Police bring down "bulletproof" VPN services beloved by cybercriminals

• Operation Nova brings down VPN services “intentionally designed for criminal activity”
• Customers warned that international law enforcement continues to investigate who might have used seized services for past attacks

The FBI, working with law enforcement agencies across Europe, have seized three web domains and the server infrastructure used by a VPN service to allegedly help cybercriminals compromise networks around the world, and evade detect by police.

The VPN service, offered via websites at safe-inet.net, safe-inet.com, and insorg.org, have operated for more than ten years, and was advertised on Russian and English-language cybercrime forums for prices ranging from US $1.30 per day to $190 for a full year’s use.

According to a statement by the US Department of Justice, services offered by the websites were designed to facilitate uninterrupted criminal activities online, allowing hackers to operate while evading detection by law enforcement.

As part of this, according to the United States authorities, the so-called “bulletproof” services might ignore abuse complaints made by their customer’s victims, or make up excuses, and might even move a criminal customer’s accounts and/or data from one system to another to help them evade detection.

“By providing these services, the bulletproof hosts knowingly support the criminal activities of their clients and become co-conspirators in criminal schemes,” said the Department of Justice.

Those schemes involved working with criminals responsible for ransomware, spearphishing, and other attacks.

In an operation dubbed “Operation Nova”, Europol, the FBI, and law enforcement agencies from Germany, Switzerland, and France, have now seized the websites’ domains, replacing their homepages with a banner.

A message on the seized sites warns past users that the investigation into the site’s operators and users is ongoing:

The analysis of the seized data and the international investigations regarding the operators and users of the network will be continued.

Europol has said that it will use the information collected from the seized servers to build cases against some of the service’s past users.

Obviously there are many legitimate uses of VPN services – it is far from the case that all users are criminals. What appears to have caused law enforcement to take action against these websites is law enforcement’s belief that they were intentionally designed to provide web hosting and VPN services for criminal activity – and facilitating cybercrime is a federal crime.