comcast Corporation, not th ...

. The addresses belonged to the US Department of Defense, so this initially appeared to be the largest IP address hijacking in history. Madory's analysis identified a stranger situation, though: the shell company, "Global Resource Systems," was in fact contracted to the DoD, but was one of a family of shell companies controlled by

Rodney Joffe Rodney Joffe is a South African/American entrepreneur and cybersecurity expert. He is a recipient of the FBI's Director's Award for Outstanding Cyber Investigation for his role in uncovering the Mariposa botnet. Early life Joffe was born in Sou ...

which were exposed by the indictment of

Michael Sussmann Michael A. Sussmann (born 1964) is the Chair of the Privacy and Cybersecurity Practice at Fenwick & Wes He is a former Assistant United States Attorney, federal prosecutor and a former partner at the law firm Perkins Coie, who focused on privac ...

and depositions conducted by

Alfa-Bank Alfa-Bank JSC () is the largest of the private banks in Russia. It was founded in 1990 by Russian businessman Mikhail Fridman, who remains the controlling owner. Headquartered in Moscow, it operates in seven countries, providing financial servi ...

, ongoing in parallel at the time of the apparent hijacking. What appeared to be a simple, if vast, IP address hijacking turned out to instead be a DoD contracting scandal linked to an election disinformation scandal.

Patents

* * *