Law enforcement and judicial authorities in Europe, the US and Canada have seized the web domains and server infrastructure of DoubleVPN, said Europol, the European Union’s law enforcement agency.
Headquartered in Hague in Netherlands, Europol assist the 27 European Union member states in their fight against serious international crime and terrorism.
“This is a virtual private network (VPN) service which provided a safe haven for cybercriminals to attack their victims,” said the Europol in a statement.
This coordinated takedown, led by the Dutch National Police (Politie), under jurisdiction of the National Public Prosecutor’s Office (Landelijk Parket), with international activity coordinated by Europol and Eurojust, has now ended the availability of this service.
Servers were seized across the world where DoubleVPN had hosted content, and the web domains were replaced with a law enforcement splash page. This coordinated takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).
DoubleVPN was heavily advertised on both Russian and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and phishing fraudsters.
The service claimed to provide a high level of anonymity by offering single, double, triple and even quadruple VPN-connections to its clients.
DoubleVPN was being used to compromise networks all around the world. Its cheapest VPN-connection cost as little as €22 ($25).
The leading Dutch Public Prosecutor Wieteke Koorn stated: “This criminal investigation concerns perpetrators who think they can remain anonymous, while facilitating large-scale cybercrime operations. By taking legal action, including the special investigatory power for digital intrusion, we want to make it very clear there cannot be any safe havens for these kind of criminals. Their criminal acts damage the digitalised society and erode the trust of citizens and companies in digital technologies, therefore their behaviour has to be stopped.”
The Head of Europol’s EC3, Edvardas Šileris, commented: “Law enforcement is most effective when working together and today’s announcement sends a strong message to the criminals using such services: the golden age of criminal VPNs is over. Together with our international partners, we are committed to getting this message across loud and clear.”
International cooperation was central to the success of this investigation as the critical infrastructure was scattered across the world.
Europol’s European Cybercrime Centre (EC3) supported the investigation from the onset, bringing together all the involved countries to establish a joint strategy. Its cybercrime specialists organised over 30 coordination meetings and four workshops to prepare for the final phase of the takedown, alongside providing analytical and crypto-tracing support.
A virtual command post was set up by Europol on the action day to ensure seamless coordination between all the authorities involved in the takedown.
Eurojust facilitated the judicial cross-border cooperation and coordination, to ensure an adequate response in order to take down the network.
For this purpose, and since October last year, six dedicated coordination meetings took place, organised by Eurojust, and set up a coordination centre during the action day, during which the operation was rolled on the ground by the various national authorities involved.