
Dutch police take down hornets' nest of DDoS botnets - bad_packets
https://www.zdnet.com/article/dutch-police-take-down-hornets-nest-of-ddos-botnets/
======
holstvoogd
Reminds me of that fun time I had to explain to my boss that providing a
'russian contact' of his with a number of servers that would have some sort of
'remote kill switches to delete everything', probably wasn't a smart venture
for our hosting business. At some point the cops will come knocking :)

~~~
mirimir
Kill switch?

Maybe just LUKS with dropbear. Then:

    
    
        # cryptsetup luksRemoveKey /dev/mapper/foo

~~~
pjc50
Check your local laws on cryptography and destruction of evidence before
trying this. You may still be legally obliged to decrypt the material or go to
jail.

~~~
mirimir
True. Last I read, that ex cop is still locked up in Philadelphia, for
contempt. They don't believe that he forgot his passphrase.

But parent was talking about hosting servers for a client. If the client
executed that command, I don't see how the provider could be responsible.

The client could be. But they'd need to extradite him, from Russia, which
might not be so easy, these days.

~~~
Alupis
Sometimes going to jail for obstruction/destruction of evidence is a better
option than the alternative...

------
KingMachiavelli
Is it just me, or are the majority of raids of malware/botnet hosters
typically in the EU? I mean just 6 days ago a raid was cunducted on a old NATO
bunker in Germany.
[https://news.ycombinator.com/item?id=21090549](https://news.ycombinator.com/item?id=21090549)

Is it that it's easier to become a hosting provider there with more
protections (rights) and/or does America/NA lack the legal authority/process
to conduct as many raids. Obviously eastern Eurupe/Russia is the wild west but
I'm just suprised how much comes out of western Europe.

~~~
zelon88
I'm curious why Eastern Europe/Russia _are_ the wild west of douchey internet
behavior. I mean there are seemingly endless bulletproof hosting providers.
Who wakes up in the morning with the ultimate goal of being slimy on purpose
like that? And why are there so many of them concentrated in Russia/Eastern
Europe?

~~~
jungturk
I'd assume that the ultimate goal that motivates most of them is to make money
to improve other parts of their lives.

That often boils down to reaping the gains and externalizing the costs, which
these hosting solutions seem to do fairly well for their owners (though
perhaps not for the operators that get caught up in the eventual stings).

------
saag4dinner
_" hosting all sorts of badies, from phishing pages to vulnerability scanners,
and from crypto-mining operations to malware repositories."_

Is crypto-mining now a bad thing or is this article leaving out some details
that I'm missing?

~~~
asymptotically2
People mine on systems that they do not own. Try leaving SSH open with weak
credentials, or use any software with a recently disclosed RCE. It won't be
long until somebody drops a Monero miner.

~~~
vanderZwan
I mean, I've seen ad-block filters for scripts that try to crypto-mine via
peoples browsers through ads on websites, so this is hardly surprising.

------
jacquesm
Why didn't their upstream provider just blackhole their IP ranges?

~~~
IfOnlyYouKnew
Because law enforcement tends to reach for the law as their tool of choice.
And since crimes were committed, their goals include not just "stop it from
happening again" but also "prosecute", which needs evidence that cannot be
obtained by a routing patch.

------
Kaotique
I was in elementary school with one of the suspects. He was always a troubled
kid. Very sad how that turned out.

~~~
philprx
This is not bidirectional though,.. many troubled kids become great people.

~~~
SmellyGeekBoy
Many "normal" kids become troubled adults, too.

------
silviot
I thought the initial `D` in DDOS sttod for "distributed". The article reports
about "DDoS botnets operating on KV's infrastructure". Wouldn't "DDoS botnets
operated from KV's infrastructure" be a better description?

~~~
grepthisab
I run a distributed system on AWS infrastructure. It's still distributed by
all common usage of the word.

~~~
GoblinSlayer
If your system goes down together with Amazon, it's not distributed, it just
occupies several machines - a farm.

~~~
callalex
Yes but a Farm Systems Engineer is a very different job than a Distributed
Systems Engineer.

~~~
solotronics
lol. I work down at the Cloud Farm.

------
rolfvandekrol
I love how they don't tell the full name of Marco B. and Angelo K., but do
tell that they companies were called "Bos IT Holding BV" and "Kreikamp IT
Holding BV".

~~~
Ligrev
Bos means a forest, likely nothing to do with his name

~~~
krageon
It costs 2.50 to check the names of the owners of these companies at the
chamber of commerce if that makes you doubt whether or not it's actually the
name. This means that the owners were effectively outed by the publication
anyway.

~~~
avar
Not really, the point of Dutch privacy law (and similar EU laws) in this
context is not to deter a dedicated investigator, but to merely put enough of
a hurdle in place that everyone reading the article won't see the names of
suspects, and they won't show up in web searches etc.

~~~
xaitv
Iirc it's not even an actual law, more of an agreement between all news
organizations to not publish names like that. I seem to recall Geenstijl(Dutch
"news" site) publishing full names and not getting in trouble over it.

~~~
Fnoord
Geenstijl doesn't have high journalist standards.

~~~
wwwhizz
But they do have to follow the law, which is his point.

~~~
Fnoord
Sometimes there is no law necessary because an industry regulates themselves.
Which the Dutch press historically has done so, in this example.

------
botwriter
If even Bulletproof hosts aren't safe why aren't malware authors using P2P
infrastructure?

~~~
cdirkx
There is a difference between ignoring abuse reports and being immune to a
raid by law enforcement. For these authors there is a trade-off between
convenience, cost and security: using already available infrastructure is
probably easier than to set up your own complicated hosting solution.

If any of them end up getting caught because of the information gathered by
this raid they obviously misvalued one of these aspects in their trade-off
analysis. Humans all make mistakes.

