Categories
Cybercrime

Bulletproof hosting targeted by international investigators

Cybercrime is changing more and more, not only in terms of the increasingly monetized and professionalized approach, but also in the investigators’ approach: Whereas in the past the focus was on perpetrators and also delimitable perpetrator structures, today, in my view, it is increasingly infrastructures that are the focus.

Hosting services, which Europol also refers to as “criminal hideouts for hire,” seem to be in particular focus: Bulletproof hosting is a service where an online infrastructure is offered and operators usually turn a blind eye to what customers use their rented domains for.

However, the willingness to ignore customers’ violations does not mean that one goes unpunished. In German law in particular, the line between “negligent” and “intentional” action is very fluid and is not infrequently left to the judge. The legal situation is now quite complex: anyone who deliberately (and this can include “looking the other way”!) promotes other criminal acts through their activities is liable to prosecution for aiding and abetting. The range of punishment is based on that of the principal offender, but is mitigated.

If, in any case, one had to seriously consider that one’s own platform is being used for criminal acts without knowing or supporting specific acts, one will face the accusation of “operating criminal trading platforms on the Internet” under Section 127 of the Criminal Code. A particularly well-known case in Germany was the Cyberbunker, which resulted in various other proceedings.

Quelle: EUROPOL PM

Lokel hosting example: investigators’ approach

Europol reports that Poland’s Central Cybercrime Bureau, under the supervision of the District Prosecutor’s Office in Katowice, recently took action against LolekHosted.net, a bulletproof hosting service used by criminals worldwide for cyberattacks.

The complex investigation into LolekHosted.net revealed that the service enabled the distribution of malware to steal information, carry out distributed denial of service (DDoS) attacks, set up fictitious online stores, manage botnet servers and distribute spam messages worldwide. The suspects advertised with slogans such as “You can host anything here!” and “no-log policy,” touting privacy as the main feature of the service. Payment was to be made in cryptocurrencies.

Europol’s European Cybercrime Center (EC3) said it provided analytical support by linking available data to various criminal cases inside and outside the EU and assisting investigations through operational analysis, crypto tracing, and forensic analysis.

The Joint Cybercrime Action Taskforce (J-CAT), based at Europol headquarters, facilitated information sharing. This permanent operational team is composed of cybercrime liaison officers from different countries working on high-profile cybercrime investigations.

German Lawyer Jens Ferner (Criminal Defense & IT-Law)