United States law enforcement joins international partners to disrupt a VPN service used to facilitate criminal activity. The Safe-Inet, a virtual private network (VPN) service was shut down and its infrastructure seized in Germany, the Netherlands, Switzerland, France and the United States, declares the Europol.
According to the US Department of Justice, Domain names offered by an organization engaged in “bulletproof hosting” that assisted cyber-criminals were seized and related servers were shut down.
The investigation disclosed that three domains INSORG.ORG; SAFE-INET.COM; SAFE-INET.NET., offered “bulletproof hosting services” to website visitors.
A “bulletproof hosting service” is an online service provided by an individual or an organization that is deliberately designed to provide web hosting or VPN services for criminal activity.
These services are designed to facilitate uninterrupted online criminal activities and to allow customers to operate while evading detections by law enforcement.
Several of these services are advertised on online forums dedicated to discussing the criminal activity.
According to the United States authorities, a bulletproof hoster’s activities might include ignoring abuse complaints raised by their customer’s victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs.
By providing these services, the bulletproof hosts intentionally support the criminal activities of their clients and become coconspirators in criminal schemes.
“The service’s website offered support in Russian and English languages, at a high price to the criminal underworld. This infrastructure preferred by cybercriminals was used to compromise networks all around the world and the seized domains are in the custody of the federal government”, declares the US Department of Justice.
In an operation dubbed “Operation Nova”, Europol, the FBI, and law enforcement agencies from Germany, Switzerland, and France, have now seized the websites’ domains, replacing their homepages with a banner.
A message on the seized sites warns past users that the “Investigation into the site’s operators and users is ongoing”.
The operators of the service provided both VPN and bulletproof hosting, which authorities say have been used by cybercriminals to target at least 250 organizations worldwide. The services have been used for ransomware, payment card skimming, spear-phishing and account takeover attacks.
“The strong working relationship fostered by Europol between the investigators involved in this case on either side of the world was central in bringing down this service. Criminals can run but they cannot hide from law enforcement, and we will continue working tirelessly together with our partners to outsmart them”, states the Head of Europol’s European Cybercrime Centre.