https://krebsonsecurity.com/2023/03/german-police-raid-ddos-friendly-host-flyhosting/ Advertisement [13] Advertisement [10] Krebs on Security Skip to content * Home * About the Author * Advertising/Speaking German Police Raid DDoS-Friendly Host 'FlyHosting' March 31, 2023 4 Comments Authorities in Germany this week seized Internet servers that powered FlyHosting, a dark web offering that catered to cybercriminals operating DDoS-for-hire services, KrebsOnSecurity has learned. FlyHosting first advertised on cybercrime forums in November 2022, saying it was a Germany-based hosting firm that was open for business to anyone looking for a reliable place to host malware, botnet controllers, or DDoS-for-hire infrastructure. [flyhostingseizure] A seizure notice left on the FlyHosting domains. A statement released today by the German Federal Criminal Police Office says they served eight search warrants on March 30, and identified five individuals aged 16-24 suspected of operating "an internet service" since mid-2021. The German authorities did not name the suspects or the Internet service in question. "Previously unknown perpetrators used the Internet service provided by the suspects in particular for so-called 'DDoS attacks', i.e. the simultaneous sending of a large number of data packets via the Internet for the purpose of disrupting other data processing systems," the statement reads. News of a raid on FlyHosting first surfaced Thursday in a Telegram chat channel that is frequented by people interested or involved in the DDoS-for-hire industry, where a user by the name Dstatcc broke the news to Fly Hosting customers: "So Flyhosting made a 'migration' with it[s] systems to new rooms of the police ;)," the warning read. "Police says: They support ddos attacks, C&C/C2 and stresser a bit too much. We expect the police will take a deeper look into the files, payment logs and IP's. If you had a server from them and they could find 'bad things' connected with you (payed with private paypal) you may ask a lawyer." [flyhosting] An ad for FlyHosting posted by the the user "bnt" on the now-defunct cybercrime forum BreachForums. Image: Ke-la.com. The German authorities said that as a result of the DDoS attacks facilitated by the defendants, the websites of various companies as well as those of the Hesse police have been overloaded in several cases since mid-2021, "so that they could only be operated to a limited extent or no longer at times." The statement says police seized mobile phones, laptops, tablets, storage media and handwritten notes from the unnamed defendants, and confiscated servers operated by the suspects in Germany, Finland and the Netherlands. KrebsOnSecurity has asked the German police for more information about the target of their raids. This post will be updated in the event they respond. The apparent raids on FlyHosting come amid a broader law enforcement crackdown on DDoS-for-hire services internationally. The U.K.'s National Crime Agency announced last week that it's been busy setting up phony DDoS-for-hire websites that seek to collect information on users, remind them that launching DDoS attacks is illegal, and generally increase the level of paranoia for people looking to hire such services. In mid-December 2022, the U.S. Department of Justice (DOJ) announced "Operation Power Off," which seized four-dozen DDoS-for-hire domains responsible for more than 30 million DDoS attacks, and charged six U.S. men with computer crimes related to their alleged ownership of popular DDoS-for-hire services. This entry was posted on Friday 31st of March 2023 02:35 PM DDoS-for-Hire Ne'er-Do-Well News ddos-for-hire FlyHosting German Federal Criminal Police Office Post navigation - UK Sets Up Fake Booter Sites To Muddy DDoS Market 4 thoughts on "German Police Raid DDoS-Friendly Host 'FlyHosting'" 1. snow March 31, 2023 https://www.presseportal.de/blaulicht/pm/43563/5476672 Reply - 2. Troy Mursch March 31, 2023 Looks like 185.132.53.0/24 (AS202437) is no longer in the global routing table, per https://stat.ripe.net/special/bgplay# bgplay_fetch.resource=185.132.53.0/24 Reply - 3. Brian Mayo March 31, 2023 good research. I would love for the same thing to happen to DDoS-Guard, that company really has no scruples. Reply - 4. Dennis March 31, 2023 These guys clearly didn't do their homework - you don't run these types of websites from Germany! You do it in Russia. Reply - Leave a Reply Cancel reply Your email address will not be published. Required fields are marked * [ ] [ ] [ ] [ ] [ ] [ ] [ ] Comment * [ ] Name * [ ] Email * [ ] Website [ ] [Post Comment] [ ] [ ] [ ] [ ] [ ] [ ] [ ] D[ ] Advertisement [6] Advertisement Mailing List Subscribe here Search KrebsOnSecurity Search for: [ ] [Search] Recent Posts * German Police Raid DDoS-Friendly Host 'FlyHosting' * UK Sets Up Fake Booter Sites To Muddy DDoS Market * Google Suspends Chinese E-Commerce App Pinduoduo Over Malware * Why You Should Opt Out of Sharing Data With Your Mobile Provider * Feds Charge NY Man as BreachForums Boss "Pompompurin" Spam Nation Spam Nation A New York Times Bestseller! Thinking of a Cybersecurity Career? Thinking of a Cybersecurity Career? Read this. All About Skimmers All About Skimmers Click image for my skimmer series. Story Categories * A Little Sunshine * All About Skimmers * Ashley Madison breach * Breadcrumbs * Data Breaches * DDoS-for-Hire * Employment Fraud * How to Break Into Security * Latest Warnings * Ne'er-Do-Well News * Other * Pharma Wars * Ransomware * Russia's War on Ukraine * Security Tools * SIM Swapping * Spam Nation * Target: Small Businesses * Tax Refund Fraud * The Coming Storm * Time to Patch * Web Fraud 2.0 The Value of a Hacked PC valuehackedpc Badguy uses for your PC Badguy Uses for Your Email Badguy Uses for Your Email Your email account may be worth far more than you imagine. Donate to Krebs On Security Most Popular Posts * Sextortion Scam Uses Recipient's Hacked Passwords (1076) * Online Cheating Site AshleyMadison Hacked (798) * Sources: Target Investigating Data Breach (620) * Trump Fires Security Chief Christopher Krebs (534) * Why Paper Receipts are Money at the Drive-Thru (530) * Cards Stolen in Target Breach Flood Underground Markets (445) * Reports: Liberty Reserve Founder Arrested, Site Shuttered (416) * Was the Ashley Madison Database Leaked? (376) * DDoS-Guard To Forfeit Internet Space Occupied by Parler (374) * True Goodbye: 'Using TrueCrypt Is Not Secure' (363) Why So Many Top Hackers Hail from Russia [computered-580x389] Category: Web Fraud 2.0 Criminnovations Innovations from the Underground [shreddedID-copy-285x189] ID Protection Services Examined Is Antivirus Dead? Is Antivirus Dead? The reasons for its decline The Growing Tax Fraud Menace The Growing Tax Fraud Menace File 'em Before the Bad Guys Can Inside a Carding Shop Inside a Carding Shop A crash course in carding. Beware Social Security Fraud Beware Social Security Fraud Sign up, or Be Signed Up! How Was Your Card Stolen? How Was Your Card Stolen? Finding out is not so easy. Krebs's 3 Rules... Krebs's 3 Rules... ...For Online Safety. (c) Krebs on Security - Mastodon