Dutch police shut down bulletproof service hosting tens of DDoS botnets

Dutch police seized a bulletproof hosting service in a major takedown, the infrastructure was used by tens of IoT botnets involved in DDoS attacks.

A joint operation conducted by the Netherlands’ National Criminal Investigation Department and National Cyber Security Center allowed to track down and seize five servers that were composing a cybercrime underground bulletproof hosting service.

The servers were hosted at an unnamed data center in Amsterdam, it was used by tens of IoT botnets involved in DDoS attacks worldwide. The bulletproof hosting service was used to host malware and command and control systems of several DDoS botnets.

“Middelburg, Veendam, Amsterdam, Driebergen – The police has taken five servers offline that were used to control a version of a so-called botnet.” reads the press release published by the Dutch police. “The hardware was seized and the business operations stopped. A 24-year-old man from Veendam and a 28-year-old man from Middelburg were arrested on Tuesday evening. They are suspected of, among other things, computer breach and the spread of malware.”

Authorities revealed that they have received more than three thousand reports of malware spread through the bulletproof hosting service.over a period of one year.

The authorities also arrested two Dutch nationals who had been running a Mirai botnet from the servers of KV Solutions BV (KV hereinafter) bulletproof hosting service.

In this case, the police say, the people controlling those servers were a pair of Dutch nationals who had been running a Mirai botnet with cover from the bulletproof host.

“The investigation also revealed that this botnet was very aggressively trying to infect other devices, up to over a million attempts per month on one device,” the translated police statement reads.

“The investigation also revealed that this botnet was very aggressively trying to infect other devices, up to over a million attempts per month on one device. Which DDoS attacks can be attributed to this botnet is part of the further investigation.” continues the statement.

Authorities are analyzing the seized servers and the data they contain will likely lead to the arrests of other players in the cybercrime underground.

[adrotate banner=”9″]

[adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – bulletproof hosting service, malware)

[adrotate banner=”5″]

[adrotate banner=”13″]

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.