German authorities raided a data centre based out of “former NATO bunker that hosted sites dealing in drugs and other illegal activities,” the Associated Press reported on Saturday, resulting in seven arrests.
Authorities allege that the bunker slash data centre, located in the town of Traben-Trarbach, was used to host the Cannabis Road drug marketplace, “drugs, hacking tools and financial-theft wares” emporium Wall Street Market, and myriad other criminal activities like synthetic drug ring Orange Chemicals, the AP wrote.
Koblenz public prosecutor’s office director Jürgen Brauer told reporters that investigators believe the servers in the bunker were used to launch a 2016 cyber attack on Deutsche Telekom reported to have taken out at least 900,000 routers belonging to the company’s customers. Charges levelled at suspects, as of yet unnamed, also include counterfeiting and child pornography.
The AP wrote:
Thirteen people aged 20 to 59 are under investigation in all, including three German and seven Dutch citizens, Brauer said.
Authorities arrested seven of them, citing the danger of flight and collusion. They are suspected of membership in a criminal organisation because of a tax offence, as well as being accessories to hundreds of thousands of offences involving drugs, counterfeit money and forged documents, and accessories to the distribution of child pornography. Authorities didn’t name any of the suspects.
According to Deutsche Welle, the bunker in question is nearly 5,000 square metres, has five levels, and was surrounded by a 3.2 acre fenced compound with video surveillance. Authorities allege a 59 year old Dutchman with ties to organised crime was in charge of the operation.
Around 600 police involved in the crackdown at the complex managed to seize around 200 servers as well as additional evidence including cell phones and cash; Deutsche Welle reported that local media is calling the raid the first time German police have taken down a “bulletproof hosting” service provider.
“It’s the first time in Germany that, instead of the shops or marketplaces, it is the ones who make it possible to commit the crimes that will be charged,” Brauer told Deutsche Welle.
“I think it’s a huge success... that we were able at all to get police forces into the bunker complex, which is still secured at the highest military level,” regional criminal police chief Johannes Kunz told the AP. “We had to overcome not only real, or analogue, protections; we also cracked the digital protections of the data centre.”
PC Mag, citing comments on Hacker News, suggested that the data centre was “known as cb3rob and was operated by Cyberbunker, which at one point was home to The Pirate Bay.” Visiting the cb3rob domain currently displays the message, ““This server has been seized by the National Bureau of Criminal Investigations Rhineland-Palatinate on behalf of the Attorney General’s Office Koblenz.”
In 2013, Cyberbunker was blacklisted by anti-spam group Spamhaus, which was promptly followed by a massive cyber attack on Spamhaus and Cloudflare, according to the New York Times. Cyberbunker has also claimed that one of its facilities, a Cold War-era nuclear bunker, was raided by a Dutch SWAT team that was totally unable to get past the blast doors. (This story appears to be apocryphal.)
According to Deutsche Welle, service providers can’t be held criminally responsible for hosting illegal content in Germany unless “it can be proven that they are aware of and supporting the illegal activity.” That process may take years, Brauer told the network.