A global operation takes down the infrastructure of DoubleVPN and seizes data about its customers
Authored by Amer Owaida, Security Writer at ESET
Law enforcement agencies from Europe, the United States and Canada have teamed up to take down the web domains and seized the infrastructure of DoubleVPN, a virtual private network (VPN) service that was used by cybercriminals to conduct their activities anonymously.
“Servers were seized across the world where DoubleVPN had hosted content, and the web domains were replaced with a law enforcement splash page. This coordinated takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT),” reads Europol’s press release.
The takedown operation was spearheaded by the Dutch National Police, and the international operation was coordinated under the auspices of Europol and Eurojust, the European Union’s law enforcement and legal agencies, respectively.
However, the whole operation encompassed a long list of law enforcement and other authorities from the United States, Canada, Sweden, Germany, Switzerland, and Bulgaria. While it’s not immediately clear if any arrests were made, with the information seized it’s safe to assume that legal action will follow soon.
“On 29th of June 2021, law enforcement took down DoubleVPN. Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs, and statistics kept by DoubleVPN about all of its customers. DoubleVPN’s owners failed to provide the services they promised,” reads the splash notice on the now-defunct DoubleVPN website.
DoubleVPN’s services were mainly promoted on Russian and English language underground hacking and cybercriminal forums, offering anonymity by hiding the identities and locations of various types of scammers, fraudsters, and even ransomware operators. The service did so by offering different tiers of connections to the criminally-minded, ranging from single all the way up to quadruple VPN connections, with the cheapest service costing no more than US$25.
Dutch Public Prosecutor Wieteke Koorn warned that there would be no safe harbor for cybercriminals: “This criminal investigation concerns perpetrators who think they can remain anonymous, while facilitating large-scale cybercrime operations. By taking legal action, including the special investigatory power for digital intrusion, we want to make it very clear there cannot be any safe havens for these kind of criminals. Their criminal acts damage the digitalised society and erode the trust of citizens and companies in digital technologies, therefore their behaviour has to be stopped.”
It has been quite a busy period for law enforcement agencies cracking down on multiple flavors of cybercrime. Just a few weeks ago, the Federal Bureau of Investigation and the Australian Federal Police led a global crackdown that led to the arrest of more than 800 suspects after criminals were tricked into using an FBI-run chat app.