[German]In a coordinated action, Europol has seized and shut down servers through which cybercriminals provided and used VPN services. The VPN services were used, for example, in ransomware infections. The disruption of the infrastructure is intended to deprive cybercriminals of the opportunity to use such VPN services.
Advertising
The service of VPN provider VPNLab.net, has offered shielded communications and Internet access, but it was used to support serious criminal acts such as the spread of ransomware and other cybercrime activities.
VPNLab.net: First choice for Cybercriminals
Founded in 2008, VPNLab.net offered services based on OpenVPN technology and 2048-bit encryption to provide online anonymity for as little as $60 per year. The service also offered double VPN, with servers in many different countries. This made VPNLab.net a popular choice for cybercriminals, who could use its services to continue their crimes without fear of detection by the authorities.
In the focus of Europol
Law enforcement agencies became aware of the provider after several investigations revealed that criminals were using the VPNLab.net service to facilitate illegal activities such as malware distribution. Other cases showed that the service was used to build the infrastructure and communication behind ransomware campaigns, as well as for the actual deployment of ransomware.
At the same time, investigators found that the service was advertised on the dark web itself. As a result of the investigation, more than a hundred companies were identified as being threatened by cyberattacks. Law enforcement agencies are working directly with these potential victims to mitigate their vulnerability.
Europol shuts down infrastructure
This week, law enforcement agencies cracked down on criminal abuse of VPN services, targeting VPNLab.net users and infrastructure. On January 17, coordinated disruptive actions occurred in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, the United States, and the United Kingdom.
Advertising
Law enforcement agencies have now seized or stopped the 15 servers that hosted VPNLab.net's service, making it unavailable. The action took place under the direction of the Central Criminal Investigation Office of the Hanover Police Department in Germany as part of the EMPACT security framework "Cybercrime – Attacks Against Information Systems".
Seizure notice VPNLab.net
The head of Europol's European Cybercrime Center, Edvardas Šileris, said:
The actions taken in this investigation make it clear that criminals are increasingly running out of ways to cover their tracks on the Internet. Each investigation we conduct serves as a foundation for the next, and the information we have obtained about potential victims means that we may have been able to pre-empt several serious cyberattacks and data breaches.
And Volker Kluwe, the head of the Hanover Police Department, said of the seizure:
An important aspect of this operation is also to show that when service providers support illegal acts and do not provide information in response to lawful requests from law enforcement, these services are not bulletproof. This operation demonstrates the result of effective cooperation among international law enforcement agencies to shut down a global network and destroy such brands.
The following agencies participated in this operation:
- Germany: Hanover Police Department (Polizeidirektion Hannover) – Central Criminal Office and Verden Public Prosecutor's Office
- Netherlands: The Dutch National Hi-Tech Crime Unit
- Canada: Royal Canadian Mounted Police, Federal Policing
- Czech Republic: Cyber Crime Section – NOCA (National Organized Crime Agency)
- France: Sous-Direction de la Lutte Contre la Cybercriminalité à la Direction Centrale de la Police Judiciaire (SDLC-DCPJ)
- Hungary: RSSPS National Bureau of Investigation Cybercrime Department
- Latvia: State Police of Latvia (Valsts Policija) – Central Criminal Police Department
- Ukraine: National Police of Ukraine (Національна поліція України) – Cyberpolice Department
- United Kingdom: The National Crime Agency
- United States: Federal Bureau of Investigation
- Eurojust
- Europol: European Cybercrime Centre (EC3)
European Cybercrime Centre (EC3)
Europol's European Cybercrime Center (EC3) supported the Day of Action through its "CYBORG" analysis project, which organized more than 60 coordination meetings and three in-person workshops, as well as provided analytical and forensic support. Information sharing was facilitated through the Joint Cybercrime Action Taskforce (J-CAT) at Europol headquarters in The Hague. Eurojust organized a coordination meeting to prepare operational actions and provided support to enable cross-border judicial cooperation between all Member States concerned.
