Reminds me of that fun time I had to explain to my boss that providing a 'russian contact' of his with a number of servers that would have some sort of 'remote kill switches to delete everything', probably wasn't a smart venture for our hosting business. At some point the cops will come knocking :)
Check your local laws on cryptography and destruction of evidence before trying this. You may still be legally obliged to decrypt the material or go to jail.
Is it just me, or are the majority of raids of malware/botnet hosters typically in the EU? I mean just 6 days ago a raid was cunducted on a old NATO bunker in Germany. https://news.ycombinator.com/item?id=21090549
Is it that it's easier to become a hosting provider there with more protections (rights) and/or does America/NA lack the legal authority/process to conduct as many raids. Obviously eastern Eurupe/Russia is the wild west but I'm just suprised how much comes out of western Europe.
I'm curious why Eastern Europe/Russia are the wild west of douchey internet behavior. I mean there are seemingly endless bulletproof hosting providers. Who wakes up in the morning with the ultimate goal of being slimy on purpose like that? And why are there so many of them concentrated in Russia/Eastern Europe?
I'd assume that the ultimate goal that motivates most of them is to make money to improve other parts of their lives.
That often boils down to reaping the gains and externalizing the costs, which these hosting solutions seem to do fairly well for their owners (though perhaps not for the operators that get caught up in the eventual stings).
In talking with a guy that was trying to sell me data center space in a Ukranian data center, his pitch was that that as long as your activities targeted "western" countries you could host activities that more local data centers might disallow in their TOS.
He pointed out that they turned off the local DNS function when ever someone was in the building who wasn't a customer. I found that somewhat strange at first and then realized that it was essentially a "bell ringer" protocol for people who might want to wipe their servers in the event of people being there that didn't belong.
As far as I know, it's at least partially because Russia doesn't extradite citizens and doesn't respond to other countries requesting they investigate.
If you think about it from the host countries’ perspective, stealing money from foreigners or nefariously affecting them doesn’t harm the hosts much but can bring in a lot of money to their economies.
Bandwidth tends to be cheaper in EU. This has nothing to do with legal protections and everything to do with operating costs.
>Obviously eastern Eurupe/Russia is the wild west
What? Maybe if you’re talking about the users, but definitely not true for hosts. And I definitely wouldn’t call any of the eastern EU states the “wild west”.
People mine on systems that they do not own. Try leaving SSH open with weak credentials, or use any software with a recently disclosed RCE. It won't be long until somebody drops a Monero miner.
Perhaps a virus that uses the computers of unaware victims to crypto-mine. If you infect enough people, I guess you'd stand a chance. Not sure if targeting iot would be the best move for that, and the article seems to insinuate that this was mostly iot based malware, so I don't know.
Because law enforcement tends to reach for the law as their tool of choice. And since crimes were committed, their goals include not just "stop it from happening again" but also "prosecute", which needs evidence that cannot be obtained by a routing patch.
I thought the initial `D` in DDOS sttod for "distributed".
The article reports about "DDoS botnets operating on KV's infrastructure". Wouldn't "DDoS botnets operated from KV's infrastructure" be a better description?
I love how they don't tell the full name of Marco B. and Angelo K., but do tell that they companies were called "Bos IT Holding BV" and "Kreikamp IT Holding BV".
I can second this. You don't read the full names of suspects (!) in a newspaper in Germany. I believe this is actually due to the law here (e.g. if they're innocent, their name is not ruined). That is somewhat relaxed, as long as they're not a public figure (e.g. no one would say "Angela M. is suspected to be a physicist" if it's about the German Chancellor) and as long as it's clear from the article that they're not (yet) convicted.
Well I dunno about germany but over here in the netherlands there's no real law about not using full names. However if a paper does use someones full name and then that person gets their reputation ruined they will usually get a lower sentence if guilty. The idea being that getting your reputation ruined is a punishment in itself.
There is currently a court case against a drugs kingpin where one of the reputable newspapers does mention his full name, but each time followed by "-- the suspect's lawyer has indicated the suspect has no objection to his full name being used" (once per article of course)
"Proper" newspapers don't, but yellow press (e.g. BILD) which is consumed by a large chunk of the German population doesn't really care that much about preserving privacy or correctly reporting on conviction status.
It’s a normal Dutch last name.
Also, the naming of the holdings is the same. So they probably registered it at the same time. Anyway, information can always be checked at the chamber of commerce
It costs 2.50 to check the names of the owners of these companies at the chamber of commerce if that makes you doubt whether or not it's actually the name. This means that the owners were effectively outed by the publication anyway.
Not really, the point of Dutch privacy law (and similar EU laws) in this context is not to deter a dedicated investigator, but to merely put enough of a hurdle in place that everyone reading the article won't see the names of suspects, and they won't show up in web searches etc.
Iirc it's not even an actual law, more of an agreement between all news organizations to not publish names like that. I seem to recall Geenstijl(Dutch "news" site) publishing full names and not getting in trouble over it.
If the bar for being a "dedicated investigator" is copy-pasting a string and paying 2.50, I think we just have different views on this. Your views about the intent of specific laws aren't relevant, as there are AFAIK no laws about news publications that apply to what we are talking about.
Not mentioning lastnames is only a convention by journalists and the media. Publishing lastnames in the media is not a violation of the law. News website geenstijl.nl regularly publishes full names of suspects or criminals.
The convention already existed before the internet.
There is a difference between ignoring abuse reports and being immune to a raid by law enforcement. For these authors there is a trade-off between convenience, cost and security: using already available infrastructure is probably easier than to set up your own complicated hosting solution.
If any of them end up getting caught because of the information gathered by this raid they obviously misvalued one of these aspects in their trade-off analysis. Humans all make mistakes.
In order to keep a coherent network, most (all?) P2P infrastructure still requires some centralized resource to seed initial peers etc for a node. You would still have a single point of failure, if not for the network, at least for your control of it.
