The Cold War Bunker That Became Home to a Dark-Web Empire – The New Yorker

By various methods, the police came to believe that CyberBunker was the biggest hoster of illegal Web sites in Germany, and perhaps anywhere in the world. In 2014, it hosted Cannabis Road, the dark-Web marketplace. Between March, 2016, and February, 2018, it hosted the forum Fraudsters, through which counterfeit money, fake I.D.s, and prescription and illicit drugs were traded. Between 2015 and 2018, CyberBunker hosted Flugsvamp, a dark-Web market that accounted for roughly ninety per cent of the online illicit drug trade in Sweden. Xennts most significant dark-Web client was a site called Wall Street Market. Between 2016 and 2019, it sold more than thirty-six million euros worth of drugs. The sites administrators took a commission of three per cent on each transaction.

While the Mainz cybercrime unit was building its case against Xennt, a separate international investigationled by federal police in the United States, Germany, and the Netherlandstargeted Wall Street Market. Jrg Angerer, the Koblenz prosecutor, told me it was vital that the prosecution of Wall Street Market proceed before the German police moved against CyberBunker. There is a chain, Angerer said. The hosters are facilitating the real criminals.... But first you have to process the real criminals.

In April, 2019, the police arrested three German men accused of being Wall Street Markets administrators. On the dark Web, the defendants were known by pseudonyms: Tibo Lousee was coder420; Jonathan Kalla was Kronos; Klaus-Martin Frost was TheOne. Led by officers from Germanys federal cybercrime unit, which is based in Frankfurt, the police in the three countries worked together to decipher the identities of the administrators, through undercover chats and through clues left by the men online. In a complaint filed in the Central District of California, the three principals were charged not only with running the site but also with planning an exit scam, in which they intended to abscond with some eleven million dollars being held in users accounts. All three men are awaiting trial.

A week after Wall Street Market was broken up and its leaders arrested, several officers from the B.K.A., Germanys federal police force, arrived at the Traben-Trarbach bunker to seize evidence relating to the case. A manager at the bunker expressed surprise and readily complied, escorting the officers to the server bank on the third floor. The officers took away the servers used by Wall Street Market, and left the rest.

After Wall Street Market was taken down, Angerer fixed CyberBunker itself in his sights.

On September 26, 2019, everybody at the bunker complexnine people, including Xennt, his sons, and his girlfriend, Jacquelinewent out for an early dinner at the Historic Mill, leaving the bunker unguarded. It was unusual for all the residents to be gone at the same time, but Xennts gardener, Harry, had unexpectedly come into an inheritance, and wanted to celebrate. The leader of the Mainz cybercrime team told me his unit had gathered intelligence that made them pretty, pretty sure nobody would be in the bunker during the meal.

At the Historic Mill, antiquated cooking utensils and old guitars hang on the walls. Through a glass panel on the floor, diners can look at the stream that once powered the old mill. Xennts group had booked a private area on the mezzanine. It was a Thursday evening at the end of the summer season, and the main dining room, on the ground floor, was nearly full. At around 6 P.M., as the members of Xennts party were starting to eat, several patrons on the ground floor revealed themselves to be armed undercover police officers. The officers went upstairs to arrest Xennt and the others. Several armed units of police massed outside the front door. A helicopter buzzed nearby. A Belgian tourist was almost caught up in the arrest when he tried to visit the bathroom on the mezzanine just before Xennt was placed in handcuffs.

A few minutes later, about a hundred police officersincluding a contingent from Germanys federal paramilitary police unitraided the bunker. They seized four hundred and twelve hard drives, four hundred and three servers, sixty-five USB sticks, sixty-one laptops and computers, fifty-seven phones, piles of paper documents, and about a hundred thousand euros in cash. Some six hundred and fifty officers were involved in the arrests and the raid.

At a press conference the next day, German authorities were jubilant. Jrgen Brauer, the chief prosecutor, declared that it was the first time in German history that arrests were not directed against the operators of marketplaces but against those who make the crime possible. CyberBunker was a haven for the worlds worst dark-Web sites, established to help its clients exclusively for illegal purposes. Moreover, its operators were connected to people involved in organized crime. (Brauer didnt name the Penguinwhose current location remains unknownbut he was clearly in his thoughts.) Xennt had been arrested, alongside his two sons, Jacqueline, two Germans, and a Bulgarian. Six other suspects remained at large.

The prosecutors reported that, in November, 2016, the bunker had also provided the command-and-control servers for an attack against Deutsche Telekom, one of Germanys largest communications companies. The attack had deployed a new weapon called a Mirai-botnet, which harnesses smart appliances and other wireless devices. An attempt to capture the companys routers failed but caused the network to crash. More than a million Deutsche Telekom customers lost their Internet connection in the attack, costing the company at least two million euros. The incident occurred only a few weeks after an even larger Mirai-botnet attack in Europe and the United States, which disabled Amazon, Netflix, and Twitter, among other sites. Brauer, the prosecutor, said that the people from CyberBunker who had been arrested were accused of hundreds of thousands of offenses, ranging from drugs, counterfeit money, and forged documents to being accessories to the distribution of child pornography.

Sven Kamphuis, the Prince of CyberBunker, was not arrested in the raids of September 26th; nor is he one of the six suspects still at large. After the raid, he claimed that the German police had engaged in an act of waryet he had survived with barely a scratch. The police arrested almost everybody with a connection to the bunker. Given the comprehensiveness of the investigation, the prosecutors lack of interest in Kamphuis seemed strange.

Xennt insisted to me that Kamphuis was not involved in the data center in Germany. But Kamphuis told me that he had engineered much of the Traben-Trarbach bunkers infrastructure, and, according to several people, he had also been important in developing the encrypted-phone business for Xennt. Even if Kamphuiss work was not technically illegal, he was deeply knowledgeable about an organization that the German state believed to be criminal. When details of an indictment were published, in April, the mystery of Kamphuiss treatment deepened. In the document, prosecutors noted that a search engine had been hosted on the Traben-Trarbach servers: cb3rob.net/darknet. It listed more than sixty-five hundred dark-Web sites, including marketplaces for narcotics, weapons, counterfeit money, murder orders, and child pornography. I recalled that CB3ROB is Kamphuiss online handle.

When I asked Patrick Fata, a senior police officer who oversaw the CyberBunker investigation, why Kamphuis was not accused in the case, he said that Kamphuiss role in the organization had diminished since 2014, and that the police did not have enough evidence to link him to the administration of Wall Street Market or other illegal sites. I asked Fata if the police had spoken to Kamphuis during the exhaustive six-year investigation. No, Fata said, adding, We dont know where he is.

Read the original here:

The Cold War Bunker That Became Home to a Dark-Web Empire - The New Yorker

Related Posts

Comments are closed.