Dutch police post 'friendly' warnings on hacking forums | ZDNet

Dutch police have posted "friendly" messages on two of today's largest hacking forums warning cyber-criminals that "hosting criminal infrastructure in the Netherlands is a lost cause."

The messages were posted following "Operation Ladybird," during which law enforcement agencies across several countries intervened to take down Emotet^[1], one of today's largest botnets.

Dutch police played a crucial role in the Emotet takedown after its officers seized two of three key Emotet command and control servers that were hosted in the Netherlands.

But today, Dutch police revealed that after the Emotet takedown, its officers also went on Raid and XSS, two publicly accessible and very popular hacking forums, and posted messages in order to dissuade other threat actors from abusing Dutch hosting providers to host botnets or other forms of cybercrime.

A message in English was posted on Raid, a forum popular with stolen data traders, and a second message, in Russian, was posted on XSS (formerly known as DamageLab), a Russian-speaking forum where hackers rent access to malware-as-a-service operations, and a forum usually frequented by today's top ransomware gangs.

Message posted on the Raid forum by Dutch police

Message posted on the XSS forum by Dutch police

The messages, as can be seen above, warn hackers that "hosting criminal infrastructure in the Netherlands is a lost cause" and that Dutch police plans to continue seizing their infrastructure.

A link to a YouTube video was also included, a video that ends with a message from Dutch police that says: "Everyone makes mistakes. We are waiting for yours."

The aggressive messages aren't a surprise, at least for cyber-security experts, most of which are well aware of the Dutch police's aggressive stance.

Over the past years, Dutch police have been at the center of many botnet takedowns, big and small. They arrested the owners of two web hosting providers that commonly hosted DDoS botnets^[2], took down 15 different DDoS botnets in a week^[3], moved to intercept encrypted BlackBox cryptophone^[4] messages, shut down Ennetcom^[5] for providing encrypted chat support for cybrecrime groups, and have aggressively hunted phishers, malware operators, and users of DDoS-for-hire services.

Dutch police are also currently at the heart of a mass-uninstallation operation^[6] to remove the Emotet malware from infected hosts, together with German police.