Skip to main content

This crooked VPN service was collecting user data the whole time

Hacker Typing
(Image credit: Shutterstock)
Audio player loading…

A Russian-based VPN (opens in new tab) service that was popular among cybercriminals has been seized by an international law enforcement operation led by the Dutch National Police with support from Europol and Eurojust.

As reported (opens in new tab) by BleepingComputer, DoubleVPN was commonly used by cybercriminals due to the fact that it offered a double-encryption service to help them evade detection when conducting their illegal activities online. 

However, what they didn't know is that the service was keeping tabs on them in the form of customer logs that were seized along with servers and data from the company.

When using DoubleVPN, requests are encrypted and transmitted to one VPN server and then sent to additional VPN servers before finally connecting to the final destination. This allowed cybercriminals to hid both their real locations and originating IP addresses (opens in new tab) when launching cyberattacks on both businesses and consumers.

DoubleVPN Seized by Law Enforcement

(Image credit: Dutch National Police)

Seized by law enforcement

DoubleVPN's website is now offline after it was taken down by law enforcement and in its place, there is now a website seizure notice (opens in new tab) that explains how the VPN's owners “failed to provide the services they promised”.

While cybercriminals thought they were getting a secure VPN (opens in new tab) that would help them stay anonymous, in reality the company was collecting personal information on them as well as logs and statistics on their online activity.

Europol provided further details on how DoubleVPN was marketed to cybercriminals and used to compromise networks worldwide in a press release (opens in new tab), saying:

“DoubleVPN was heavily advertised on both Russian and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and phishing fraudsters. The service claimed to provide a high level of anonymity by offering single, double, triple and even quadruple VPN-connections to its clients. DoubleVPN was being used to compromise networks all around the world.” 

Via BleepingComputer (opens in new tab)

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.