Posted on December 23, 2020 at 4:35 PM
The European Union Agency for Law Enforcement Cooperation, the U.S. Federal Bureau of Investigation, and other governments’ law enforcement engaged in a joint sweeping mission to take down three virtual private network providers used for criminal activities.
The operation was called “Operation Nova,” as the law enforcement seized their server infrastructure and domains for safe-net.net, inet.com, and insorg.org. The three seized VPN domains were alleged to be used for “bulletproof hosting” and other proxy services.
Bulletproof hosting is a type of web hosting which allows those who intend to host illegal websites to host their contents on the web host site. Most of the hosted sites on such platforms are for pornography and online gambling, as the service allows the users to operate while evading detection by law enforcement.
The VPN service from the three affected providers offers safe haven and leniency for the users to carry out spear phishing, web skimming operations, ransomware attacks, and account takeovers. The VPN providers offer protection to the users while they cry out all sorts of criminal activities.
Seized VPN providers active for over a decade
According to the report, the VPN services have been active for more than ten years, and are said to be owned and operated by the same individual or group. The services have also been heavily advertised on English and Russian-speaking underground hacking forums, with prices ranging from $1.3 per day to $190 yearly.
The high demand for bulletproof hosting services has coincided with an increased number of attacks and cybercrime. Hosting providers may look for excuses or ignore abuse complaints from clients’ victims. Sometimes they transfer the client’s data, customer’s account, server, or their country to evade detection. Logs are not even stored that could be traced to them anymore. This makes the cybercriminals able to avoid being detected while they continue to perpetuate their crime.
The law enforcement officials noted that the bulletproof hosts are aware they are offering services for the criminal gangs, making them co-conspirators in the criminal act.
“[…] the bulletproof hosts knowingly support the criminal activities of their clients and become co-conspirators in criminal schemes,” the law enforcement agencies pointed out.
Europol and the US Department of Justice said the three VPN providers were usually used to mask the real identities of the online phishers and ransomware gangs. This allows them to carry out operations from behind a proxy network for about five-layer deep.
Top cybercriminals hosted by Safe-inet VPN
The law enforcement also said “the world’s foremost cybercriminals,” use the seized VPN providers to launch their cybercriminal attacks. The report revealed that the safe-inet in particular is used by some of the top ransomware gangs in the world to hide their identity and carry out massive ransomware attacks.
The VPN service safe-inet offers is said to be sold more expensive than other VPN services by other providers. It’s also advertised as one of the best VPN tools for users who want to evade law enforcement, as it provides five layers of security, Europol reveals.
Famous Magecart hackers also use the VPNs
Also, Bleeping Computer recently reported that the three seized VPN providers were offering support for the popular Magecard skimming gang, which has carried out several attacks all over the world.
The Magecart attack was first discovered two years ago after an attack on British Airways. The cyber gang spread to Inflows Store, Oxo International Ltd, Sweaty Betty, Macy’s Inc, Ticketmaster Entertainment, Cathay Pacific Airways, as well as Newegg Inc.
Head of Reutlingen Police Udo Vogel said the investigation its cybercrime specialists carried out has led to some important discoveries about the operation of these VPN providers. The agency said the cooperation from international enforcement agencies also led to the success of the investigation and subsequent seizures.
“The results show that law enforcement authorities are equally as well-connected as criminals,” Vogel noted.
However, he pointed out that there is more work to be done since these cybercriminals will only look for alternatives to set up their criminal sites.
But the information received after the investigation could go a long way to help further investigations to arrest more illegal VPN providers, he reiterated.