Cops steal legal VPN frail by ransomware gangs

A coordinated sting has ended the operations of the DoubleVPN provider, the owners of that are accused of harbouring cyber legal express

Alex Scroxton

Alex Scroxton,
Security Editor

Published: 30 Jun 2021 15: 15

The DoubleVPN digital non-public community (VPN) provider has been pressured offline and servers seized in a coordinated law enforcement operation in opposition to the provider, which is accused of offering a stable haven for malicious actors, alongside side ransomware crews, to assault their victims.

In an operation with echoes of most modern stings in opposition to Encrochat, an encrypted telecoms community that is for the time being the topic of factual bound in multiple jurisdictions, the coordinated takedown modified into let by the Dutch National Police with international bound overseen by Europol and Eurojust under the framework of the European Multidisciplinary Platform Against Prison Threats (EMPACT).

Other companies consuming on the operation, which has been eight months in the planning, consist of law enforcement bodies from Bulgaria, Canada, Germany, Italy, Sweden, Switzerland and the US, as well to the UK’s National Crime Agency (NCA).

“This legal investigation concerns perpetrators who say they will remain anonymous, while facilitating enormous-scale cyber crime operations,” stated Dutch public prosecutor Wieteke Koorn.

“By taking factual bound, alongside side the particular investigatory energy for digital intrusion, we want to place it very certain there can no longer be any stable havens for these more or much less criminals. Their legal acts injury the digitalised society and erode the belief of residents and companies in digital applied sciences, therefore their behaviour has to be stopped.”

Edvardas Šileris, head of Europol’s EC3, added: “Law enforcement is easiest when working together and currently’s announcement sends a stable message to the criminals utilizing such products and companies: the golden age of legal VPNs is over. Alongside side our international partners, we’re dedicated to getting this message throughout loud and seemingly.”

The operators of DoubleVPN had allegedly heavily advertised their provider on Russian and English-language darkish web forums as a critical technique to camouflage the establish and identity of ransomware gangs and phishing scammers. They claimed to kind excessive-levels of anonymity by technique of single, double, tripe and in most cases quadruple VPN connections to its consumer servers. Its cheapest connection is known to comprise price as small as £19. At the time of writing, its web domains had been modified with related law enforcement splash pages.

John Denley, deputy director of the NCA’s National Cyber Crime Unit, which took the UK node of the DoubleVPN community offline on 29 June, described the operation as famous because it modified into the first time law enforcement had been in a establish to plot close tell bound in opposition to against the law-enabling provider of this nature.

“Double VPN modified into a multi-layered digital non-public community provider trip by cyber criminals, to enable fellow cyber criminals to cloak their identities online. It allowed them to anonymously speak, identify victims then successfully sneak in and habits reconnaissance on their programs as a precursor to launching a cyber assault,” he stated.

Denley added that the NCA had established the identities of loads of UK-based fully victims whose networks were unlawfully accessed by DoubleVPN, all of which had been notified and are receiving beef up if wanted.

“We know that legal products and companies corresponding to DoubleVPN are frail by the organised crime groups in the abet of some of the realm’s most critical ransomware traces, which had been frail to rob recordsdata from and extort victims,” he stated.

“Ransomware attacks comprise evolved and elevated in severity over most modern years, with authorities and national infrastructure being targeted. The NCA is working closely with partners to bolster our functionality to answer to this national security risk and affords a enhance to the UK’s response to cyber crime.”