Three VPN services that provided a safe haven for cybercriminals for more than a decade have been take down as part of a joint operation between law enforcement agencies from the US, Germany, France and Switzerland.
Law enforcement agencies seized the domains insorg[.]org, safe-inet[.]com, and safe-inet[.]net and their homepages have now been replaced with banners telling visitors that the sites have been seized as part of Operation Nova.
In separate press releases, the US Department of Justice and Europol explained that the three companies’ servers were routinely used to mask the real identities of ransomware gangs, Magecart groups and other cybercriminals.
The three illegal VPN services allowed attackers to operate from behind a proxy network that was up to five layers deep so that their online activities couldn’t be traced back to them.
All three companies that had their domains seized operated bulletproof hosting services according to law enforcement.
“A “bulletproof hosting service” is an online service provided by an individual or an organization that is intentionally designed to provide web hosting or VPN services for criminal activity. These services are designed to facilitate uninterrupted online criminal activities and to allow customers to operate while evading detections by law enforcement. A bulletproof hoster’s activities may include ignoring or fabricating excuses in response to abuse complaints made by their customer’s victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs (so that none are available for review by law enforcement). ”
The operators of these illegal VPNs also used underground hacking forums to advertise their services to cybercriminals that wanted to avoid detection online.
While all three domains have now been seized, Europol says that it plans to analyze the data collected from the sites in order to take action against some of the service’s users.