European and U.S. law enforcement agencies have announced the dismantling of a bulletproof hosting service provider called Lolek Hosted, which cybercriminals have used to launch cyber-attacks across the globe.
“Five of its administrators were arrested, and all of its servers seized, rendering LolekHosted.net no longer available,” Europol said in a statement.
“The service facilitated the distribution of information-stealing malware, and also the launching of DDoS (distributed denial of service) attacks, fictitious online shops, botnet server management, and distribution of spam messages worldwide,” it added.
Polish authorities, who made the arrests, said three other detainees have been subjected to preventive measures in the form of police supervision, bail, and a ban on leaving the country. Alongside the arrests, hundreds of servers containing terabytes of data, computer equipment, and mobile phones have been confiscated.
The seizure, carried out on August 8, 2023, serves as an indicator of the intensifying efforts undertaken by governments to disrupt the foundations of cybercriminal networks and neuter avenues for illegitimate gains.
Central to Lolek Hosted’s offerings were its privacy and anonymity features that promised a no-log policy and the ability to make payments in cryptocurrencies.
Bulletproof hosting services have long been contentious owing to the fact that operators of such platforms tend to willingly turn a blind eye to the kind of content that could be uploaded and distributed via the domains rented by their customers.
This has made them attractive havens for criminal groups looking to disseminate malware, orchestrate botnet attacks, as well as execute myriad kinds of cybercrime and fraud.
According to the U.S. Department of Justice (DoJ), Lolek Hosted “facilitated the operation of ransomware attacks and the subsequent laundering of the illicit proceeds.”
Artur Karol Grabowski, its 36-year-old founder, has been accused of allowing clients to register accounts using false information, ignoring abuse complaints filed by third-parties against clients, and notifying clients of legal inquiries received from law enforcement.
“Grabowski registered the domain ‘LolekHosted.net’ in 2014, and advertised that its services were ‘bulletproof,’ provided ‘100% privacy hosting,’ and allowed clients to host ‘everything except child porn,'” the DoJ said in a coordinated press statement.
Lolek Hosted is also alleged to have aided in the execution of approximately 50 NetWalker ransomware attacks, with the servers used as intermediaries by its customers when gaining unauthorized access to target networks and to store hacking tools and data stolen from victims.
If convicted on all counts of computer fraud conspiracy, wire fraud conspiracy, and international money laundering, Grabowski, who remains a fugitive, faces a maximum penalty of 45 years in prison. He is also the subject of a $21.5 million seizure order.
The joint endeavor comes as Europe and the U.S. have made it a point in recent years to take down criminal infrastructures abetting threat actors to conduct malicious activities, including brute-force, distributed denial-of-service (DDoS), phishing, and ransomware attacks.
It also follows the sentencing of Mihai Ionut Paunescu in June 2023 for operating another bulletproof hosting service named PowerHost[.]ro service that enabled the deployment of Gozi, BlackEnergy, SpyEye, and Zeus backdoors.