Английская Википедия:CyberBunker
CyberBunker is an Internet service provider located in the Netherlands and Germany that, according to its website, "hosted services to any website except child pornography and anything related to terrorism". The company first operated in a former NATO bunker in Zeeland, and later in another former NATO bunker in Traben-Trarbach, Germany.
CyberBunker served as a web host for The Pirate Bay and as one of the many WikiLeaks mirrors.[1] CyberBunker has also been accused of being a host for spammers, botnet command-and-control servers, malware and online scams.[2] The company has also been involved in Border Gateway Protocol hijacks of IP addresses used by Spamhaus and the United States Department of Defense.[3] The Spamhaus hijack was part of an exceptionally large distributed denial of service attack launched against them in March 2013. Because of the size of this attack it received considerable mainstream media attention.
The company is named for its initial location in a former Cold War bunker.[4] As of 2013, CyberBunker listed its address as the bunker, but the location of CyberBunker's servers was unclear.[5]
In September 2019, the German police stormed and shut down the company's operations in its bunker in Traben-Trarbach. Seven suspects were arrested.[6]
History
Dutch bunker (CB-1)
In 1995, Herman-Johan Xennt bought a 20,000 square foot bunker just outside the small town of Kloetinge in the south of the Netherlands, which had been formerly used by NATO,[7][8] and was built in 1955. The bunker, originally used as a wartime Provincial Military Command Center (Шаблон:Lang-nl) of the Dutch military, was built to withstand a nuclear attack.[9] The bunker was de-assessed by the Dutch military in 1994.[10]
With collaborators, Xennt formed the CyberBunker company within the bunker, to offer "bulletproof hosting" of web sites.[7][8] The company's customers during the 1990s consisted largely of pornography web sites.[7][8] Its policy was to accept any web site except those related to child pornography and terrorism.[11]
In 2002, a fire broke out in the Dutch bunker. After the fire was put out, it was discovered that besides Internet hosting services, an MDMA laboratory was in operation.[12][7][8] Three of the four men charged with the operation of the lab were convicted to three-year prison sentences; the fourth was acquitted due to a lack of evidence.[13] Following the fire the local town denied the company a business license, resulting in the CyberBunker servers being moved to above-ground locations, including Amsterdam.[7][14]
In its publicity, the company continued to claim that it operated from the bunker.[14] On 29 March 2013, the secure data storage company BunkerInfra issued a press release stating they had been the owners of the Kloetinge bunker since 2010, and that any claims made by CyberBunker regarding their continued usage of the complex were false, and that they have not been operating from the bunker since the fire in 2002.[15] Businessweek reported them as stating that the bunker was "full of junk" when they acquired it, and quoted Guido Blaauw, their general manager, as stating that the CyberBunker publicity material was "all Photoshop".[16]
The Pirate Bay
In October 2009 BitTorrent tracker The Pirate Bay, which had been subjected to legal action by various anti-piracy groups including Dutch copyright organisation BREIN, moved away from Sweden to CyberBunker. In 2010 the Hamburg district court ruled that CyberBunker, operating in Germany as CB3Rob Ltd & Co KG, was no longer allowed to host The Pirate Bay, being subject to a €250,000 fine or up to 2 years imprisonment for each infringement.[1]
Spamhaus
In October 2011, Spamhaus identified CyberBunker as providing hosting for spammers and contacted their upstream provider, A2B, asking that service be cancelled. A2B initially refused, blocking only a single IP address linked to spamming. Spamhaus responded by blacklisting all of A2B address space. A2B capitulated, dropping CyberBunker, but then filed complaints with the Dutch police against Spamhaus for extortion.[17][18]
In March 2013, Spamhaus added CyberBunker to its blacklist. Shortly afterwards a distributed denial of service (DDoS) attack of previously unreported scale (peaking at 300 Gbit/s; an average large-scale attack is often around 50 Gbit/s, while the largest known previously publicly reported attack was 100 Gbit/s)[19] was launched against Spamhaus email and web servers using a Domain Name System (DNS) amplification attack;[20][21] Шаблон:As of the attack had lasted for over a week. Steve Linford, chief executive for Spamhaus, said that they had withstood the attack. Other companies, such as Google, had made their resources available to help absorb the traffic.[21] The attack was being investigated by five different national cyber-police-forces around the world. Spamhaus alleged that Cyberbunker, in cooperation with "criminal gangs" from Eastern Europe and Russia were behind the attack; Cyberbunker did not respond to the BBC's request for comment on the allegation.[21]
Cloudflare, an Internet security firm located in San Francisco, California assisting Spamhaus in combating the DoS attack was also targeted. On 28 March 2013, CyberBunker's website went offline for a short period of time, possibly becoming a victim of a DDoS attack themselves.[22]
On 25 April 2013 Sven Olaf Kamphuis, a vocal spokesman for CyberBunker, was arrested at the request of Dutch authorities near Barcelona by Spanish Police after collaboration through Eurojust.[23] An anonymous press release uploaded on Pastebin.com the following day demanding the release of Kamphuis threatened with more large-scale attacks should he remain in custody.[24][25] The Spanish authorities reported that Kamphuis operated from a well-equipped bunker and used a van as a mobile computing office. No further information on this bunker was provided.[26] In September 2013 it was revealed that a second arrest had been made in April in relation to the Spamhaus attack, the suspect being a 16-year-old from London.[27][28] Kamphuis was held for 55 days awaiting extradition to the Netherlands and was later found guilty and sentenced to 240 days in prison. His sentence was suspended, with credit for the 55 days served.[29]
Traben-Trarbach bunker (CB-3)
In 2013 the company purchased its second bunker, in Traben-Trarbach, Germany.[7] As early as 2015, German cybercrime investigators received a warrant to investigate the company by tapping its Internet traffic in and out of the bunker.[7] During this time, the company's clients are claimed to have included the dark web marketplaces Wall Street Market, Cannabis Road and Flugsvamp, as well Fraudsters, a forum for exchanging illegal drugs, counterfeit money and fake identification.[7][30] The Irish criminal George Mitchell, who lived for a while in Traben-Trarbach,[31] approached Xennt about running an encrypted phone business.[7] The back end of the encrypted messenging app Exclu was run on CyberBunker's servers.[32]
In September 2019, 600 German police raided the bunker.[14] Seven people were arrested in the raid.[33] Police later said that the bunker was the location from which a late 2016 denial of service attack on Deutsche Telekom had been launched.[33]
In 2021, Xennt and six other defendants were convicted of having formed a criminal organization, but were acquitted of having aided and abetted the crimes committed on their servers. They received sentences between 28 and 59 months in prison.[34]
In December 2023, their site became active again under cyberbunker.pro and cyberbunker.world.
Documentary
The Netflix documentary "Cyberbunker: The Criminal Underworld" was released in 2023. It contains interviews with the investigating prosecutor and police officers, journalists, the mayor of Traben-Trarbach, Xennt and other members of his organization. Police revealed that they had planted an undercover gardener and a cleaning lady in the bunker and that they lured Xennt and his crew out of the bunker before the raid.[31]
References
- ↑ 1,0 1,1 Шаблон:Cite web
- ↑ Spamhaus.org - listings for IPs under the responsibility of cb3rob.net, records retrieved 28 April 2013.
- ↑ BGPMon.net Looking at the spamhaus DDOS from a BGP perspective, article retrieved 29 April 2013.
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite news
- ↑ Шаблон:Cite web
- ↑ 7,0 7,1 7,2 7,3 7,4 7,5 7,6 7,7 7,8 Шаблон:Cite magazine
- ↑ 8,0 8,1 8,2 8,3 Шаблон:Cite web
- ↑ PMC-bunkerbezetting in Kloetinge: het verslag Шаблон:Webarchive (Dutch), article retrieved March 28, 2013.
- ↑ Forten.info - Provinciaal Militair Commando Шаблон:Webarchive (Dutch), article retrieved March 28, 2013.
- ↑ Шаблон:Cite book
- ↑ Security.nl - Uitgebrande 'Cyberbunker' herbergde XTC-lab (Dutch), article retrieved 29 March 2013.
- ↑ OmroepZeeland.nl - Cel wegens runnen XTC-laboratorium Шаблон:Webarchive (Dutch), article retrieved 29 March 2013.
- ↑ 14,0 14,1 14,2 Шаблон:Cite web
- ↑ BunkerInfra.com - Cyberbunker not located in a bunker in Goes, the Netherlands Шаблон:Webarchive, article retrieved March 29, 2013.
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ Rob Williams for Hot Hardware (2013), DDoS Attack Against Spamhaus Exposes Huge Security Threat On DNS Servers Шаблон:Webarchive, article retrieved 28 September 2013.
- ↑ Шаблон:Cite web
- ↑ 21,0 21,1 21,2 Шаблон:Cite news
- ↑ Informationweek Security - DDoS Spam Feud Backfires: 'Bulletproof' CyberBunker Busted Шаблон:Webarchive, article retrieved 30 March 2013.
- ↑ Шаблон:Cite news
- ↑ Pastebin.com - Official press release #freecb3rob, retrieved 26 April 2013.
- ↑ Brenno de Winter - Nu.nl - Groep dreigt met 'grootste aanval ooit' om arrestatie hacker (Dutch), article retrieved April 26, 2013.
- ↑ The Washington Post / Associated Press - Dutch suspect arrested in Spain over major cyberattack used well-equipped 'bunker' and vanШаблон:Dead linkШаблон:Cbignore - article retrieved 28 April 2013.
- ↑ Ernesto for TorrentFreak (2013), The Pirate Bay relocates to a nuclear bunker, article retrieved 21 January 2015.
- ↑ James Legge for The Independent (2013), London teenager arrested over huge cyberattack, article retrieved 28 September 2013.
- ↑ Шаблон:Cite news
- ↑ Шаблон:Cite web
- ↑ 31,0 31,1 Шаблон:Cite web
- ↑ Шаблон:Cite web
- ↑ 33,0 33,1 Шаблон:Cite news
- ↑ Шаблон:Cite web
- Английская Википедия
- Страницы с неработающими файловыми ссылками
- Government buildings completed in 1955
- Denial-of-service attacks
- Bunkers in Europe
- The Pirate Bay
- Data centers
- Страницы, где используется шаблон "Навигационная таблица/Телепорт"
- Страницы с телепортом
- Википедия
- Статья из Википедии
- Статья из Английской Википедии