Doug Madory

Doug Madory is an American Internet routing infrastructure expert, who specializes in analyzing Internet Border Gateway Protocol (BGP) routing data to diagnose Internet routing disruptions, such as those caused by communications fiber cable cuts, routing equipment failures, and governmental censorship. His academic background is in computer engineering, and he was a signals specialist in the U.S. Air Force, before arriving at his present specialty, which has occupied his professional career.

Education
Madory received a bachelor's degree in computer engineering from the University of Virginia in 1999. He received a master's degree in computer engineering from Dartmouth College in 2006.

Career
Madory joined Internet intelligence and technical analysis firm Renesys in 2009. Renesys was sold to DynDNS in May 2014, which in turn was sold to Oracle in April 2017. Madory remained in the same Director of Internet Analysis position throughout each of these transitions, before leaving Oracle to join Kentik in November 2020, in much the same role.

Discoveries
Madory is best known for the discoveries that are the product of his Internet routing analysis: sometimes of interesting new phenomena on the Internet and sometimes of malfeasance online.

ALBA-1 cable activation
In 2013, Madory observed that Internet connection speeds in Cuba had suddenly improved. His investigation revealed that the ALBA-1 undersea fiber cable, which had been run from Venezuela to Cuba by the Venezuelan government in 2010 and 2011, had been activated following an unexplained dormancy of two years. This cable, linking the Cuban domestic network to the Internet via Telefonica, was Cuba's first non-satellite international connection, and was a major milestone in Cuba's liberalization. Uncharacteristically, the Cuban state organ Granma issued a confirmation two days later.

National Internet shutdowns to prevent exam cheating
Madory observed daily nationwide Internet shutdowns in Iraq for three hours each morning for several consecutive days, on the same dates in 2014 and 2015, and discovered that the government had mandated the shutdowns to coincide with gradeschool final examinations, in order to hamper test cheating. He has subsequently observed the same events in Syria.

BackConnect IP address and BGP route hijacking
In 2016, Madory collaborated with cybersecurity journalist Brian Krebs in an investigation of the Mirai botnet and DDoS attacks. In the course of that investigation, they discovered that DDoS mitigation firm BackConnect was engaging in "hack back" cyber-attacks against alleged DDoS perpetrators, engaging in the BGP hijacking of IP prefixes and routes, specifically those of vDOS, an Israeli "booter" DDoS-for-hire service hosted by Cloudflare. In the wake of publication, both Krebs and Madory's employer Dyn  suffered retaliatory DDoS attacks.

Global Resource Systems IP address hijacking
On January 20, 2021, Madory observed a previously unknown Delaware shell company launching a process which would ultimately BGP advertise more than 175 million IPv4 addresses. Worth $5.6 billion at February 2021 prices, this was by far the largest aggregate block on the Internet, more than twice the size of Comcast. The addresses belonged to the US Department of Defense, so this initially appeared to be the largest IP address hijacking in history. Madory's analysis identified a stranger situation, though: the shell company, "Global Resource Systems," was in fact contracted to the DoD, but was one of a family of shell companies controlled by Rodney Joffe which were exposed by the indictment of Michael Sussmann and depositions conducted by Alfa-Bank, ongoing in parallel at the time of the apparent hijacking. What appeared to be a simple, if vast, IP address hijacking turned out to instead be a DoD contracting scandal linked to an election disinformation scandal.