CEO of Brazilian DDoS Protection Firm Denies Role in Attacks, Blames Breach and Rivals

Exclusive: Huge Networks CEO Says Security Breach Behind Botnet Attacks

SÃO PAULO, Brazil — The CEO of a Brazilian cybersecurity firm that specializes in DDoS protection has denied involvement in a sustained botnet campaign targeting internet service providers across the country, claiming a security breach is to blame.

Huge Networks, a Miami-founded ISP with operations centered in Brazil, has been secretly compromised for years by an unknown threat actor who built a powerful DDoS botnet using the company's own infrastructure, according to documents obtained by KrebsOnSecurity.

“Our systems were violated,” said CEO Ricardo Santos, speaking exclusively to this reporter. “This was likely the work of a competitor trying to destroy our reputation.”

The Exposed Evidence

Earlier this month, a trusted source who requested anonymity shared a file archive found in an open directory online. The archive contained Portuguese-language Python malware and the private SSH authentication keys of Huge Networks' CEO.

Security analysts who reviewed the archive confirmed that the malware was designed to scan the internet for vulnerable routers and misconfigured DNS servers, then recruit them into a botnet used for massive DDoS attacks.

“The scale of this operation is alarming,” said Dr. Ana Costa, a cybersecurity researcher at the University of São Paulo. “The attacker had root access to Huge Networks' core infrastructure for an extended period.”

Background: DNS Amplification Attacks

DNS reflection attacks exploit open DNS servers that respond to queries from any internet address. Attackers send spoofed requests that appear to originate from the target, causing the server to flood the victim with responses.

When combined with the EDNS0 protocol extension, a small query of under 100 bytes can trigger a response 60 to 70 times larger. This amplification effect is multiplied across thousands of compromised devices, generating powerful traffic floods.

“These attacks have plagued Brazilian ISPs for years,” said Marcos Oliveira, a network engineer at a major Brazilian telecom. “Now we finally have a lead on the infrastructure behind them.”

What This Means

The revelation raises serious questions about the security of anti-DDoS providers themselves. If a company specializing in mitigation can be compromised, its customers are indirectly at risk.

Huge Networks has not previously appeared in public abuse complaints or been linked to DDoS-for-hire services. But the archive shows the company’s systems were actively used to build and direct attacks against other Brazilian network operators.

“This is a wake-up call for the entire industry,” Costa added. “Trust in DDoS protection firms must be backed by rigorous security audits, not just marketing.”

Next Steps

Huge Networks says it is cooperating with Brazilian law enforcement and has implemented additional security measures since discovering the breach. The company declined to comment on whether the attacker has been identified.

Security experts recommend that all ISPs review their DNS server configurations and disable recursive queries for external IPs where possible. Botnet take-down efforts are ongoing, but the full extent of the compromise remains unknown.