For the first time – and certainly not the last – the police in the Netherlands, together with the Public Prosecution Service, have physically taken the servers of a bulletproof host offline.
This action followed a prolonged digital investigation into the activities of a hosting provider based there, named ZServers/XHost. This is a so-called bulletproof hoster, a special hosting service that protects criminals and helps them remain invisible on the internet. This allows cybercriminals to spread viruses and carry out cyberattacks without fear that someone will shut down their server.
Imagine that criminals have a secret hideout where they can hide their stolen goods. The police know something is wrong, but every time they knock, the owner says, I know nothing! and slams the door shut. A bulletproof hoster does exactly that – but online.
The investigation into ZServers/XHost
ZServers/XHost came to the attention of the investigation team a year ago. The company stood out because it advertised the ability for customers to allow criminal activities from its servers. It was also indicated that the owners of these servers would remain anonymous when law enforcement agencies inquired, and payments for the services rendered could also be made anonymously via cryptocurrency.
The investigation further revealed that the servers contained ransomware, botnets, and malware: software often used by cybercriminals. This led to a strong suspicion of involvement in, among other things, computer trespass (ex. Article 138ab of the Penal Code), for which the raid was prepared.
During the operation, a server was found with hacking tools from Conti and Lockbit. They are known as the most productive and harmful ransomware groups in the world. In addition to the seizure, no arrests were made. Possible websites that were on the servers are now unreachable. The Cyber Crime Team Amsterdam will, in consultation with the Public Prosecution Service, further investigate the data found on the seized servers.
Why are bulletproof hosters so dangerous?
A bulletproof hoster is not just a shady little company that ignores rules – it is the backbone of global cybercrime. Without these safe havens, many criminals would have nowhere to host their hacking tools, stolen data, and fake websites.
This also underscores the issue of the abuse of digital infrastructure in the Netherlands. Current legislation makes it difficult to effectively act against such criminals, especially due to the role of bulletproof hosting companies and resellers that offer anonymity. There is therefore a need for stricter legislation, such as a know-your-customer (KYC) policy.
Cybercriminals from around the world pay a lot of money to operate their illegal operations here undisturbed. Bulletproof hosters ensure that malicious actors can continue hacking, scamming, and extorting without punishment – and others pay the price for it.