A bulletproof hosting provider is an online infrastructure used specifically for turning a blind eye on users' activities. LolekHosted promised 100% privacy and a strict no-log policy, allowing clients to host "everything but child porn," US authorities reported.
At least 400 networks across the globe are thought to have been compromised by attackers using the provider's domains over a decade of operations.
How LolekHosted alleged help cyber criminals
This joint investigation supported by Europol and the FBI is just the last effort in the global fight to curb malware attacks and cybercrime.
"Being willing to ignore the transgressions of clients does not mean that law enforcement will take the same stance," Europol's official statement stated.
"The complex investigation into LolekHosted.net revealed how the service facilitated the distribution of information-stealing malware, and also the launching of DDoS (distributed denial of service) attacks, fictitious online shops, Botnet server management and distribution of spam messages worldwide."
Authorities took down the site on August 8 and, two days later, issued former charges against its founder, 36-year-old Polish national Artur Grabowski, and at least four more key operators.
Grabowski has been charged with computer fraud, wire fraud, and conspiracy to commit international money laundering. He allegedly facilitated LolekHosted clients' criminal activities by allowing them to register accounts using false information, while not maintaining IP address logs of their servers, and is also accused of ignoring abuse complaints made by third parties and failing to notify clients of legal inquiries.
Grabowski, who at the time of writing, he is still a fugitive, is subject to a $21.5 million seizure order, too, and risks a minimum of 45 years of jail time.
Among the allegations, LolekHosted is also indicted for its role in supporting criminals with the execution of at least 50 NetWalker ransomware attacks against over 400 networks worldwide. More than 5,000 bitcoin, worth nearly $146 million at today’s prices, was allegedly collected in ransoms from such malicious activities.
Authorities have been stepping up their grip against cybercrime lately. PowerHost[.]ro was another bulletproof hosting service shut down in June 2023 on similar grounds, whilst MaxiDed experienced the same fate in 2018.
So, while the allegations against LolekHosted need to be proven in court still, we can certainly expect these investigations and charges to become increasingly more frequent.
Are you a pro? Subscribe to our newsletter
Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!
Chiara is a multimedia journalist committed to covering stories to help promote the rights and denounce the abuses of the digital side of life—wherever cybersecurity, markets and politics tangle up. She mainly writes news, interviews and analysis on data privacy, online censorship, digital rights, cybercrime, and security software, with a special focus on VPNs, for TechRadar Pro, TechRadar and Tom’s Guide. Got a story, tip-off or something tech-interesting to say? Reach out to email@example.com