On September 26, a data center in a former NATO military bunker in the town of Traben-Trarbach, Germany, was raided by police, according to a report by the Associated Press. Set up by a man whom authorities describe as a 59-year-old Dutchman, the “CyberBunker” offered “bulletproof” hosting services—promising to keep hosted sites secure from law enforcement actions and operational regardless of legal demands.
According to authorities, the bunker housed the servers for a multitude of “Dark Web” sites selling drugs, hosting child pornography, and conducting other illegal activities. Among the sites hosted was “Wall Street Market,” which authorities claim was one of the world’s largest criminal marketplaces—selling drugs, stolen financial data, and hacking tools—until it was taken down earlier this year. The Traben-Trarbach data center was also involved in a 2016 distributed denial of service (DDoS) attack against Deutsche Telekom.
Seven people were arrested, and six other suspects, including two Dutch nationals, are still being sought by police. The raid was part of a coordinated law enforcement action at five locations by authorities in Germany, the Netherlands, Poland, and Luxembourg.
Located within a 13-acre former military base, the 5,000-square-meter (54,000-square-foot), five-floor Cold War-era bunker had been converted to house both servers. There were also office spaces at the site where people operating the data center lived and worked.
The Traben-Trarbach site is the apparent successor to the original CyberBunker, run by Sven Olaf Kamphuis‘ company CB3ROB. Domains seized by German authorities as part of the action included the domain for CB3ROB and Zytzm.com—a domain registered to the Dutch citizen Herman Johan Xennt. Xennt was the owner of the original bunker in the Netherlands used by CyberBunker.
But after a 2002 fire in that facility—which revealed an MDMA lab sharing the same bunker, according to security reporter Brian Krebs—officials denied a business license to continue to operate the facility to Xennt, and CyberBunker was forced to resell servers hosted elsewhere while continuing to claim to use the bunker. It is not clear if Xennt is tied to the group that operated the Traben-Trarbach bunker.
CyberBunker was used to launch the 2013 DDoS attack on SpamHaus, for which Kamphuis was convicted but served no jail time. At the time of his arrest, Kamphuis was alleged to have been running CyberBunker from a mobile office in a van.