Joint action by 10 countries and Europol taken down VPNLabs secure communication tool favored by cybercriminals
This week, law enforcement officials targeted VPNLab.net’s users and infrastructure in an effort to stop criminals from misusing VPN services. The VPN provider’s service, which was supposed to provide encrypted communications and internet access, was being utilized in support of major criminal activity like ransomware distribution and other criminality.
On the 17th of January, disruptive acts were carried out in Germany, the Netherlands, Canada, the Czech Republic, France, Hungary, Latvia, Ukraine, United States, and the United Kingdom in a coordinated way. The 15 servers that hosted VPNLab.net’s service have now been seized or disabled by law enforcement, rendering it unavailable. The activity was carried out under the EMPACT security framework aim Cybercrime – Attacks Against Information Systems, and was led by the Central Criminal Office of the Hannover Police Department in Germany.
Cybercriminals’ preferred provider
VPNLab.net was founded in 2008 and provides online anonymity for as little as USD 60 per year using OpenVPN technology and 2048-bit encryption. The firm also offered a dual VPN service, with servers in a variety of countries. As a result, VPNLab.net became a favorite choice for cybercriminals, who could utilize its services to continue committing crimes without the worry of being caught by authorities.
After repeated investigations revealed criminals using the VPNLab.net service to support illicit operations such as virus dissemination, law enforcement became interested in the provider. Other examples demonstrated the service being used in the setup of infrastructure and communications for ransomware operations, as well as the actual ransomware deployment. Simultaneously, investigators discovered the service advertised on the dark web.
More than a hundred organizations have been identified as being vulnerable to cyberattacks as a consequence of the inquiry. To reduce their exposure, law enforcement is engaging directly with these potential victims.
A VPN service that is being used for illicit reasons is being shut down.
Edvardas ileris, the Head of Europol’s European Cybercrime Centre, commented on the VPNLab.net takedown:
Criminals are running out of ways to disguise their traces online, as evidenced by the steps taken as part of this investigation. Each investigation we conduct informs the next, and the information we’ve gathered on potential victims suggests that we may have been able to prevent a number of serious cyberattacks and data breaches.
Volker Kluwe, the chief of the Hanover Police Department, said:
One crucial part of this lawsuit is to demonstrate that service providers are not bulletproof if they promote unlawful activity and refuse to share information on legal requests from law enforcement officials. This case demonstrates the benefits of strong international law enforcement collaboration in shutting down a worldwide network and destroying such trademarks.
The European Cybercrime Centre (EC3) of Europol supported the action day with its Analysis Project ‘CYBORG,’ which organised over 60 coordination meetings and three in-person seminars, as well as analytical and forensic support. The Joint Cybercrime Action Taskforce (J-CAT), which is based at Europol’s headquarters in The Hague, facilitated the information exchange. Eurojust convened a coordination meeting to prepare for the operational measures and provided assistance to all Member States involved in cross-border judicial cooperation.
This operation included the participation of the following authorities:
Germany: Central Criminal Office of the Hanover Police Department (Polizeidirektion Hannover) and Verden Public Prosecutor’s Office
The National Hi-Tech Crime Unit of the Netherlands
Federal Policing in Canada: Royal Canadian Mounted Police
Section of Cybercrime in the Czech Republic – NOCA (National Organized Crime Agency)
France: Direction Centrale de la Police Judiciaire, Sous-Direction de la Lutte Contre la Cybercriminalité (SDLC-DCPJ)
Hungary’s Cybercrime Department of the RSSPS National Bureau of Investigation
Latvia: Central Criminal Police Department (Valsts Policija) of the Latvian State Police (Valsts Policija).
Ukraine: Cyberpolice Department (aонална ол крани) of Ukraine’s National Police (aонална ол крани).
The National Crime Agency is based in the United Kingdom.
Federal Bureau of Investigation (FBI) of the United States
Eurojust
European Cybercrime Centre (Europol) (EC3) objective Cybercrime – Attacks Against Information Systems.
‘Double VPN’ service is a service that allows you to connect to two different VPN servers.
VPNLab’s encrypted communication and internet access services were being used “in support of significant criminal acts such as ransomware deployment and other cybercrime activities,” according to Europol.
It has offered ‘double VPN’ services based on OpenVPN technology and 2048-bit encryption for as little as $60 per year for more than a decade.
“Multiple investigations discovered criminals using the VPNLab.net service to support unlawful operations such as malware distribution,” as per Europol.
“Other examples showed the service being used to build up infrastructure and communications for ransomware operations, as well as the actual deployment of malware.” Simultaneously, investigators discovered the service offered on the dark web.”
‘Successful collaboration’
“The steps carried out under this investigation make apparent that criminals are running out of ways to hide their tracks online,” stated Edvardas ileris, head of Europol’s European Cybercrime Centre, in response to the VPNLab.net shutdown. Each investigation we conduct informs the next, and the information we’ve gathered on potential victims suggests we may have averted a number of major cyber-attacks and data breaches.”
“One crucial component of our case is to highlight that, if service providers promote criminal behavior and do not offer any information on legal requests from law enforcement agencies, these services are not bulletproof,” said Volker Kluwe, chief of the Hanover Police Department in Germany.
This case demonstrates the benefits of efficient international law enforcement collaboration in shutting down a worldwide network and destroying such trademarks.”