German Court to Decide If Hosting Providers Are Responsible for Their Customers’ Actions

Last updated October 27, 2020
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Almost a year ago, the German police raided a “bulletproof” hosting provider that was running from within an underground bunker in the village of Traben-Trarbach, seizing all hardware and arresting those responsible for its operation. As the prosecutors stated then, the cyberbunker offered services to hackers, botnet operators, dark web marketplaces where illegal transactions took place, and even child abuse platforms.

Source: darknetlive.com

The relevant trial has just begun, and the eight defendants that are now called to defend themselves in court are going to attempt to shake off any responsibility around what their customers did. This is a card that has been played many times in the past by large hosting providers, who maintain that monitoring whatever their clients do with the offered services is practically impossible, especially when they are so big.

This time though, defending against 250,000 crimes and denying knowing about anything whatsoever will be challenging for the cyberbunker’s legal team. The charges the men face include aiding and abetting criminals who sold drugs, arranged killing contracts, engaged in money laundering, and exchanged child abuse material. The plaintiffs claim that everything hosted on the seized servers was either illicit or related to illicit activity, so this is not just about a small percentage that would be impractical to monitor.

Related: DMCA-Ignoring Hosting Provider “Go Unlimited” Hacked by Competitor

This is a case that’s expected to create a precedent and break new legal ground, as it will determine the hosting provider’s responsibility for their client actions. What constitutes facilitation of illegal activities, and is there a threshold that separates those unwilling to regulate anything and those who simply miss some of the stuff that goes on?

For example, Amazon and Google often find their cloud services abused by malicious actors who run campaigns through them. This is only a small proportion of what goes on there, so these firms can effectively defend themselves and avoid even negligence accusations.

Ringleader Johan X., Source: darknetlive.com

Whatever is decided, it will take some time, as there’s a lot to present and review in court. The schedule of the trial goes as far as December 2021, so this will take a while. The defendants who are going through the process include four Dutch, three Germans, and one person from Bulgaria.

The ringleader is a 60-year-old Dutchman named Johan, who hasn’t given any testimony yet. The youngest of the group is a 21-year-old German IT expert who offered his tech support skills to the hosting operation.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: