International law enforcement implements Russian-language DoubleVPN service allegedly favored by cybercriminals • The Register


Europol, the US Department of Justice and the UK National Crime Agency have removed a VPN service which they claim was primarily used by criminals – claiming to have recovered “personal information, logs and statistics” from the site.

The DoubleVPN site shut down yesterday after law enforcement invaded its servers, with a joint public statement this afternoon confirming the withdrawal was genuine.

Run by the Dutch National Police, the servers behind DoubleVPN in several jurisdictions have been seized by law enforcement.

Europol said the service was “heavily advertised on underground Russian and English-speaking cybercrime forums”, offering its customers double, triple or even quad-layer VPN services.

This kind of setup is the old hacker joke about staying behind seven practiced proxies: Multiple VPN tunnels, stacked on top of each other, were supposed to make accessing internet traffic inside an additional challenge for adversaries – whether law enforcement, criminals, or business competitors.

The operation began in October last year, a few months after a Franco-Dutch police operation aimed at removing the EncroChat encrypted communication app.

DoubleVPN-dot-com splash screen at time of writing

DoubleVPN-dot-com splash screen at time of writing

DoubleVPN-dot-com’s latest Archive.org capture, on June 28, shows that it works like most other VPN sites – with Russian text saying, “We have relatively high prices because the payouts are Customers for subscriptions are our only source of income. Ask ask yourself a question: where do cheap free VPN services get money to pay their expenses? “

The marketing text also read: “We can state with all responsibility that there is no recording of customer activity in our department”, which may or may not be true when criminal charges are laid. .

It seems unlikely that law enforcement killed the service without first finding a way to compromise it, if only to map its infrastructure.

A UK-based VPN service node was the main target of the National Crime Agency. John Denley, deputy director of the NCA’s National Cyber ​​Crime Unit, said in a statement: “Double VPN was a multi-layered virtual private network service run by cybercriminals, to allow other cybercriminals to hide their identities. in line. It allowed them to communicate anonymously, identify victims and then effectively sneak and scout their systems before launching a cyber attack. “

NCA investigators have also contacted a number of UK companies that DoubleVPN operators have apparently accessed illegally.

The agency’s deputy director added: “We know that criminal services such as DoubleVPN are used by organized crime groups behind some of the world’s most significant strains of ransomware, which have been used to steal data and extort victims. “

Along with the EU coordinating agencies, the NCAs of the US and UK were police agencies from Germany, the Netherlands, Canada, Sweden, Italy, Bulgaria and Swiss.

Police seizures of crime-related web infrastructure have escalated over the past year, with the EncroChat seizure followed by the Anom chat app shutting down and revealing to its horrified criminal users that the entire service had been exploited by the US FBI for years. ®


Sylvester L. Goldfarb

Leave a Reply

Your email address will not be published.