Skip to main content

Several major VPN services taken offline for reportedly offering illegal services

VPN
(Image credit: Shutterstock.com)
Audio player loading…

A number of VPN (opens in new tab) platforms have been taken offline after reportedly offering services to cybercriminals.

Three services that provided a safe haven for cybercriminals for more than a decade have been take down as part of a joint operation between law enforcement agencies from the US, Germany, France and Switzerland.

Law enforcement agencies seized the domains insorg[.]org, safe-inet[.]com, and safe-inet[.]net and their homepages have now been replaced with banners telling visitors that the sites have been seized as part of Operation Nova.

In separate press releases, the US Department of Justice and Europol explained that the three companies' servers were routinely used to mask the real identities of ransomware gangs, Magecart (opens in new tab) groups and other cybercriminals.

The three illegal VPN services allowed attackers to operate from behind a proxy network (opens in new tab) that was up to five layers deep so that their online activities couldn't be traced back to them.

Bulletproof hosting

All three companies that had their domains seized operated bulletproof hosting (opens in new tab) services according to law enforcement. 

The US Attorney’s Office for the Eastern District of Michigan provided further insight on how bulletproof hosting differs from traditional web hosting (opens in new tab) in a press release (opens in new tab), saying:

“A “bulletproof hosting service” is an online service provided by an individual or an organization that is intentionally designed to provide web hosting or VPN services for criminal activity.  These services are designed to facilitate uninterrupted online criminal activities and to allow customers to operate while evading detections by law enforcement. A bulletproof hoster’s activities may include ignoring or fabricating excuses in response to abuse complaints made by their customer’s victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs (so that none are available for review by law enforcement). ”

The operators of these illegal VPNs also used underground hacking forums (opens in new tab) to advertise their services to cybercriminals that wanted to avoid detection online.

While all three domains have now been seized, Europol says that it plans to analyze the data collected from the sites in order to take action against some of the service's users.

Via ZDNet (opens in new tab)

Anthony Spadafora
Anthony Spadafora

After working with the TechRadar Pro team for the last several years, Anthony is now the security and networking editor at Tom’s Guide where he covers everything from data breaches and ransomware gangs to the best way to cover your whole home or business with Wi-Fi. When not writing, you can find him tinkering with PCs and game consoles, managing cables and upgrading his smart home.