This week, law enforcement agencies from the United States, Germany, France, Switzerland, and the Netherlands have captured the web domains and server infrastructure of three VPN services that offered a safe haven for hackers to attack their victims.
The three services, active for over a decade, are reported to be run by the same individual/group, and have been profoundly marketed on both Russian and English-speaking covert cybercrime fora, where they were sold for prices ranging from $1.3/day to $190/year.
As per the US Department of Justice and Europol, servers of the three companies were often used to hide the real identities of ransomware cliques, web skimmer (Magecart) groups, online phishers, and cybercriminals involved in account seizures.
Law enforcement termed the three as “bulletproof hosting services,” a term characteristically used to label web businesses that don’t take down criminal content, despite repetitive requests.
“A bulletproof hoster’s activities may include ignoring or fabricating excuses in response to abuse complaints made by their customer’s victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs (so that none are available for review by law enforcement),” the DOJ said.
Servers were captured this week across five countries where the three VPN providers had hosted content. Europol said it plans to examine the collected information and begin cases to recognize and take action against some of the services’ users.
“The investigation carried out by our cybercrime specialists has resulted in such a success thanks to the excellent international cooperation with partners worldwide. The results show that law enforcement authorities are equally as well connected as criminals,” said Udo Vogel, Police President of the Reutlingen Police Headquarters.