Law enforcement take down three bulletproof VPN providers

The three VPN services provided safe haven for cybercriminals to carry out ransomware attacks, web skimming operations, spearphishing, and account takeovers.
Written by Catalin Cimpanu, Contributor
Image: ZDNet

Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a safe haven for cybercriminals to attack their victims.

The three services were active at insorg.org [2014 snapshot], safe-inet.com [2013 snapshot], and safe-inet.net before the domains were seized and replaced with law enforcement banners on Monday.

The services have been active for more than a decade, are believed to be operated by the same individual/group, and have been heavily advertised on both Russian and English-speaking underground cybercrime forums, where they were sold for prices ranging from $1.3/day to $190/year.

According to the US Department of Justice and Europol, the three companies' servers were often used to mask the real identities of ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, allowing them to operate from behind a proxy network up to five layers deep.

Image: ZDNet

Law enforcement described the three as "bulletproof hosting services," a term typically used to describe web companies that don't take down criminal content, despite repeated requests.

"A bulletproof hoster's activities may include ignoring or fabricating excuses in response to abuse complaints made by their customer's victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs (so that none are available for review by law enforcement)," the DOJ said today.

Servers were seized this week across five countries where the three VPN providers had hosted content. Europol said it plans to analyze the collected information and start cases to identify and take action against some of the services' users.

The investigation, codenamed "Operation Nova," was coordinated by Europol officials, and led by officers from the German Reutlingen Police Headquarters.

"The investigation carried out by our cybercrime specialists has resulted in such a success thanks to the excellent international cooperation with partners worldwide. The results show that law enforcement authorities are equally as well connected as criminals," said Udo Vogel, Police President of the Reutlingen Police Headquarters.

No charges were announced against the individuals behind the three VPN services.

Editorial standards