Bulletproof hosting site shut down by Polish police

14 Aug 2023

Image: © kichigin19/Stock.adobe.com

Authorities claim the site was used to conduct various cyberattacks worldwide, while it maintained a don’t ask, don’t tell’ philosophy.

Polish authorities have seized all the servers of LolekHosted, a bulletproof hosting site that was allegedly used to launch cyberattacks worldwide.

Police arrested five suspects linked to the site and have seized the website’s domain. The operation followed a “complex investigation” which was supported by Europol and the US FBI.

Bulletproof hosting is similar to regular web hosting and involves providing online infrastructure for others. But unlike regular web hosting, bulletproof operators are far more lenient on what customers use the rented domains for.

Software security provider Norton describes bulletproof hosting as a ‘don’t ask, don’t tell’ philosophy. With different laws in different countries, Norton said this can lead to legal grey areas that “allow the owners to claim immunity to what their customers host”.

Europol claims the LolekHosted site was used to facilitate various types of cyberattacks. This includes the distribution of malware, DDoS attacks, fictitious online shops, botnet server management and spam messages.

“The suspects marketed privacy as a key feature of this service, using slogans such as “You can host anything here” and “no-log policy”,” Europol said. “However, being willing to ignore the transgressions of clients does not mean that law enforcement will take the same stance.”

The US department of justice claims ransomware was spread from the site, including one variant called NetWalker. The department claims NetWalker has been used against roughly 400 victims including hospitals, emergency services and educational institutions.

The department also claims the total ransom payouts from NetWalker is believed to be roughly $146m, which was paid in the form of bitcoin.

“LolekHosted clients used its services to execute approximately 50 NetWalker ransomware attacks on victims located all over the world, including in the middle district of Florida,” the US department said.

“Specifically, clients used the servers of LolekHosted as intermediaries when gaining unauthorised access to victim networks and to store hacking tools and data stolen from victims.”

Authorities around the world continue to clamp down on cybercriminal activities. Last week, Interpol said it shut down a notorious ‘phishing-as-a-service’ platform that sold hacking tools to criminals worldwide.

10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.

Leigh Mc Gowran is a journalist with Silicon Republic