CyberBunker

from Wikipedia, the free encyclopedia

CyberBunker was a commercial internet service provider based in the Netherlands and Germany . The company, which is closely associated with criminal activities, advertised its highly secure services and operated its infrastructure twice over several years each in former military facilities.

After five years of investigation, the underground facility was taken out of service by the police in September 2019. After the cyberbunker was compromised, there were at least 227 follow-up proceedings against customers of the cyberbunker.

CyberBunker in the Netherlands

CyberBunker entrance area in Kloetinge , Netherlands
CyberBunker entrance area
CyberBunker Data Center

According to its own information, CyberBunker was founded in 1996 in the Netherlands. Sven Olaf Kamphuis, known as an internet criminal since 2013 , and Herman Johan Xennt are named as executives.

First bunker location

It was named after the first location that the company acquired. This involved a former NATO - command bunker in the Dutch municipality Kloetinge in the province of Zeeland , which was built to house sensitive electronic equipment and even after a nuclear strike to operate. This bunker was built in 1955 and closed in 1996. In addition, there are specially fastened and biometrically protected doors, two emergency power generators (2 MW ) and enough fuel to ensure the operation of the system independently , air filters as NBC protection , and space for large supplies of drinking water and food.

After its closure in 1996, this military bunker was sold to the CyberBunker company, which renovated it and set up its data center in it, which went into operation in 2000. A private, highly secure data center with EMP shielding was then operated in the CyberBunker .

After a fire in 2002, a drug laboratory was discovered in a sublet part of the bunker. As a result, the data center was not put back into operation and sold in 2010 to the company Bunkerinfra Datacenters , which filed for bankruptcy in 2015.

Operation at other locations

In the years that followed, CyberBunker deceived its customers into operating their infrastructure in the former NATO bunker, while the actual data center was located in Amsterdam. Further data centers are said to have been operated at "secret locations".

CyberBunker in Germany

Second bunker location

On June 26, 2013, CyberBunker acquired the former Mont Royal barracks with the bunker of the former Defense Geophysics Office in Traben-Trarbach , built in the 1970s , for a purchase price of 450,000 euros. In addition to the five-storey underground bunker with a usable area of ​​5500 m², there are two office buildings and several garages on the 13 hectare site. In the data center set up there, the company operated under the name Calibour GmbH over 400 servers for a darknet infrastructure, with which cyber attacks and also deals with drugs, counterfeit money and child pornography were carried out.

Warning from the LKA

In the course of the 2019 raid it became clear that the police in Rhineland-Palatinate had warned the federal authorities of the buyer of the bunker at an early stage. First, the Traben-Trarbach municipality informed the Rhineland-Palatinate LKA about the planned sale. Eight days before the announced sale date, the LKA Rhineland-Palatinate informed the Federal Agency for Real Estate Tasks (Bima) that "the potential buyer of the property could use the location for a data center, among other things, to inspect and support criminal offenses on the Internet". Compared to the mirror , the Bima 2019 stated that they had “agreed” with the LKA. At that time, however, there were no findings "that would have justified the exclusion of the future buyer from the sale process." Another interested party would have applied for the bunker, but CyberBunker made the more lucrative offer.

Raid

As early as 2013, there were first indications of a possible illegal use of the bunker. From 2015, the Rhineland-Palatinate State Criminal Police Office investigated the operator of the bunker.

In September 2019, as part of a raid in several countries, this bunker was searched and shut down by the German police with 650 emergency services, and seven suspects were arrested. Since then, almost all of the pages on the company's website have been inaccessible.

Criminal proceedings

On April 7, 2020, the State Central Cybercrime Office of the Koblenz Public Prosecutor's Office brought charges against eight suspects from the Netherlands, Germany and Bulgaria. According to the indictment, they have committed aiding and abetting more than 240,000 crimes.

The main hearing began on October 19, 2020 at the Trier Regional Court and was originally supposed to last until December 31, 2021. On December 13, 2021, the operators were sentenced to prison terms for forming a criminal organization. An appeal can be made against the judgment.

Follow-up proceedings

After the cyber bunker was compromised, there were at least 227 follow-up proceedings against users of the bunker for criminal transactions on the Darknet . The largest follow-up proceedings include the indictment of the German DarkNet trading platform DarkMarket , which, according to the indictment, closed at least 320,000 deals worth more than 140 million euros. According to the State Central Cybercrime Office of the Koblenz Public Prosecutor's Office, the " Dark HunTOR " operation , in which around 150 arrests were made worldwide, resulted from the "DarkMarket" procedure .

Customers, business policy

CyberBunker announced on its own website that it does not conclude and sign any special written contracts with its customers for the corresponding services. The contract with a customer is maintained as long as the CyberBunker services are paid for in advance by the customer. According to CyberBunker, any kind of information is hosted by CyberBunker, provided it is not related to child pornography or terrorism .

CyberBunker claimed that it would also protect customer data from claims by authorities and governments , from claims under the Digital Millennium Copyright Act , from competing companies , criminals and terrorists .

CyberBunker reportedly hosted data from The Pirate Bay , Wall Street Market and copies of WikiLeaks .

The Pirate Bay

On October 2, 2009, The Pirate Bay's BitTorrent tracker , which has already been the subject of several legal proceedings with anti-piracy groups, is said to have been transferred from Sweden to CyberBunker near Kloetinge. It is not known whether the data from The Pirate Bay was or is actually at CyberBunker, or whether the service was or is only being redirected.

The Hamburg Regional Court issued an injunction on May 6, 2010 (decision of May 6, 2010, Az. 310 O 154/10) against the routing operator CB3Rob Ltd & Co KG (CyberBunker) based in Berlin and Sven Olaf Kamphuis and initially prohibited in connection with the connection to The Pirate Bay , forwarding websites on the Internet. The injunction was brought in by member companies of the Motion Picture Association of America (MPAA) on May 6th.

The Pirate Bay pages were only offline for one day, however, and were then probably brought up again via the Ukraine .

An appeal court in The Hague (Court of Justice of The Hague) ruled on January 28, 2014 that access to the file sharing platform The Pirate Bay did not have to be blocked by two Dutch providers because IP and DNS blockades are by no means effective against online piracy would help. One could therefore not oblige providers to take ineffective measures.

Spam and DDoS attacks

CyberBunker says it doesn't care about the blacklist of The Spamhaus Project , an organization that combats spam . Since 2011 there have been mutual complaints between Spamhaus and CyberBunker after CyberBunker customers had operated spamming and CyberBunker refused to bow to demands to prevent this.

After Spamhaus put CyberBunker on its blacklist in March 2013, a distributed denial-of-service attack of a new dimension against the Spamhaus server and DNS began , which lasted a week. The attack peaked at up to 300 Gbit / s (an average major attack at the time was around 50 Gbit / s) while the previously largest known attack had reached 100 Gbit / s. The attack was investigated by five national police authorities. Since CyberBunker was still advertising the Dutch bunker at the time, Bunkerinfra Datacenters (BIDC), which operated the former CyberBunker in Kloetinge at the time, stated in a press release of March 29, 2013 that they had nothing to do with this DDoS attack . The CyberBunker near Kloetinge has not been in operation since a fire in 2002.

Web links

Commons : CyberBunker  - collection of pictures, videos and audio files

Individual evidence

  1. a b c Cyberbunker: Hundreds of proceedings against customers of the Darknet data center . In: The mirror . December 12, 2021, ISSN  2195-1349 ( spiegel.de [accessed December 14, 2021]).
  2. a b c d Own information: FAQ Cyberbunker Website ( Memento from April 27, 2019 in the Internet Archive )
  3. Adobe Fined $ 1M in Multistate Suit Over 2013 Breach; No Jail for Spamhaus Attacker. Krebs on Security, November 17, 2016, accessed October 10, 2019 .
  4. a b c d e The Pirate Bay relocates to a nuclear bunker. Torrentfreak, October 6, 2009, accessed August 18, 2014 .
  5. a b German Cops Raid “Cyberbunker 2.0,” Arrest 7 in Child Porn, Dark Web Market Sting. Krebs on Security, September 28, 2019, accessed October 7, 2019 .
  6. Coordinates 51 ° 30 ′ 8 ″ N, 3 ° 54 ′ 26 ″ E
  7. ^ A b Claus Hecking, Judith Horchert and Philipp Seibt: Traben-Trarbach: How an old Bundeswehr bunker could become a darknet data center. SPIEGEL ONLINE, October 7, 2019, accessed October 7, 2019 .
  8. a b Press release of March 29, 2013 ( Memento of August 11, 2013 in the Internet Archive ). Retrieved August 14, 2014.
  9. ^ Arnout Veenman: Bunkerinfra Datacenters failliet. ISPam.nl, June 16, 2015, accessed October 10, 2019 (Dutch).
  10. Coordinates 49 ° 58 ′ 4 ″ N, 7 ° 7 ′ 14 ″ E
  11. In the bunker of evil. In: The mirror. May 14, 2020, accessed May 16, 2020 .
  12. The darknet server will be sighted soon. Süddeutsche Zeitung, January 20, 2020, accessed on January 23, 2020 .
  13. Philipp Seibt, DER SPIEGEL: "Cyberbunker": State Criminal Police Office warned of buyers - DER SPIEGEL - Netzwelt. Retrieved April 7, 2020 .
  14. Bernd Wientjes: Cybercrime: illegal data center in Traben-Trarbach in an ex-bunker. Trierischer Volksfreund, September 27, 2019, accessed on October 9, 2019 .
  15. Investigators find hundreds of servers in the "cyber bunker". Der Spiegel , September 27, 2019, accessed on October 8, 2019 .
  16. Stormed the cyber bunker in Traben-Trarbach with 650 emergency services. rheinpfalz.de, accessed on September 27, 2019 .
  17. State Criminal Police Office Rhineland-Palatinate : State Central Cybercrime Office of the General Public Prosecutor's Office in Koblenz is bringing charges against eight suspects in the proceedings against the operators of the “cyber bunker”. In: presseportal.de. April 7, 2020, accessed April 28, 2020 .
  18. ↑ The start of the process in Trier: unprecedented giant proceedings over the cyber bunker. In: heise.de. heise online, October 19, 2020, accessed on October 24, 2020 .
  19. ^ Criminal proceedings 2a KLs 5 Js 30/15 ("Bunker proceedings"). Landau District Court in the Palatinate, September 18, 2020, accessed on October 18, 2020 .
  20. Friedhelm Greis: Criminal Association: Cyberbunker operators sentenced to prison terms. golem.de, December 13, 2021, accessed on December 13, 2021 .
  21. Own information: "Stay-online-policy" of the Cyberbunker website ( Memento from April 27, 2019 in the Internet Archive )
  22. The Pirate Bay Back Online With New Web Host In The Netherlands , October 7, 2009
  23. ^ LG Hamburg, decision of May 6, 2010 - 310 O 154/10. openJur eV, accessed on August 27, 2017 .
  24. Cyberbunker prohibited from providing Internet access to the Pirate Bay .
  25. ↑ The film industry fails, Pirate Bay is back on the web. SPIEGEL ONLINE, May 18, 2010, accessed May 18, 2014 .
  26. Judgment ECLI: NL: GHDHA: 2014: 88, Gerechtshof Den Haag, 200.105.418-01. de Rechtspraak, accessed August 15, 2014 (Dutch).
  27. Dutch ISP Hits Spamhaus With Police Complaints ( Memento from October 15, 2011 in the Internet Archive ).
  28. ^ Eduard Kovacs: TPB Causes Argument Between Dutch ISP and Anti-Spam Organization. Softpedia News, October 13, 2011, accessed August 15, 2014 .
  29. ^ Rob Williams: DDoS Attack Against Spamhaus Exposes Huge Security Threat On DNS Servers. HotHardware, March 28, 2013, accessed August 15, 2014 .
  30. Sean Gallagher: How Spamhaus' attackers turned DNS into a weapon of mass destruction. ars TECHNICA, March 28, 2013, accessed on August 15, 2014 .
  31. ^ Dave Lee: Global internet slows after 'biggest attack in history'. BBC News, March 27, 2013, accessed August 15, 2014 .
  32. Michael Riley and Carol Matlack: CyberBunker: Hacking as Performance Art. Bloomberg, April 5, 2013, accessed on August 15, 2014 (English).