"The servers that the suspects offered for payment to unknown customers opened the door to further computer crime." That statement the prosecutor of the National Prosecutor's Office made this morning in cybercrime investigation 26Madera in the Rotterdam District Court. She demanded a 15-month prison sentence against a 29-year-old man from Middelburg and his 26-year-old co-accused from Veendam. Against their Limited Company (BV), the prosecutor demanded a fine of 15,000 euros.
The prosecution accuses defendants of hosting a botnet, committing hacks from their IP addresses and servers, and facilitating the commission of hacks by third parties. The botnet, named Mirai, maintained its malicious operation and continued to spread.
Investigators from Team High Tech Crime of the police came across the servers through information in April 2019 coming from the National Cyber Security Center. On June 14, 2019, Team High Tech Crime of the National Unit under the authority of the National Prosecutor's Office started investigation 26Madera. After investigation, they came across a Dutch hosting company that used servers in a data center in the Netherlands.
On October 1, 2019, police took offline servers of the, so-called, bulletproof hoster, which were used to control a version of the botnet. The taking off the air, was done to investigate the servers. The hardware was also seized and the BV's business operations shut down.
The two suspects on trial today were found to be behind the BV. They were arrested and detained.
A botnet is a collection of infected computers (bots) that can be centrally controlled. Botnets form the infrastructure for various forms of cybercrime, such as sending spam or carrying out DDoS attacks.
Over three thousand reports of malware propagation over a one-year period were made about the bulletproof hoster in question. Investigations also revealed that this botnet very aggressively tried to infect other devices, up to over a million attempts per month on one device.
Taking these servers offline at the bulletproof hoster by police and prosecutors, the control of the existing Mirai botnet has been made impossible. Infections of new devices by this part of the botnet have also been prevented.
The prosecution considers the suspects to be (some of) the hosters of the Mirai botnet. 'Hosting' is providing the ability to place websites or other services on a server. This is the link between a data center (the Internet) and the end users of the Web (website visitors). The provider of this service is called a host, hoster or hosting provider.
This criminal case hosted the control servers of a version of the Mirai botnet. The malware used is Mirai malware. It is a virus with the characteristic of spreading itself further through hacks, collecting new systems, or "bots.
This botnet has been active since 2016 and is continuously expanding itself. That means hacks on automated works are happening all the time. They often involve hacks on so-called Internet of Things devices such as routers, security cameras, Smart TVs or smart thermostats. Those hacks are contributing to Mirai's growth. Once a device is infected, it is part of the virus; to scan its device network again looking for other automated works to infect it as well. Then, other malware can be installed on the devices so that further cybercrime can be committed.
As a bulletproof hoster, the defendants in today's criminal case, according to the prosecution, had a key position. The prosecutor compared the defendants' actions to providing a digital infrastructure to digitally break into any home or business in complete anonymity. As a result, the (next) perpetrator need only entice a victim to click on an attachment, for example. Whether possessions would subsequently be destroyed, copied, taken away or taken hostage; that, according to the prosecution, was of absolutely no concern to the suspects. The only interest they saw was making money. For this reason, the prosecution believes a heavy sentence is appropriate.
The criminal trial continues with defense pleas. The court will rule on Feb. 25, 2021.
