What makes bulletproof hosters so dangerous

There are providers on the internet who advertise with a dangerous promise: "You are safe with us - completely anonymous, no cooperation with the authorities." These services are called bulletproof hosting providers (BPH for short). And this has nothing to do with data protection, but with a clear business model: they offer cyber criminals a safe haven where they can carry out their illegal activities undisturbed.

In contrast to normal hosters that operate websites, stores or cloud services, bulletproof hosters deliberately look the other way - or even encourage the activities. This technology is used for ransomware attacks, phishing campaigns, controlling botnets and even distributing abusive material, among other things. The perpetrators often remain in the background - and this is precisely what makes these hosters so attractive to them.

Access in the Netherlands: Thousands of servers shut down

As reported by heise.de, the Dutch authorities have now struck a major blow. In a large-scale operation, around 250 physical servers running thousands of virtual systems were seized in data centers in The Hague and Zoetermeer. The network was apparently used exclusively for criminal purposes and was part of over 80 investigations worldwide - including cases of blackmail, data theft and online fraud.

The confiscated servers are now being closely examined. The seizure has destroyed a dangerous part of the infrastructure that had been used for years to carry out harmful activities. As a result, criminal groups now lack an important technical refuge.

Pressure from abroad: sanctions against Russian suppliers

But it's not just the Dutch police that are cracking down. The air is also getting thinner internationally for such providers. The USA, the UK and Australia have jointly imposed sanctions against three Russian companies that are alleged to act as bulletproof hosters - including the provider "Media Land". According to the authorities, these companies have deliberately collaborated with cyber criminals and provided them with IT infrastructure.

The sanctions include the freezing of assets. Banks are also warned that they could get into trouble themselves if they do business with these companies. The aim is clear: to cut the flow of money, withdraw technology and dry up the networks.

How network operators can better protect themselves

In addition, the US authority CISA, together with international partners, has published specific recommendations on how to better protect against the risks posed by bulletproof hosting - especially for Internet providers and network operators. These include measures such as:

• Keep lists of known malicious IP addresses
• Detect and block suspicious data traffic
• Check logs and log data regularly
• Share information about attacks with other operators

The aim is to detect potentially harmful activities more quickly and combat them together. This sounds technical, but in practice it is extremely effective in disrupting such networks before they cause damage.

How we classify this

For years, these hosters have operated in the shadows - under the guise of "data protection" and "technical neutrality". But anyone who offers server space for blackmail, fraud and abuse is not a neutral service provider. They are accomplices. Such providers should not only be taken off the net, but also held accountable. The good news is that if law enforcement officers act decisively and states work together, it will work. And the bad news? It was long overdue.

Source: heise.de