This site uses cookies. By continuing to browse this site you are agreeing to our use of cookies. Find out more.X

Security officer at LeaseWeb speaks about the Bredolab botnet's takedown

Share this article:

The Dutch ISP that was hosting the Bredolab botnet has spoken of the investigation that brought the 30 million-strong botnet down.

Yesterday SC Magazine reported that the Dutch ISP LeaseWeb, along with the Dutch Forensic Institute (NFI), internet security company Fox-IT and the Dutch computer emergency response team (GOVCERT.NL), seized and disconnected 143 computer servers from the internet.

In this case, the botnet used servers hired in the Netherlands from a reseller of LeaseWeb, the largest hosting provider in the Netherlands. Talking to SC Magazine, security officer Alex De Joode explained that LeaseWeb is a ‘dedicated hosting provider with 30,000 servers processing 785GB of internet traffic per second'.

He said that the first indication of there being a problem was through a tip from its community outreach programme. De Joode said that this gave a better overview of activity and showed that it was hosting the command and control centre.

He said: “We got this information late in the afternoon and the Dutch police were called. We told them that something was happening on the IP and they found out that it was part of the larger botnet and wanted to investigate. They told us to take the network down but to inform them of any complaints, we said ‘we are happy to help with the botnet, but if you want us to you will need warrants that will shield us from any liability'.”

The Dutch police investigated the network for two months before finally taking it down on Monday 18th October and taking control on Monday of this week (25th October).

De Joode later revealed that during the investigation the controller of Bredolab was discovered to be an Armenian man, who upon learning that the police were seeking him, launched a 10GB denial-of-service attack against LeaseWeb in order that the botnet could not be taken over by anyone else.

However De Joode brushed this off, claiming that as it processes 785GB a second it was a minor threat.

“The Dutch police were in close cooperation and took control, they switched it off but it is still operating but not infecting, when anyone who is infected switches on their computer they are sent to a police website and they will get an update,” he said.

“We are very thankful for the Dutch police for taking down the botnet infrastructure as it makes the internet a whole lot safer. As far as we know the botnet is under police control and 30 million people will not have to worry and it is up to them to disinfect their computers.”

Asked which part of Bredolab LeaseWeb was hosting, De Joode said that the core of the botnet was hosted at LeaseWeb, while the second and third layers were hacked or compromised computers across the world.

He said: “The only thing we know is how long we rented the servers to the reseller (every person who hired more than one server is called a reseller) for six to nine months. We had no relationship with them.”

Share this article:

SC webcasts on demand

This is how to secure data in the cloud


Exclusive video webcast & Q&A sponsored by Vormetric


As enterprises look to take advantage of the cloud, they need to understand the importance of safeguarding their confidential and sensitive data in cloud environments. With the appropriate security safeguards, such as fine-grained access policies, a move to the cloud is as, or more, secure than an on-premise data storage.


View the webcast here to find out more

More in News

New TorrentLocker ransomware trades on fear of CryptoLocker

New TorrentLocker ransomware trades on fear of CryptoLocker

A new breed of ransomware called TorrentLocker that mimics more feared versions like CryptoLocker and CryptoWall has been discovered targeting users in Australia.

UK Ministry of Defence launches £2 million cyber defence competition

UK Ministry of Defence launches £2 million cyber ...

The British government has kicked-off a £2 million contest to find new ways to protect the Ministry of Defence (MoD) computer systems from cyber-attacks using automated threat response.

GCHQ tries to hack every server in 27 countries

GCHQ tries to hack every server in 27 ...

British spy agency GCHQ has been scanning every public-facing server in 27 countries for years to find any weak systems it can hack, according to the latest media reports.