Authorities in Germany this week shut down the services of a bulletproof hosting provider set up in a former NATO bunker that went five floors underground.

The bunker was acquired in 2013 and managed by a Dutch national believed to have ties with organized crime in the Netherlands, who turned it into a heavily secured data center for illegal purposes.

A bulletproof hosting provider rents hosting services with no restrictions to the nature of the content uploaded or distributed, or the type of business conducted.

They are the alternative to regular providers that have strict rules against illegal endeavors and often do not respond to requests from authorities.

Huge building for many servers

On a 3.2 acre property in Traben-Trabach on the banks of Mosel river, the building itself has 5,000 square meters. To keep unauthorized people outside the perimeter, the area is surrounded by a fence with barb wire and video surveillance cameras allowed monitoring of third-party activity.

It is believed that around 2,000 servers were hosting websites available through the dark web for selling illegal services and products. Some sources say that the police found empty racks already mounted and waiting for new servers.

Empty racks waiting for new servers were installed, indicating that the operators were planning on extending their service.

Ill assortment of customers

The raid on the former NATO bunker turned into a cybercriminal datacenter took place on Thursday and involved about 650 law enforcement agents.

200 servers were seized in the operation, along with documents, mobile phones, and cash. Access to these machines was no easy task but the police were able to do it and found sites that sold drugs, weapons, fake documents, stolen data, and illegal adult content.

Customers of this business include marketplaces and forums actively involved in distributing illegal products, from guns and drugs to cybercriminal-related services and tools.

Among the marketplaces and forums that rented a server were Wall Street Market (darknet market considered second-largest and seized in spring) drug-selling sites Cannabis Road and Fraudsters.

Other platforms dealing synthetic drugs OrangeChemicals, AceChemStore and Lifestyle Pharma were also on the list of clients, according to Welt German television.

Half the group arrested

A 59-year old Dutchman was the operator of the bunker and started the business at the end of 2013, said regional police chief Johannes Kunz. He was living there, although his residence was in Singapore.

There are 13 suspects in the investigation, aged between 20 and 59. Seven of them are currently in police custody, six men and one woman, under the suspicion of belonging to a criminal organization that facilitated distribution and storage of illegal content.

Koblenz Attorney General, Jürgen Brauer, on Friday highlighted that running a datacenter that hosts illegal material is not against the German law.

To get a conviction, the prosecutors have to prove that the operators were aware of the felonious behavior of their customers.

As for going after the customers of this bulletproof hosting service, Kunz said that the amount of data the police got from the raid was huge and that it could take months or even years to process it.

 

Related Articles:

Dark Web Monitoring: What's the Value?

Intel and Lenovo servers impacted by 6-year-old BMC flaw

Ransomware as a Service and the Strange Economics of the Dark Web

Admin of major stolen account marketplace gets 42 months in prison

Ukraine claims it hacked Russian Ministry of Defense servers