edicted Blog Banner

edicted

CyberBunker

image.png

CyberBunker: The Criminal Underworld

Wow, what a catchy title! Such intrigue. Much wow!

CyberBunker: The Criminal Underworld is a Netflix documentary that came out on November 8th, 2023. I'm just now realizing I watched it the day it came out. It is a pretty hilarious watch in that it's completely sensationalist and totally misrepresents what actually happened. I would almost call it propaganda considering the way it was produced, but at the same time most (if not all) of the information contained within the script is factual. It's just the way they portray such things that makes it a bit funny and totally overexaggerated.

The story takes place in Germany and a lot (half?) of the dialog is not in English and requires subtitles for those who don't speak the language. It begins with a bunch of shady characters giving their titles within the "Criminal Underworld". One of them claims to be "head of propaganda". Another claims to be the "prince of CyberBunker".

Later in the documentary you find out that it's just a bunch of nerds who are larping to the extreme. They declared self-sovereignty and made claims that what they were doing couldn't have been against the law because CyberBunker has its own set of laws separate from the country it resides in; a sovereign city-state if you will. In reality it was just a group of eight guys working together to host a server-room inside a mountain.

image.png

So what was their crime?

Basically it was providing privacy to their users. CyberBunker was essentially just a privacy-centric hosting service that allowed anyone to rent digital resources from them. This of course attracted clients that wanted to use the server space for illegal things on the dark web like buying/selling drugs and other forms of contraband. However, CyberBunker's services were so professional and reliable that many legitimate users also opted into the service simply because they were good at what they did. Of course I think their main clients were porn operators, but again that's clearly a legal use-case.

Expectations vs Reality

The server room pictured above is not from CyberBunker, but did that stop the producers of the documentary from making it seem like these "criminal masterminds" had built a sleek setup that looks like it belongs to a multi-billion dollar professional company? No, of course not. Guess what their server room actually looked like...

image.png
If you guessed it might look like it was put together by a tiny group of dorks that actually had very little resources to work with, then you'd be right.

Not that I have anything against nerds, because I kind of am one, but the point being that this entire operation was blown way out of proportion. The cops were totally clueless, and even when they started to get really solid intel on the situation they still managed to double and triple down on their ignorance.

image.png
Wow even Coindesk reported on the raid in 2019.

The problem was that CyberBunker was literally a NATO bunker from the Cold War era on a hill in the small town of Traben-Trarbach, Germany. It has five levels in total. The top level is living quarters. Then comes power and air circulation. Then a server room. I forget what the other two floors were used for but it doesn't really matter.

Point being that police had absolutely no idea what was going on here. They tried to surveil the area with a helicopter and got nothing out of it... because you know... it's an underground bunker. It's kind of funny they thought they'd get anywhere with an aerial view.

Then they decided to start tracking the bandwidth that went in and out of the facility which was decidedly a much smarter move. They could see that a black marketplace called Wall Street Market was being hosted there which sold all kinds of illegal goodies online. Much like Silk Road a lot of the volume ended up being Schedule 1 drugs.

Gardener & Housekeeper infiltrators

In order to get even more information they needed to get undercover agents onsite. This was accomplished surprisingly easily because CyberBunker itself was essentially being run by a skeleton crew. At a certain point they decided they needed a gardener but a lot of the work being offered was low pay or even volunteers who worked for room and board. It was a seemingly cultish atmosphere in this way. For the most part this was just a bunch of technically minded anarchists thinking they'd change the world.

So the cops took the gardening position for no pay and now had a man on the inside. Of course a gardener has no reason to actually go lower than level 1 in the bunker so after the undercover agent earned their trust after a long period of time they got another undercover agent to pose as the gardener's girlfriend to take the housekeeping roll to clean up all parts of the bunker. The housekeeper had full unfettered access to every room with a set of keys.

At one point at least a little suspicion was cast on the housekeeper. Something along the lines of, "Maybe she's a cop which is why she doesn't care about getting paid." But it was ultimately determined that the chance of this was low because of how long the undercover gardening agent has been on site. The German police spent a lot of resources simply getting this far and they weren't going to walk away empty handed.

image.png

Herman Xennt

So who is this criminal mastermind?

He's like a typical 007 James Bond villain

He's basically portrayed as some comically evil supervillain, when in reality he's just a very intelligent anarchist from the Netherlands. In fact the first CyberBunker was based in the Netherlands but got shut down after a fire. Turns out Xennt had privately sublet part of the bunker out to someone else... and that person was running an ecstasy lab on the premises. Xennt has also been seen collaborating with high-profile organized crime members which also obviously sets off all the red flags.

Did Herman Xennt know that the servers he hosted were teeming with illegal activity? I mean he must of had some idea. However within the mind of a guy like this it doesn't really matter. His business was perfectly legitimate. He provided a private hosting service. End of story.

From the perspective of an anarchist it does not matter if someone uses your infrastructure to commit crimes: that's on them. Does the Federal Reserve get in trouble because most crimes are perpetrated in USD? Of course not. Providing the infrastructure in which crimes occur is not a crime. Especially when those crimes are completely victimless like the black market drug trade. In fact it can argued that sites like Silk Road and Wall Street Market made these black markets a lot safer than they would of been otherwise, not that the man cares about such happenstances.

Did Xennt know there was an ecstasy lab in his first bunker? Maybe, but there's also a real possibility he had no idea because the entire business model revolves around respecting the privacy of clients. He claimed to believe he was subletting to a painting company. Even if he did know it was there I guessing he would have simply looked the other way rather than trying to capitalize on the drug trade.

Why was he seen collaborating with organized crime? Ah well if your clients are trusting you to maintain their privacy they're probably going to want to have a chat with you no matter how involved one is in the operation. I feel like this should be obvious but instead this "mastermind" narrative is constantly pushed even though all the statements and interviews he gives are very obviously rooted in the ultimate respect for privacy as a human right.

image.png

Can you guess why I wear a beanie in the documentary?

image.png

Sven Olaf Kamphuis

And then there's this character who is arguably the most interesting out of all of them. Apparently Sven is credited with the most brutal DDoS attack of all time. It was so brutal that it slowed down the entire internet and made national headlines. This was done in response to an organization called Spamhaus blacklisting CyberBunker's IP address and "abusing their power" as the number one blacklisting site for Internet spam.

Interestingly enough Sven was the only member of CyberBunker to not be arrested in the raid, leading many to think that he may have been a snitch... but considering how it actually all went down I sort of doubt it.

The Raid of CyberBunker

The undercover gardener made up a story about receiving a large inheritance and insisted on taking everyone from CyberBunker out to dinner down in the town below. He got everyone to attend except for Sven who was nowhere to be found. Normally someone would always be left behind to defend the bunker but the undercover agent did his job and it was completely empty.

But just in case there were still people guarding the bunker the police allocated SIX HUNDRED AND FIFTY personnel for the raid, including tactical units and a literal TANK. I can only imagine how much that cost. The cops were prepared for war and potentially military-style resistance, which I find absolutely hilarious because they had two undercover agents inside that already knew for a fact that these dorks couldn't defend themselves in this manner.

Then when they get to the bunker the only thing it was secured by was a single padlock, and I get the feeling they had to go back for bolt cutters to get past it based on the interview (sheer embarrassment). What funny is that if a single person had been left behind they probably would have been able to wipe all the data before the police could confiscate it, rendering the entire operation a huge failure.

But it still was a fail.

This is why I think Xennt isn't the kind of guy the media made him out to be and why even the title of the documentary (Criminal Underworld) doesn't make a lot of sense. Even the big boss man got less than six years in prison. How is that possible? How is this not a life sentence just like Ross Ulbricht?

hack-hacker-hacks-anon-matrix.jpg
Xennt goes on record and makes a statement within the documentary.

He maintains his innocence and says that he personally did nothing illegal. He goes on to say that it would have been impossible for him to be acquitted in court and that the guilty verdict was already determined in advance. There was no way that police were going to allow him to get off the hook after expending that many resources to bring him in.

If we're being honest with ourselves Xennt's story makes more sense than the one law enforcement is spinning. None of the evidence was destroyed and they had multiple undercover agents on site for a very long time. How is it possible that a criminal mastermind only gets a 5.75 year sentence when everything fell into the prosecution's favor? All we have to do is look what they were convicted of.

He was acquitted of aiding and abetting the crimes on the CyberBunker-hosted sites, but in December 2021, Xennt was found guilty of forming a criminal organization.

All members of CyberBunker were acquitted of the main crime they were accused of and then found guilty under some bullshit organized crime law. These people are clearly not mobsters or involved with anything of that nature (at least not provably so). This is obviously some kind of technicality exploit of the legal system, employed to save face given the prosecution's shear incompetence.

Conclusion

CyberBunker is not a very good documentary. It is sensationalist and subjective in many instances. However, the topic itself is extremely important and relevant to the crypto space. If we truly want crypto to bleed into the real world then we have to accept that making an omelet requires the breaking of eggs. Essentially we can not throw the baby out with the bathwater. Either privacy is a basic human right or it isn't. There isn't a lot of wiggle room here, and this extends to digital privacy as well, especially in the face of borderless censorship resistant networks.

While the infrastructure that we build might be used by criminals, it simply does not matter. We can not ban chainsaws because someone saw Scar Face and it frightened them. We cannot ban cars because a criminal choses to purposefully strike another human with one. Such logic is nonsense in the face of reason, and this exact concept can easily be applied to digital infrastructure as well.

This documentary reinforces a concept that we already understand quite well: freedom and privacy come at a cost, but that cost is worth paying. If we want to continue on this journey of creating sovereign self-regulating ecosystems then we will have to accept this fact. The digital jungle can be a scary and unforgiving place, but still we press on.


Return from CyberBunker to edicted's Web3 Blog

CyberBunker was published on and last updated on 14 Nov 2023.