Police have taken down the Lolek bulletproof hosting provider, arresting five individuals and seizing servers for facilitating malicious activities, including DDoS attacks and malware distribution.
A bulletproof hosting provider is a hosting company that turns a blind eye to reports of criminal activity or the hosting of copyrighted material on their servers.
Cybercriminals prefer these types of hosting providers over traditional companies, as they can launch cybercrime campaigns without fear that they will be shut down after malicious activity is reported.
On Tuesday, BleepingComputer learned that the platform’s site at lolekhosted[.]net had been seized, now displaying a message stating that an international law enforcement operation between Poland and the US seized the site.
“This domain has been seized by the Federal Bureau of Investigation and Internal Revenue Service – Criminal Investigation as part of a coordinated law enforcement action taken against LOLEK HOSTED,” reads the Lolek seizure message.
Lolek promoted itself as a “100% privacy hosting” service with a no-log policy, meaning they do not log any activity on its servers or routers that could be used to incriminate customers.
Customer reviews of the service seen by BleepingComputer said that almost any activity was allowed at the hosting provider, and the platform accepted PayPal and cryptocurrency for payments.
While the FBI and IRS declined to comment this week on the investigation, Europol announced today the seizure of Lolek and the arrest of five administrators in Poland.
“This week, the Polish Central Cybercrime Bureau (Centralne Biuro Zwalczania Cyberprzestępczości) under the supervision of the Regional Prosecutor’s Office in Katowice (Prokuratura Regionalna w Katowicach) took action against LolekHosted.net, a bulletproof hosting service used by criminals to launch cyber-attacks across the world,” reads Europol’s announcement.
“Five of its administrators were arrested, and all of its servers seized, rendering LolekHosted.net no longer available.”
Europol says that Lolek was seized as cybercriminals used its servers to launch DDoS attacks, distribute information-stealing malware, host command and control servers, host fake online shops, and conduct spam campaigns.
The operation was led by the FBI and IRS, with Europol providing support linking available data to various criminal cases within and outside the EU, as well as tracing cryptocurrency transactions.
As bulletproof hosting providers have become a significant component in malware distribution and cybercrime, law enforcement has been actively targeting these platforms.
In 2018, the Dutch police seized MaxiDed for hosting DDoS botnets, cyber-espionage, malvertising, spam, and malware operations. Since then, numerous arrests [1, 2] have been made for involvement in BPH services.