The arrest was made because of a suspicion that Kamphius might be behind a massive DDoS attack on Spamhaus that also impacted Cloudflare. I don't have any evidence that CB3ROB or any of his business associates are behind the DDoS attack, but there's a well-known public spat between Spamhaus (who accuse Cyberbunker of being spammers) and Cyberbunker (who accuse Spamhaus of being vigilantes who want to stifle free speech).
It's hard to see why Anon is pro-CB3ROB and so anti-Spamhaus. Yes, it has been reported that CyberBunker has helped to host the Pirate Bay and Wikileaks in the past, both favourites of Anon and not necessarily bad things in themselves. And Spamhaus doesn't actually block anything - it provides a reputation scoring system that others can use to see if they want to accept or reject email, but Spamhaus's very assertive actions against CyberBunker seem to have been the trigger.
But perhaps the critical question is this - what does CyberBunker (and CB3ROB Ltd) actually host?
I identified 866 websites in the large 18.104.22.168/19 block (22.214.171.124 - 126.96.36.199) allocated to both CyberBunker and CB3ROB, although this list is probably not comprehensive. This is what I discovered:
- 74% of them are flagged as spam domains by multi.surbl.org
- 39% are flagged as spam on more than one blacklist
- 0.9% of them are flagged as malware domains by Google
- 78% of them have a poor WOT reputation
Given the high level of domains flagged for spam, the obvious conclusion is that CyberBunker has a serious spam problem and a less serious malware problem mostly centered on 188.8.131.52 and also 184.108.40.206 (more info here) Perhaps there are some legitimate sites in this list who have been caught up in the crossfire, although nothing seems to stand out. I'd love to know who is using CyberBunker for anything other than spam and malware.
You can look at the evidence yourself and decide if CB3ROB is a champion of free speech or someone who supports spammers. I know what my conclusion is though.