This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Security officer at LeaseWeb speaks about the Bredolab botnet's takedown

Share this article:

The Dutch ISP that was hosting the Bredolab botnet has spoken of the investigation that brought the 30 million-strong botnet down.

Yesterday SC Magazine reported that the Dutch ISP LeaseWeb, along with the Dutch Forensic Institute (NFI), internet security company Fox-IT and the Dutch computer emergency response team (GOVCERT.NL), seized and disconnected 143 computer servers from the internet.

In this case, the botnet used servers hired in the Netherlands from a reseller of LeaseWeb, the largest hosting provider in the Netherlands. Talking to SC Magazine, security officer Alex De Joode explained that LeaseWeb is a ‘dedicated hosting provider with 30,000 servers processing 785GB of internet traffic per second'.

He said that the first indication of there being a problem was through a tip from its community outreach programme. De Joode said that this gave a better overview of activity and showed that it was hosting the command and control centre.

He said: “We got this information late in the afternoon and the Dutch police were called. We told them that something was happening on the IP and they found out that it was part of the larger botnet and wanted to investigate. They told us to take the network down but to inform them of any complaints, we said ‘we are happy to help with the botnet, but if you want us to you will need warrants that will shield us from any liability'.”

The Dutch police investigated the network for two months before finally taking it down on Monday 18th October and taking control on Monday of this week (25th October).

De Joode later revealed that during the investigation the controller of Bredolab was discovered to be an Armenian man, who upon learning that the police were seeking him, launched a 10GB denial-of-service attack against LeaseWeb in order that the botnet could not be taken over by anyone else.

However De Joode brushed this off, claiming that as it processes 785GB a second it was a minor threat.

“The Dutch police were in close cooperation and took control, they switched it off but it is still operating but not infecting, when anyone who is infected switches on their computer they are sent to a police website and they will get an update,” he said.

“We are very thankful for the Dutch police for taking down the botnet infrastructure as it makes the internet a whole lot safer. As far as we know the botnet is under police control and 30 million people will not have to worry and it is up to them to disinfect their computers.”

Asked which part of Bredolab LeaseWeb was hosting, De Joode said that the core of the botnet was hosted at LeaseWeb, while the second and third layers were hacked or compromised computers across the world.

He said: “The only thing we know is how long we rented the servers to the reseller (every person who hired more than one server is called a reseller) for six to nine months. We had no relationship with them.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

VC cyber security funding tops £850 million

VC cyber security funding tops £850 million

A new study from US-based research firm CBI Insights reveals that corporate cyber security investments have risen five-fold since 2009, with 30 percent growth in the last year alone.

Russian/Chinese cyber-security pact raises concerns

Russian/Chinese cyber-security pact raises concerns

News that Russia and China are set to sign a cyber-security treaty next month have left Western cyber experts unsure whether it is a threat or a promising development.

UK police arrest trio over £1.6 million cyber theft from cash machines

UK police arrest trio over £1.6 million cyber ...

London Police have arrested three suspected members of an Eastern European cyber-crime gang who installed malware on more than 50 bank ATM machines across the UK to steal £1.6 million.