Much of what was reported seems strange.
Running a test bed for viruses and anti-virus packages (presumably just firewalling the reporting channels) doesn't seem to fall into a major crime area. Nor does encryption technology (at the moment).
If it was clearly marketted as a service to develop viruses and conceal them then it makes it look dodgy, but apart from that you are close to making running your own development server with crypto capability illegal. Is it illegal to test if code triggers an anti-virus package? Or is this all based on intent?
It reads as though the headline is there to boost law and order's news profile and pretend they busted a mega criminal instead of someone playing a minor role.
The false claims for refunds seems one of the dodgiest bits.
Bitcoin is largely irrelevant apart from providing an eye catching figure. Which no longer applies.
Look! We caught a crim with half a million in Bitcoin (at last year's value). Doesn't even say the Bitcoin was illegally obtained.