This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Security officer at LeaseWeb speaks about the Bredolab botnet's takedown

Share this article:

The Dutch ISP that was hosting the Bredolab botnet has spoken of the investigation that brought the 30 million-strong botnet down.

Yesterday SC Magazine reported that the Dutch ISP LeaseWeb, along with the Dutch Forensic Institute (NFI), internet security company Fox-IT and the Dutch computer emergency response team (GOVCERT.NL), seized and disconnected 143 computer servers from the internet.

In this case, the botnet used servers hired in the Netherlands from a reseller of LeaseWeb, the largest hosting provider in the Netherlands. Talking to SC Magazine, security officer Alex De Joode explained that LeaseWeb is a ‘dedicated hosting provider with 30,000 servers processing 785GB of internet traffic per second'.

He said that the first indication of there being a problem was through a tip from its community outreach programme. De Joode said that this gave a better overview of activity and showed that it was hosting the command and control centre.

He said: “We got this information late in the afternoon and the Dutch police were called. We told them that something was happening on the IP and they found out that it was part of the larger botnet and wanted to investigate. They told us to take the network down but to inform them of any complaints, we said ‘we are happy to help with the botnet, but if you want us to you will need warrants that will shield us from any liability'.”

The Dutch police investigated the network for two months before finally taking it down on Monday 18th October and taking control on Monday of this week (25th October).

De Joode later revealed that during the investigation the controller of Bredolab was discovered to be an Armenian man, who upon learning that the police were seeking him, launched a 10GB denial-of-service attack against LeaseWeb in order that the botnet could not be taken over by anyone else.

However De Joode brushed this off, claiming that as it processes 785GB a second it was a minor threat.

“The Dutch police were in close cooperation and took control, they switched it off but it is still operating but not infecting, when anyone who is infected switches on their computer they are sent to a police website and they will get an update,” he said.

“We are very thankful for the Dutch police for taking down the botnet infrastructure as it makes the internet a whole lot safer. As far as we know the botnet is under police control and 30 million people will not have to worry and it is up to them to disinfect their computers.”

Asked which part of Bredolab LeaseWeb was hosting, De Joode said that the core of the botnet was hosted at LeaseWeb, while the second and third layers were hacked or compromised computers across the world.

He said: “The only thing we know is how long we rented the servers to the reseller (every person who hired more than one server is called a reseller) for six to nine months. We had no relationship with them.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud

Exclusive video webcast & Q&A sponsored by Vormetric

As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.

View the webcast here to find out more

More in News

Cyber security still a learning curve for most companies

Cyber security still a learning curve for most ...

Poor network visibility, outdated security tools, a skills shortage and a lack of control in the cloud are just some of the reasons companies are struggling with cyber-security, say two ...

WorldPay hacker sentenced to 11 years for role in £6 million scheme

WorldPay hacker sentenced to 11 years for role ...

An Estonian man, who helped hack payment processor RBS WorldPay in 2008, has now been sentenced to 11 years in prison for his involvement in the £5.9 (US$ 9.4 million) ...

'Sophisticated' Chinese hackers launched attacks against 43,000 computer systems

'Sophisticated' Chinese hackers launched attacks against 43,000 computer ...

A new report reveals that a Chinese cyber-espionage group is closely affiliated with government and carried out attacks against the likes of Fortune 500 companies and government agencies.