Did Dutch police break the law taking down a botnet?

The Dutch police installed a program on computers that were infected with Bredolab

Dutch police took unprecedented action in taking down a botnet on Monday: They uploaded their own program to infected computers around the world, a move that likely violated computer crime laws.

The program causes a computer's Web browser to redirect to a special site set up by the Netherlands Police Agency, where users are informed their computer is infected with Bredolab, a password-stealing malicious software program.

Dutch police did that by taking command of 143 Web servers used to control computers infected with Bredolab. The servers belong to LeaseWeb, one of the top hosting providers in Europe, which was informed in August of the problem by police and other computer security experts, said Alex de Joode, LeaseWeb's security officer.

"For us, it's the first time we've seen something of this magnitude," de Joode said. "It's also the first time the police are trying to actively warn people that their computer is infected."

Botnets are a thorny problem: The complex networks are designed to prevent authorities from easily tracing the perpetrators, and are responsible for the mass distribution of spam and malicious software across the Internet.

Botnets have been attacked by the good guys before, but end users were usually no better off: Their computers may still be infected with other malicious software, and PC owners may never know that their machines need to be scanned with security software. But many computer users are likely turning on their machines today and seeing the Web page from the Dutch police.

Most countries have laws that forbid unauthorized modification of a computer. In the U.K., the regulation is part of the Computer Misuse Act of 1990.

The action by the Dutch police is likely a breach of the Computer Misuse Act, said Struan Robertson, a technology lawyer with Pinsent Masons. Since the territorial scope of the legislation is wide, in theory it could be used against somebody in the Netherlands hacking into a U.K. computer, he said.

"There is no defense in the Computer Misuse Act for unauthorized access to another computer being for noble purposes," Robertson said. "That said, I think it is important to note it is unthinkable that anyone would prosecute for this," Robertson said. "They were making the best of a bad situation."

But in an era where fake Web pages are rampant, it begs the question of whether people will believe that the warning is legitimate. Fraudsters could also simply copy the Web page, set up a new domain and create a site that actually infects people's computers with Bredolab or other malware.

"I think the bigger challenge in this is getting a message to computer users that convinces the users that it comes from an authorized source and that it is really the police who is contacting them," Robertson said.

It is unlikely that anyone will complain about the Dutch police's tactic, said Graham Cluley, senior technology consultant for Sophos, a security vendor. "It's so hard to clean up the average computer and convince them [users] they have a problem at all."

The takedown of Bredolab was followed on Tuesday by the arrest of a 27-year-old man in Armenia on suspicion of controlling the botnet. He is also suspected of renting the Bredolab-infected computers to cybercrime players in other countries for online banking scams and other frauds.

The hosting company LeaseWeb allowed Dutch police access to the command-and-control servers in its data centers. LeaseWeb said the servers were rented out to a person from Eastern Europe, who then sub-rented access on those servers to the person controlling Bredolab, de Joode said.

LeaseWeb allows people to rent out extra capacity on their servers to third parties, which it calls a "reseller" arrangement. LeaseWeb does not vet those arrangements and does not know who is actually using that extra capacity.

LeaseWeb does have the contact details for the Eastern European who originally rented the servers, but the person is not responding, de Joode said. It is unclear if Dutch police are pursuing that person. Dutch prosecutors could not be reached for comment on Tuesday.

The company has a fully automated system for renting servers. Customers need to submit a valid e-mail address and phone number. Credit card transactions are processed through PayPal, which LeaseWeb relies on to do fraud detection, de Joode said.

PayPal is "catching a lot of fake orders," de Joode said. "It's our established means of international payment."

For legal and technical reasons, de Joode said LeaseWeb cannot monitor all of the traffic on its network using deep-packet inspection technologies. LeaseWeb processes up to 785GB of data per second, and intercepting that traffic could expose the company to liability claims, he said.

As an alternative, LeaseWeb set up a system in June where it receives abuse complaints from security partners. The company is working to set up an automated system where people renting servers are notified if there is a problem, such as a machine sending out spam.

LeaseWeb receives about 80 complaints a day, ranging from copyright infringement concerns to phishing to spam, and generally processes them within a day, de Joode said.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Tags fraudcybercrimemalwarelegalCriminalExploits / vulnerabilitiesLeaseWeb

Keep up with the latest tech news, reviews and previews by subscribing to the Good Gear Guide newsletter.

Jeremy Kirk

IDG News Service
Show Comments

Cool Tech

Toys for Boys

Family Friendly

Stocking Stuffer

SmartLens - Clip on Phone Camera Lens Set of 3

Learn more >

Christmas Gift Guide

Click for more ›

Brand Post

Most Popular Reviews

Latest Articles


PCW Evaluation Team

Aysha Strobbe

Microsoft Office 365/HP Spectre x360

Microsoft Office continues to make a student’s life that little bit easier by offering reliable, easy to use, time-saving functionality, while continuing to develop new features that further enhance what is already a formidable collection of applications

Michael Hargreaves

Microsoft Office 365/Dell XPS 15 2-in-1

I’d recommend a Dell XPS 15 2-in-1 and the new Windows 10 to anyone who needs to get serious work done (before you kick back on your couch with your favourite Netflix show.)

Maryellen Rose George

Brother PT-P750W

It’s useful for office tasks as well as pragmatic labelling of equipment and storage – just don’t get too excited and label everything in sight!

Cathy Giles

Brother MFC-L8900CDW

The Brother MFC-L8900CDW is an absolute stand out. I struggle to fault it.

Luke Hill


I need power and lots of it. As a Front End Web developer anything less just won’t cut it which is why the MSI GT75 is an outstanding laptop for me. It’s a sleek and futuristic looking, high quality, beast that has a touch of sci-fi flare about it.

Emily Tyson

MSI GE63 Raider

If you’re looking to invest in your next work horse laptop for work or home use, you can’t go wrong with the MSI GE63.

Featured Content

Don’t have an account? Sign up here

Don't have an account? Sign up now

Forgot password?