
CyberBunker was a data center and bunker complex located in the Netherlands. It was founded in 1998 by Sven Maschner and Robert Bohm.
The complex was initially designed as a hosting facility for websites and servers. It offered a unique selling point: a secure and isolated location that could withstand even the most severe natural disasters.
CyberBunker was built into a 25,000-square-meter bunker complex beneath a former NATO bunker. The complex had its own power generation, water supply, and communication systems.
In 2000, CyberBunker was sold to a new group of investors, who continued to operate it as a hosting facility.
Legacy and Impact
CyberBunker emerged as a defiant actor in the sphere of internet hosting, initially in a NATO bunker in Zeeland, Netherlands and then in Traben-Trarbach, Germany.
The company was set up by Herman-Jaan Xennt in 1995 and advertised 'bulletproof host' services, hosting nearly any website except for those involving child pornography and terrorism.

CyberBunker was accused of harboring spammers, botnet command and control centers, as well as malware.
It was also fingered in Border Gateway Protocol hijacks.
The company's activities highlighted the connection between social activities and cybersecurity, raising awareness of how they fit within the broader picture of cybersecurity and relevant legislation.
Released by Netflix in November 2023, “CyberBunker: In “The Criminal Underworld” discussed particular aspects of how the hackers managed to build one of the largest dark web hosting services.
CyberBunker's History
CyberBunker purchased its first bunker in 2008 in Carlsberg, Germany.
The company expanded its operations by purchasing a second bunker in Traben-Trarbach, Germany in 2013.
German cybercrime investigators received a warrant to investigate the company by tapping its Internet traffic in and out of the bunker as early as 2015.
The company's clients included the dark web marketplaces Wall Street Market, Cannabis Road, and Flugsvamp, as well as Fraudsters, a forum for exchanging illegal drugs, counterfeit money, and fake identification.
You might enjoy: Telia Company
Xennt, the company's owner, was approached by Irish criminal George Mitchell about running an encrypted phone business.
The back end of the encrypted messaging app Exclu was run on CyberBunker's servers.
In September 2019, 600 German police officers raided the bunker, arresting seven people in the process.
Police later said that the bunker was the location from which a late 2016 denial of service attack on Deutsche Telekom had been launched.
In 2021, Xennt and six other defendants were convicted of having formed a criminal organization, but were acquitted of having aided and abetted the crimes committed on their servers.
They received sentences between 28 and 59 months in prison.
CyberBunker's Presence
CyberBunker was a data center and bunker complex located in Voerendaal, Netherlands. The complex was built in a former NATO bunker.
The complex was home to a large community of internet freedom advocates and hackers. It was also known for its strong internet connection and robust security measures.
CyberBunker was a favorite among hackers and activists due to its strong encryption and secure servers. This allowed them to operate with a high level of anonymity.
The complex was designed to withstand a nuclear attack and had its own power generation and water supply. This made it a unique and secure location for its users.
CyberBunker's Activities
CyberBunker was known to provide hosting for spammers, which led to a confrontation with Spamhaus in October 2011.
Spamhaus initially blocked only a single IP address linked to spamming, but CyberBunker was eventually dropped by their upstream provider, A2B, after Spamhaus blacklisted all of A2B's address space.
CyberBunker was then added to Spamhaus's blacklist in March 2013, prompting a massive DDoS attack against Spamhaus's email and web servers.
This attack peaked at 300 Gbit/s, a scale previously unseen in a public attack, and lasted for over a week.
CyberBunker's website was also targeted in the attack, possibly becoming a victim of a DDoS attack itself.
Sven Olaf Kamphuis, a spokesman for CyberBunker, was arrested in April 2013 for his alleged involvement in the attack, and was later found guilty and sentenced to 240 days in prison.
Spam- und DDoS-Attacken
CyberBunker didn't care about the blacklist from The Spamhaus Project, an organization that fights spam.
After Spamhaus blacklisted CyberBunker in March 2013, a massive Distributed Denial of Service (DDoS) attack was launched against Spamhaus email and web servers, lasting for over a week.
The attack reached speeds of up to 300 Gbit/s, a scale previously unseen in DDoS attacks.
Five national police forces were investigating the attack at the time.
CyberBunker's former location, a bunker in Kloetinge, had been out of operation since a fire in 2002, according to Bunkerinfra Datacenters (BIDC), which was operating the former CyberBunker at the time.
The Pirate Bay
The Pirate Bay was a thorn in the side of CyberBunker, a Dutch-based hosting service that operated as CB3Rob Ltd & Co KG in Germany.
In October 2009, The Pirate Bay moved its operations from Sweden to CyberBunker, which was located in Kloetinge.
The Hamburg district court ruled in 2010 that CyberBunker was no longer allowed to host The Pirate Bay, and was subject to a €250,000 fine or up to two years' imprisonment for each infringement.
A German court issued an injunction against CyberBunker in May 2010, ordering it to stop routing web pages in connection with The Pirate Bay.
The Pirate Bay's website was only offline for a day before it was likely relaunched via the Ukraine.
Video, Audio
If you're interested in learning more about CyberBunker's activities through various media, there's a documentary called "Der Cyberbunker – Verbrechen aus der Provinz" that's 30 minutes long and available on NDR from 2020.
You can also watch a Netflix documentary called "Cyberbunker – Darknet in Deutschland" for more insights.
The podcast "Die Tech-Anarchie des Mister X" on Spiegel.de offers a 46-minute in-depth look at CyberBunker's activities.
Here are some documentaries and podcasts to get you started:
- Der Cyberbunker – Verbrechen aus der Provinz (30 Min., NDR, 2020)
- Cyberbunker – Darknet in Deutschland (Netflix, 2023)
- Die Tech-Anarchie des Mister X (Podcast, 46 Min., Spiegel.de, 3. April 2025)
Analysis and Legacy
CyberBunker emerged as a defiant actor in the sphere of internet hosting, initially in a NATO bunker in Zeeland, Netherlands and then in Traben-Trarbach, Germany.
It advertised 'bulletproof host' services, hosting nearly any website except for those involving child pornography and terrorism.
The company was accused of harboring spammers, botnet command and control centers, as well as malware, and was fingered in Border Gateway Protocol hijacks.
In September of last year, German police raided the actual Cyberbunker and arrested several suspects.
Over 2 petabytes of data were seized, including servers, mobile phones, hard drives, laptops, external storage, and documents.
Several individuals involved with Cyberbunker are currently undergoing a criminal trial in Germany.
To pay for legal expenses, the principles behind Cyberbunker sold the Cyberbunker IP address space to the Dutch company Legaco.
Legaco agreed to route the Cyberbunker IP address space to a honeypot for two weeks, allowing the collection of data about any remaining criminal activity.
The IP address space included 185.103.72.0/22, 185.35.136.0/22, and 91.209.12.0/24, which comes down to about 2300 IP addresses.
Released by Netflix in November 2023, “CyberBunker: In “The Criminal Underworld” discussed particular aspects of how the hackers managed to build one of the largest dark web hosting services.
A seized banner was placed on the Cyberbunker website, highlighting the attention the company received.
Featured Images: pexels.com


