Law enforcement and judicial authorities in Europe, the U.S. and Canada have seized the web domains and server infrastructure of DoubleVPN. This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims.
This coordinated takedown, led by the Dutch National Police (Politie), under jurisdiction of the National Public Prosecutor’s Office (Landelijk Parket), with international activity coordinated by Europol and Eurojust, has now ended the availability of this service.
Servers were seized across the world where DoubleVPN had hosted content, and the web domains were replaced with a law enforcement splash page. This coordinated takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
DoubleVPN was heavily promoted on both Russian and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and phishing fraudsters. The service claimed to provide a high level of anonymity by offering single, double, triple and even quadruple VPN-connections to its clients.
DoubleVPN was being used to compromise networks all around the world. Its cheapest VPN-connection cost as little as €22 ($25).
Europol’s European Cybercrime Centre (EC3) supported the investigation from the onset, bringing together all the involved countries to establish a joint strategy. Its cybercrime specialists organised over 30 coordination meetings and four workshops to prepare for the final phase of the takedown, alongside providing analytical and crypto-tracing support. A virtual command post was set up by Europol on the action day to ensure seamless coordination between all the authorities involved in the takedown.
Eurojust facilitated the judicial cross-border cooperation and coordination, to ensure an adequate response in order to take down the network. For this purpose, and since October last year, six dedicated coordination meetings took place, organized by Eurojust, and set up a coordination centre during the action day, during which the operation was rolled on the ground by the various national authorities involved.
The Federal Bureau of Investigation, U.S. Secret Service (USSS), and U.S. Department of Justice also participated in the operation.
The leading Dutch Public Prosecutor Ms Wieteke Koorn stated: This criminal investigation concerns perpetrators who think they can remain anonymous, while facilitating large-scale cybercrime operations. By taking legal action, including the special investigatory power for digital intrusion, we want to make it very clear there cannot be any safe havens for these kinds of criminals. Their criminal acts damage the digitalized society and erode the trust of citizens and companies in digital technologies, therefore their behavior has to be stopped.
The Head of Europol’s EC3, Edvardas Šileris, added: “The golden age of criminal VPNs is over. Together with our international partners, we are committed to getting this message across loud and clear.”