View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
August 11, 2023

Illegal web hosting service Lolek Hosted taken down by Europol, the FBI and the IRS

Lolek Hosted's homepage has been replaced with a banner explaining that 'the domain has been seized' by US law enforcement agencies.

By Claudia Glover

The web hosting service Lolek Hosted has been taken offline in a combined effort by US law enforcement agencies, the Polish Central Cybercrime Bureau and Europol, the latter has announced. The Polish ‘bulletproof’ web hosting service, a type of web hosting that turns a blind eye to activities carried out on its platform, was alleged to have distributed malware and helped launch multiple distributed denial of service (DDoS) attacks, amongst other criminal activities. The firm has since had all its servers seized and its five administrators have been arrested. 

Europol, the FBI, the IRS and the Polish Central Cybercrime Bureau have revealed their joint effort to take down Lolek Hosted, a Polish web hosting service that is alleged to have helped facilitate several DDoS attacks. (Photo by Tobias Arhelger/Shutterstock)

Until yesterday, Lolek Hosted’s services were being unsubtly marketed to cybercriminals, with promotional material including slogans like ‘You can host anything here!’ and ‘no-log policy’ being used to draw in potential users. The latter refers to a facility where no one, including VPN providers, can see any of the activity on the sites hosted by the service.

According to Europol, cybercriminals were also using Lolek Hosted to distribute information-stealing malware, which will strip credentials from victims for use in future attacks, and launch DDoS attacks. Botnet server management was being offered to criminals drawn to the web host, as well as the distribution of spam messages worldwide.

Piercing bulletproof web hosts

According to analysis from Sentinel One, many bulletproof hosting sites are maintained in countries that are not subject to the same regulatory structure as the United States, making them an even greater threat to businesses at large. ‘They don’t have the same scruples or the same rules,’ states the security firm. ‘Communications from regulators might go straight into the trash can.’

US law enforcement has made hay in recent years from imprisoning individuals running bulletproof hosting sites. In June, the US Justice Department sentenced 39-year-old Mihai Paunescu to three years in federal prison for his role in helping run bulletproof hosting service In 2021, meanwhile, Aleksandr Grichishkin received a five year sentence for founding and operating another such hosting services that remains unnamed. Additionally, Pavel Stassi, 30, of Estonia, and Aleksandr Shorodumov, 33, of Lithuania, were both sentenced to over two years in prison for running another hosting site that helped facilitated attacks against US targets between 2009 and 2015.

For its part, Lolek Hosted is now completely inactive. On its homepage a banner clearly states that the domain has been seized by the FBI and the IRS. ‘Action has been taken,’ it reads, ‘in coordination with the United States Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance provided by [Polish law enforcement].’

Read More: Hive ransomware gang’s infrastructure taken down by the FBI and Europol

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Topics in this article :
Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.