Bulletproof hosting service shut down in massive police sting

News
By published

More than 250 servers were seized

Laptop in a dark room
(Image credit: Unsplash / Markus Spiske)
  • Dutch police seized 250 servers, taking CrazyRDP’s bulletproof hosting offline
  • CrazyRDP enabled anonymous VPS/RDP accounts without KYC or logs, aiding cybercriminals
  • No arrests yet; authorities will analyze servers to identify operators and users

CrazyRDP, a "bulletproof "hosting service mainly used by cybercriminals and hackers, has been taken offline after police in the Netherlands seized much of its hardware.

In a press release, the Dutch police said it moved against an unnamed bulletproof hosting service, active since 2022, and being cited in more than 80 different investigations, both local and international. During the operation, which took place on November 12, the police seized around 250 servers found in data centers in The Hague and Zoetermeer, the police explained.

Site offline

"Because of the seizure of these physical servers, thousands of virtual servers were also taken offline,” the announcement reads.

Bulletproof hosting is a type of web hosting service that deliberately ignores or resists takedown requests, abuse reports, and legal complaints.

As such, it is incredibly popular among cybercriminals, as they can use it to host malicious infrastructure (infostealing landing pages, malware) without fear of breaking the service provider’s ToS. What’s more, the service provider does not enforce Know Your Customer (KYC), offering full anonymity for miscreants of all walks of life.

While the Dutch police did not say the name of the company whose infrastructure was dismantled, BleepingComputer reports it was CrazyRPD, a company that offered both VPS and RDP services, allowed people to open accounts without KYC, kept no logs, and only required a username and a password to create an account.

Indeed, the company’s website is now offline and cannot be accessed. On Reddit, some users are praising the law enforcement, saying “nothing is bulletproof”, while others advocate for using VPS services in jurisdictions that look kindlier towards such practices.

Since no arrests were made, it is safe to assume that CrazyRDP (or a rebrand) will be back, sooner or later. The police will now analyze the seized servers to try doxxing both the operators and the users.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.