Industry News

Police bring down “bulletproof” VPN services beloved by cybercriminals

Police bring down "bulletproof" VPN services beloved by cybercriminals
  • Operation Nova brings down VPN services “intentionally designed for criminal activity”
  • Customers warned that international law enforcement continues to investigate who might have used seized services for past attacks

The FBI, working with law enforcement agencies across Europe, have seized three web domains and the server infrastructure used by a VPN service to allegedly help cybercriminals compromise networks around the world, and evade detect by police.

The VPN service, offered via websites at safe-inet.net, safe-inet.com, and insorg.org, have operated for more than ten years, and was advertised on Russian and English-language cybercrime forums for prices ranging from US $1.30 per day to $190 for a full year’s use.

According to a statement by the US Department of Justice, services offered by the websites were designed to facilitate uninterrupted criminal activities online, allowing hackers to operate while evading detection by law enforcement.

As part of this, according to the United States authorities, the so-called “bulletproof” services might ignore abuse complaints made by their customer’s victims, or make up excuses, and might even move a criminal customer’s accounts and/or data from one system to another to help them evade detection.

“By providing these services, the bulletproof hosts knowingly support the criminal activities of their clients and become co-conspirators in criminal schemes,” said the Department of Justice.

Those schemes involved working with criminals responsible for ransomware, spearphishing, and other attacks.

In an operation dubbed “Operation Nova”, Europol, the FBI, and law enforcement agencies from Germany, Switzerland, and France, have now seized the websites’ domains, replacing their homepages with a banner.

A message on the seized sites warns past users that the investigation into the site’s operators and users is ongoing:

The analysis of the seized data and the international investigations regarding the operators and users of the network will be continued.

Europol has said that it will use the information collected from the seized servers to build cases against some of the service’s past users.

Obviously there are many legitimate uses of VPN services – it is far from the case that all users are criminals. What appears to have caused law enforcement to take action against these websites is law enforcement’s belief that they were intentionally designed to provide web hosting and VPN services for criminal activity – and facilitating cybercrime is a federal crime.

About the author

Graham CLULEY

Graham Cluley is an award-winning security blogger, researcher and public speaker. He has been working in the computer security industry since the early 1990s, having been employed by companies such as Sophos, McAfee and Dr Solomon's. He has given talks about computer security for some of the world's largest companies, worked with law enforcement agencies on investigations into hacking groups, and regularly appears on TV and radio explaining computer security threats.

Graham Cluley was inducted into the InfoSecurity Europe Hall of Fame in 2011, and was given an honorary mention in the "10 Greatest Britons in IT History" for his contribution as a leading authority in internet security.