Netherlands Seizes 800 Servers, Arrests 2 for Aiding Cyberattacks(krebsonsecurity.com)
200 points by jruohonen 5 hours ago | 12 comments
pocksuppet 1 hour ago
We should note these are not even slightly legitimate hosting companies, lest anyone worry too much about their non-KYC offshore servers. These aren't hosting companies that ask little, they are just directly front companies for Russian intelligence, owned by members of Russian intelligence, they don't do anything else, they don't provide hosting service to regular people even if you want it (I have tried).

Unlike in Germany where I lost several social media accounts because my email service provider (pissmail) went to jail because someone signed up for his service and sent spam.

orbital-decay 10 minutes ago
>they don't provide hosting service to regular people even if you want it (I have tried)

That doesn't sound right. I used PQ.Hosting once when I needed a quick temporary VPS, just like many other legitimate users. Yes they never asked much, but they also used to ban users left and right even for torrenting, so it wasn't bulletproof in any meaningful sense. I'm sure they were into shady stuff though, since their IP quality used to be absolute crap, but they did provide legitimate services as well.

nalekberov 1 hour ago
Any source to back up your claims? Otherwise it seemed pretty much a conspiracy theory to me.
consp 1 hour ago
The company inherited all their customers and equipment from a sanctioned company (according to the Dutch news report). Should be enough for most people.
chatmasta 1 hour ago
That just means the sanctioned company was selling to sanctioned entities, not that it was only selling to them.
l23k4 1 hour ago
This is a straight up lie, you could just rent hosting from this company as a "regular person".

The article literally has photos of their english-language customer-facing communications.

locknitpicker 27 minutes ago
> The article literally has photos of their english-language customer-facing communications.

Providing a website is hardly evidence they were a legitimate business.

efitz 3 hours ago
I’ve been on the defender side of security my whole career.

I know in some markets crime pays more than legitimate work, but it never ceases to amaze me how much thought, effort, planning, and engineering goes into providing infrastructure IT services for cybercriminals. The people involved definitely have the skills to be profitable at legitimate work; it just puzzles me that they choose to support criminals.

Aurornis 3 hours ago
I watched the downfall and eventual jailing of someone who had a great job, career, and family after he started getting involved in cybercrime.

As far as I can make sense of it, he enjoyed the thrill of feeling superior to others: Evading the law, exploiting people who viewed as stupid, and enriching himself in the process.

He got caught through a mistake that was really dumb in retrospect. I think he believed his intellectual superiority combined with the stupidity of others so much that eventually he couldn’t imagine anyone catching him.

kspacewalk2 2 hours ago
>As far as I can make sense of it, he enjoyed the thrill of feeling superior to others: Evading the law, exploiting people who viewed as stupid, and enriching himself in the process.

I sadly see this pattern of thinking far more often than I want to in my fellow eastern Europeans.

meindnoch 51 minutes ago
That's just what 40 years of communism does to a society.
elmomle 42 minutes ago
If communism is the cause, then why would this same mentality be such a massive problem in America?
locknitpicker 21 minutes ago
> If communism is the cause, then why would this same mentality be such a massive problem in America?

By communism I don't think people talk about the philosophical basis of an idealized society, but the totalitarian regime that oppresses a society and keeps the working class constantly in survival mode under the risk of losing it all.

kirubakaran 2 hours ago
Let's not generalize, even if you feel like you can say that because you're a member of a group you're generalizing. It's unfair to most of the people in any group being generalized.
quantummagic 1 hour ago
Stereotypes exist for a reason. It's exhausting having to address this concern trolling every single time they're mentioned. Nobody thinks everyone in the group conforms to the stereotype. And they certainly don't need your white knighting.
kirubakaran 1 hour ago
It isn't "concern trolling" or "white knighting" to call out racism or bigotry, and expect some decency in the discussion. If it is "exhausting" for you to be propagating unfair stereotypes, perhaps stop your bad behavior?
JCTheDenthog 42 minutes ago
Your comment assumes, a priori, that the stereotypes are in fact "unfair". I don't know enough about cybercrime rates per capita amongst Eastern Europeans vs. other populations to be able to say if it is actually an unfair stereotype, but it is an indisputable fact (supported by virtually every jurisdiction that tracks crime rates by things like national origin, ethnicity, etc.) that there are population level differences in crime rates.
hermannj314 56 minutes ago
I don't think a person saying Eastern European are observed doing something more than expected is inherently racist. It is a claim he either does or doesn't have evidence for.

If he made the claim with insufficient evidence or made the claim in contradiction of the evidence, then it becomes racist, but I don't think making the observation and doing the calculation is the racist part. It is a simple chi-squared goodness-of-fit test.

Swizec 47 minutes ago
I’m eastern-ish european, is it even racist to say that tech talent in the region is through the roof but for various accidents of history, the best opportunities available to talented people are in cybercrime (both sides)?

Not everyone has a hundred tech unicorns in their back yard. I think my country (Slovenia) produced one in its entire history so far and even that was mostly in the US

KellyCriterion 1 hour ago
sounds like Markus Braun & Jan Marsalek / Wirecard, the fraudsters :-D
cm2012 1 hour ago
Sounds like Breaking Bad
redsocksfan45 3 hours ago
[dead]
derefr 15 minutes ago
I wouldn't advise thinking of it as "providing infrastructure IT services to cybercriminals", as if these people are primarily IT people, running primarily infrastructure, who just happen to favor this audience.

I would rather advise thinking of these efforts as various cybercriminal groups going through the schlep of setting up their own backend IT infrastructure for their own use (because they couldn't find anyone to host them); and then, with built infra in hand, either:

1. realizing that their own needs were emblematic of a more-general unmet market demand for "don't ask, don't tell" hosting, and so branching out into hosting as a secondary business;

2. taking the charade of a hosting company they made up when e.g. registering for an ASN, and deciding that the more real they make that charade, the more it protects them; and so slapping together a facade of a hosting site (that serves no real customers and has no real control-plane);

3. or deciding that having real customers with actual legitimate traffic coming from their ASN further legitimizes them (and makes other ASNs more wary to just block them wholesale), and so actually standing up the facilities of your average VPS provider on some single sad box somewhere — probably running some turn-key IaaS appliance (usually not OpenStack, more likely some shoddy old thing they bought on a cybercrime marketplace);

4. or (and I think this is the most common route) chatting with cybercriminal friends of theirs, and those friends hitting them up for hosting when they realize that they've actually built something out for themselves; and this gradually just evolving into a de-facto hosting arm of the business (as they accept more of these "high-touch" word-of-mouth customers; eventually begin to feel burdened by manually configuring their systems to accommodate these customers; and so begin to automate things.)

thewebguyd 2 hours ago
It's not easy to go legit, especially in today's job market, depending on where you live in the world also.

The US is unique with its high salaries for tech work (on the lower end of those of high salaries is pure ops work like this though). If you're in a country where the average sysadmin salary is substantially lower (to pick on Eastern Europe for a minute, you're looking at the equivalent of ~$30-35k USD/year), it's not hard to see why its tempting to go the cybercrime route.

locknitpicker 0 minutes ago
> to pick on Eastern Europe for a minute, you're looking at the equivalent of ~$30-35k USD/year

This is a disingenuous claim. Not only are there software engineers in rich western European countries that in absolute terms earn less than that but also your east European software engineer still earns multiple times their country's average salary.

r_lee 1 hour ago
why is this downvoted?
KellyCriterion 1 hour ago
...because on HN, experiences which somehow contradict the perspective when salaries are highly varying across countries, esp. when someone decides to pick an explicit example, which, even if it shows the truth, is against the base-assumption of the reader of a comment.

To put it somehow dimplomatic :-D

parliament32 2 hours ago
Imagine working for an organization where 1) cybersecurity is actually the #1 priority, ahead of "shareholder value" and all the other gobblygook, 2) you get to design systems where you actually have to assume that every other entity is malicious (not the usual carve-outs like "oh yeah we do zero trust.. but our entire management plane is Azure-managed it's unavoidable"), 3) your budget is effectively unlimited, and 4) you get paid several factors more than you would in private industry.
davidwritesbugs 1 hour ago
In a previous life I've employed contractors and software engineers to run a criminal website. Motivations for my guys were that it was well paid work that was technically challenging in order to evade enforcement agencies, and was 'fun' in that respect; they were "sticking it to than man (my service was regarded as moral by all my users & others); and there wasn't so much work about that they could pick and choose; lastly, I was a good employer because I had to be!!
fancythat 1 hour ago
Because they cannot be profitable. Job market is not the same on both ends. If you are east European and you try to get a job in an international corporation, the in all cases offer salaries adjusted for regional averages, unless you are willing to reallocate. Only few startups and FAANG like companies, often compensation in line what is received in the western world.

And there is also a thrill of doing it, which other guys already mentioned.

r_lee 3 hours ago
> The people involved definitely have the skills to be profitable at legitimate work; it just puzzles me that they choose to support criminals.

I don't think it's that easy to go legit. having a tech job nowadays is already a luxury

sandeepkd 1 hour ago
If we use one of the comments from here that it was done at the behest of some government then its more like the offensive team of a legitimate government. Pretty much every thing can be colored grey that way and one just needs to find people that they can persuade or convince for their cause.
SoftTalker 2 hours ago
Some people are just born into it. Mafia families, etc. There were some very smart people in the American mob, running scams that were immensely profitable. Eventually they get caught though, and with the ease and pervasivness of electronic surveillance today, it's pretty much impossible to do it anymre at least if you're anywhere where the authorities care about it (edit to add: and aren't in on it).
seibelj 1 hour ago
[dead]
amelius 2 hours ago
Cybersecurity is always last on the budget list. It is not easy to make money working in cybersecurity.

The only upside here is that criminals will (through legislation) eventually force companies to invest more.

3 hours ago
dist-epoch 2 hours ago
You fail to take into account the ideological angle.

Some people are ready to die for their beliefs. Others just to run businesses supporting their causes.

3 of the 4 persons named have russian links (a large number of Moldovan citizens are ethnic russians).

spwa4 2 hours ago
> Some people are ready to die for their beliefs.

Really? Because while I've seen this, rarely, in individuals. In many cases once you start tracing money the amounts involved in many "die for their beliefs" situations is absurd. Terrorism, for example.

cpursley 1 hour ago
What point are you trying to make other than bigotry? Ethic Russians are not the only Eastern Europeans perpetuating cyber crime. Anyways, Nesterenko is a Ukrainian surname - at least get your racism correct.
0xAstro 4 hours ago
> Stark Industries Solutions

jarvis, whats the status of my dutch servers

2 hours ago
consumer451 1 hour ago
When I was learning some homelab stuff, and was setting up pfSense, I was able to see the geos of all that scans/attacks on my home internet. I was surprised to see that Netherlands was up there with Russia and China in volume. They all got geo blocked.

What is it about the Netherlands that makes them so attractive to these people?

mvdwoord 42 minutes ago
High bandwidth and (relatively) low sentencing would be my guess..
debarshri 1 hour ago
Those who are curious about notorious data centers, please see Cyberbunker [1]. I think conceptually it is cool. Also in the netherlands.

[1] https://en.wikipedia.org/wiki/CyberBunker

runtime_terror 47 minutes ago
I'm I the only one that read "Neanderthal Seizes 800 Servers..."?

Would have loved to read that article.

legacynl 3 hours ago
> those sanctions failed to target Stark’s remaining connection to the Internet — an Internet service provider based in the Netherlands called MIRhosting.

The fuck, i walk past the office of mirhosting every day

1 hour ago
analog8374 3 hours ago
It would be nice if they named/prosecuted the people who paid them to perform the attacks.
dist-epoch 2 hours ago
The FSB? What are you going to do about that. Russia shot down an airliner full of Netherlands citizens and there were no repercussions.
parineum 2 hours ago
Law enforcement doesn't typically talk about ongoing investigations.
ziofill 2 hours ago
Maybe it's because I haven't had my coffee yet, but I swear my brain read: "Neanderthals Seize 800 Servers"
42 minutes ago
DeathArrow 4 hours ago
After reading the article I am not sure what crime did they commit in the Netherlands.
msh 4 hours ago
The article spells it out clearly: charging them with violating sanctions law by directly or indirectly making economic resources available to EU-sanctioned entities.
2 hours ago
bunbun69 3 hours ago
I feel like you’re only asking this because you disagree with their charges, not because you genuinely have no clue why they’re arrested.
binaryturtle 4 hours ago
> …charging them with violating sanctions law by directly or indirectly making economic resources available to EU-sanctioned entities…

I guess that's why.

SecretDreams 4 hours ago
> charging them with violating sanctions law by directly or indirectly making economic resources available to EU-sanctioned entities.

Did you read this part?

DonHopkins 4 hours ago
[flagged]