Dutch police seizes 250 servers used by “bulletproof hosting” service

The police in the Netherlands have seized around 250 physical servers powering a bulletproof hosting service in the country used exclusively by cybercriminals for providing complete anonymity.

Politie, the police force in the Netherlands, did not name the service but said that it has been used for illicit activities since 2022, and has emerged in more than 80 cybercrime investigations, both domestic and abroad.

Bulletproof hosting providers are companies that intentionally ignore abuse reports and refuse to comply with content takedowns requests from law enforcement while protecting their customers by not enforcing Know Your Customer policies.

Cybercriminals that typically use them are ransomware operators, malware distributors, phishing actors, and spammers, as well as money laundering services that get to remain anonymous by paying in difficult-to-trace cryptocurrency.

Thousands of virtual servers seized

The Dutch police note that the hosting company advertised complete anonymity for users and no cooperation with law enforcement.

The investigation showed that the company facilitated ransomware attacks, botnet operations, phishing campaigns, and even the distribution of child abuse content.

Last week’s police operation confiscated hundreds of physical and thousands of virtual servers.

“During the operation on 12 November, the infrastructure was seized. In total, it involves around 250 physical servers located in data centers in The Hague and Zoetermeer,” reads Politie’s announcement.

“Because of the seizure of these physical servers, thousands of virtual servers were also taken offline.”

Investigators will now conduct a forensic analysis on the seized servers to gain more insight into their operators and potential clients. At this time, no arrests have been announced in relation to this action.

The Dutch police played a key role in Operation Endgame’s latest phase last week, which disrupted the operations of Rhadamanthys, VenomRAT, and Elysium malware.

In the Netherlands, the authorities carried out nine searches in Dutch datacentres and seized 83 servers and 20 domain names.

Although the two operations overlap, the Dutch police told BleepingComputer that the two investigations are not connected.

CrazyRDP goes down

The authorities have declined to share the name of the hosting provider. However, sources told BleepingComputer last week that on November 12th, the Dutch police seized servers from a datacenter in The Hague used by CrazyRDP, which is now offline.

CrazyRDP offered VPS and RDP services and operated in the interest of its clients’ anonymity, with no-KYC and no-logs policies, requiring only a username and password to create an account.

In some discussions between threat actors, CrazyRDP was among the recommendations for bulletproof hosting services. Furthermore, multiple cybersecurity reports identified the same provider as a service for various malicious activities.

BleepingComputer noticed that the official CrazyRDP Telegram channel deleted all posts last Wednesday and linked to a different channel about CrazyRDP suddenly shutting down.

In the first conversations on the new channel, some people said they had more than 30 servers hosted on CrazyRDP infrastructure. Others feared an exit scam, as the service support claimed technical issues at the data center but then never replied.

One customer complained to technical support on Wednesday evening about problems logging in and was told that they would receive a response when everything would be “fully resolved.”

However, about four hours later ,the operator said that they did not have an estimated time for solving the issue and then answered.

Although it is unclear if CrazyRDP is the bulletproof hosting that the Dutch police took down last Wednesday, the operation appears to be offline since then.