CRIMINAL CAPITALI$M

‘Bulletproof’ web hosting company seized; Polish national charged with computer fraud

DOJ says website alleged to have acted as a secure nexus of ransomware, brute-force and phishing 

By Brad Matthews - The Washington Times - Saturday, August 12, 2023

A Polish national is facing fraud and money laundering charges after his web hosting company purportedly used by hackers was seized, the Justice Department announced Friday.

Artur Karol Grabowski, 36, operated web host LolekHosted, which is alleged to be a secure and “bulletproof” platform known to be preferred by criminal hackers, according to court documents cited in the DOJ news release.

“Bulletproof” web hosting services have been known to have been used for multiple types of hacking, including ransomware, phishing and brute-force attacks in which an attacker submits passwords en masse in the hopes that one ends up being correct.

The LolekHosted.net domain was seized by the U.S. government on Tuesday, with a warrant issued by the U.S. District Court for the Middle District of Florida. Mr. Grabowski faces charges of computer fraud conspiracy, wire fraud conspiracy and international money laundering.

If Mr. Grabowski is convicted, he could be sentenced up to 45 years in prison and would also have to forfeit $21.5 million in purportedly criminal proceeds. Mr. Grabowski is currently a fugitive.

Mr. Grabowski is accused of facilitating criminal acts by his clients by allowing them to register accounts with fake information, changing the IP address of the company’s servers repeatedly, not logging the IP addresses of clients, ignoring third-party claims of abuse against his clients, and warning clients about queries from authorities, according to the DOJ.

After registering LolekHosted in 2014, Mr. Grabowski advertised the company offered “100% privacy hosting,” allowing the hosting of any content with the exception of child sex abuse material, according to court documents cited by the DOJ.

One hacking operation that LolekHosted is alleged to have hosted is the NetWalker ransomware, which was deployed against around 400 victims in about 50 attacks worldwide, according to the DOJ.

Victims included municipalities, companies, hospitals, school districts, colleges and universities, and law enforcement. The hackers were paid more than 5,000 bitcoin in ransoms (currently worth about $146 million.)

LolekHosted is alleged to have been used as an intermediary for these attackers, as well as a digital storage space for hacking “tools” and stolen information from victims, the DOJ news release said.


• Brad Matthews can be reached at bmatthews@washingtontimes.com.