in , , , , ,

Investigators take down data center in ex-NATO bunker

September 27, 2019

Rhineland-Palatinate police forces have taken down about 2,000 darknet servers. The data center was concealed in a former Bundeswehr bunker, fenced and guarded on a 13,000 square meter site.

German investigators have managed a serious coup against cybercriminals. After nearly five years of preliminary work, the police and GSG9 have dug up and shut down a supposedly 2,000 server-strong data center.

Die ehemalige Bunkeranlage in Traben-Trarbach umfasst rund 5.000 Quadratmeter. (Foto: Pressestelle, Landeskriminalamt Rheinland-Pfalz)

Over the servers, criminals have been selling drugs in the Darknet for years, launching cyber attacks, handling counterfeit money and distributing child pornography. The operators – fenced and guarded on a 13,000-square-meter site – had been intrigued in a former Bundeswehr bunker. There, five servers are to be added to servers. 200 were confiscated and over 2,000 were estimated to have been operated.

Die Verdächtigen sollen einen sogenannten Bulletproof-Hoster betrieben haben. (Foto: Pressestelle, Landeskriminalamt Rheinland-Pfalz)

The head of the gang is a 59-year-old Dutchman. He is said to have built and operated the “Cyberbunker” from the end of 2013, says Johannes Kunz, President of the State Office of Criminal Investigation (LKA) Rheinland-Pfalz. The cybercriminal is a so-called “Bulletproof Hoster”, which provides criminals with the highest security standards in order to protect them from access by state bodies. In the Netherlands, the accused had already become conspicuous, and there were links to organized crime.

Die Polizei hat ein Rechenzentrum für illegale Geschäfte im Darknet ausgehoben. (Foto: Pressestelle, Landeskriminalamt Rheinland-Pfalz)

The suspects are members of an international gang. They are operators of a “Bulletproof Hosters” to provide infrastructure for numerous illegal Darknet sites for the sale of weapons, drugs, child pornography, forged documents and more, is the charge of the State Office of Criminal Investigation Rhineland-Palatinate.

Über die Server des Rechenzentrums sollen Webseiten im Darknet betrieben worden sein. (Foto: Pressestelle, Landeskriminalamt Rheinland-Pfalz)

“Everything you can imagine on the Darknet”

A spokesman for police headquarters Trier said Thursday that the detainees were being investigated for illegal arms trafficking, child pornography, drug trafficking and anything else they could imagine in the Darknet. The action, which allegedly involved several hundred emergency services, carried out a total of 18 search warrants in Germany and neighboring European countries. In this case, 200 servers, written documents, numerous data carriers, mobile phones and a larger, unspecified amount of cash have been secured.

These illegal offers and actions should have been handled by the computer center:

Darknet Marketplace “Wall Street Market”

The “Wallstreet Market” marketplace smashed in April by the Federal Criminal Police Office and the Central Office for Combating Cybercrime had been the second largest illegal online marketplace in the world, according to investigations by the Attorney General’s Office in Frankfurt. The platform is said to have handled 250,000 drug trafficking transactions with a sales volume of more than 41 million euros. By the time the smash hit, over 63,000 sales offers had been placed, 5,400 sellers registered, and 1,150,000 customer accounts in place.

The operators had switched to the marketplace shortly before in the maintenance mode and were about to grab all deposited funds via a so-called “exit scam” to grab. In the course of the investigation, apartments of several suspects were searched, cash amounts in the amount of more than 550,000 euros, Bitcoins and Monero in six-digit height, firearms, the server infrastructure and numerous other evidence has been secured.

Darknet Marketplace “Cannabis Road”

On the market place “Cannabis Road” 87 sellers of illegal drugs of all kinds were registered. Several thousand retail sales of cannabis products are said to have been processed through the marketplace.

Underground forum “Fraudsters”

The shut down in July German-speaking underground forum “Fraudsters” had also been hosted on the data center. The national center Cybercrime (LZC) investigate itself against the operators, it is said in the press release. There is a suspicion that several thousand drug trafficking transactions have been processed via this platform.

Darknet Marketplace “Flight Vamp 2.0”

The marketplace “Flight Vamp 2.0” should be the largest Swedish Darknet marketplace for the illegal sale of narcotics. The proceedings against the operators are being operated by the Swedish investigative authorities. There are 600 sellers and about 10,000 buyers have been active in the marketplace.

Other illegal marketplaces

The platforms “Orangechemicals”, “Acechemstore” and “Lifestylepharma” are suspected of having made possible the distribution of synthetic drugs in different quantities and textures throughout Europe. It concerns sales transactions in the five-digit range and the investigations lead in this case the public prosecutor’s office Cologne.

Attack on telecom router

In addition to the hosting of the illegal Darknet marketplaces, an attack on around one million telecom routers is said to have been carried out at the end of November 2016 via a server in the computer center. For the attack was a British hacker responsible, who is said to have worked under the pseudonyms “Spiderman” and “Peter Parker”. He was sentenced by the Cologne district court to a sentence of one year and eight months probation.

Procedure accused 13 people

The case is a total of 13 accused persons between the ages of 20 and 59, including twelve men and one woman. At the request of the LZC, the Koblenz district court issued arrest warrants for six men and the woman – four Dutchmen, one Bulgarian and two Germans – for flight and blackout.

Belarusian police seized

‘Welcome to Video’ Seized