Police Dismantle Cybercrime 'Bulletproof Hosting Service'Authorities Shut Down VPN That Supported Illegal Operations
The FBI, Europol and other law enforcement agencies shut down a virtual private network Tuesday that was providing a "bulletproof hosting service" that allowed cybercriminals to conduct a variety of illegal operations, including ransomware attacks, while remaining hidden from police.
No arrests were made in association with the takedown.
The joint effort, dubbed "Operation Nova," took down three domains associated with the VPN named Safe-Inet - Insorg.org, Safe-Inet.com and Safe-Inet.net - all of which were used as part of the bulletproof hosting service, the U.S. Justice Department reports.
"These services are designed to facilitate uninterrupted online criminal activities and to allow customers to operate while evading detections by law enforcement,” the Justice Department states. “Many of these services are advertised on online forums dedicated to discussing criminal activity."
Europol, the European law enforcement agency, says this high-priced VPN service was advertised on darknet forums. For more than a decade, cybercriminals used it to facilitate online crimes, including ransomware attacks and e-commerce skimming. The service offered up to five layers of anonymous VPN connections to help avoid law enforcement interception.
"Law enforcement was able to identify some 250 companies worldwide which were being spied on by the criminals using this VPN,” Euopol states. “These companies were subsequently warned of an imminent ransomware attack against their systems, allowing them to take measures to protect themselves against such an attack.”
The takedown was led by the German Reutlingen Police headquarters, working in conjunction with the FBI, Europol, French, Swiss and Dutch law enforcement agencies. In addition to the domains being taken offline, the police agencies took down servers located in five countries on Monday, the Justice Department says.
The VPN moved its customer accounts and data from one IP address, server or country to another to help evade detection, authorities say. Also, it did not maintain logs.
"Much of the criminal activity occurring on the network involved cyber actors responsible for ransomware, e-skimming breaches, spear phishing and account takeovers,” the Justice Department says. “The service's website offered support in Russian and English languages at a high price to the criminal underworld. This infrastructure preferred by cybercriminals was used to compromise networks all around the world."
Operation Nova is the latest in a series of international legal actions designed to crack down on online operations that help facilitate cybercrime.
In November, Europol, working with other European agencies, arrested two Romanians for allegedly selling services - including malware encryption - that helped cybercriminals circumvent antivirus tools (see: 2 Arrested for Operating Malware Encryption Service).
An international law enforcement operation in October involving 16 countries resulted in the arrest of 20 individuals suspected of belonging to the QQAAZZ criminal network, which helped launder cash and cryptocurrency for other cybercriminals (see: 20 Arrested in Money-Laundering Crackdown).