The web hosting service Lolek Hosted has been taken offline in a combined effort by US law enforcement agencies, the Polish Central Cybercrime Bureau and Europol, the latter has announced. The Polish ‘bulletproof’ web hosting service, a type of web hosting that turns a blind eye to activities carried out on its platform, was alleged to have distributed malware and helped launch multiple distributed denial of service (DDoS) attacks, amongst other criminal activities. The firm has since had all its servers seized and its five administrators have been arrested.
Until yesterday, Lolek Hosted’s services were being unsubtly marketed to cybercriminals, with promotional material including slogans like ‘You can host anything here!’ and ‘no-log policy’ being used to draw in potential users. The latter refers to a facility where no one, including VPN providers, can see any of the activity on the sites hosted by the service.
According to Europol, cybercriminals were also using Lolek Hosted to distribute information-stealing malware, which will strip credentials from victims for use in future attacks, and launch DDoS attacks. Botnet server management was being offered to criminals drawn to the web host, as well as the distribution of spam messages worldwide.
Piercing bulletproof web hosts
According to analysis from Sentinel One, many bulletproof hosting sites are maintained in countries that are not subject to the same regulatory structure as the United States, making them an even greater threat to businesses at large. ‘They don’t have the same scruples or the same rules,’ states the security firm. ‘Communications from regulators might go straight into the trash can.’
US law enforcement has made hay in recent years from imprisoning individuals running bulletproof hosting sites. In June, the US Justice Department sentenced 39-year-old Mihai Paunescu to three years in federal prison for his role in helping run bulletproof hosting service PowerHost.ro. In 2021, meanwhile, Aleksandr Grichishkin received a five year sentence for founding and operating another such hosting services that remains unnamed. Additionally, Pavel Stassi, 30, of Estonia, and Aleksandr Shorodumov, 33, of Lithuania, were both sentenced to over two years in prison for running another hosting site that helped facilitated attacks against US targets between 2009 and 2015.
For its part, Lolek Hosted is now completely inactive. On its homepage a banner clearly states that the domain has been seized by the FBI and the IRS. ‘Action has been taken,’ it reads, ‘in coordination with the United States Attorney’s Office for the Middle District of Florida and the Computer Crime and Intellectual Property Section of the Department of Justice with substantial assistance provided by [Polish law enforcement].’