Law enforcement has seized the servers of DoubleVPN (doublevpn.com), a Russian-based VPN service that provides double-encryption service widely used by threat actors to anonymize their operation while performing malicious activities. The VPN service was offered for a starting price of €22 ($25).
“Servers were seized across the world where DoubleVPN had hosted content, and the web domains were replaced with a law enforcement splash page. This coordinated takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT).” reads the press release published by the EUROPOL.
“DoubleVPN was heavily advertised on both Russian and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and phishing fraudsters. The service claimed to provide a high level of anonymity by offering single, double, triple and even quadruple VPN-connections to its clients.”
The operation is a joint effort of the Germany’s BKA, Netherland’s Politie, the FBI, the UK National Crime Agency, the United States Secret Service, the Royal Canadian Mounted Police, Eurojust, Switzerland’s Polizia Cantonale, Europol, Bulgaria’s GDBOP, and the Swedish National Police.
According to BleepingComputer, which first reported the news, the Police also acquired the customer logs and statistics for its customers’ activities. Anyway, until its seizure by law enforcement, the Russian VPN service provider claimed the service was not kepting users’ logs.
“On 29th of June 2021, law enforcement took down DoubleVPN. Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers. DoubleVPN’s owners failed to provide the services they promised.” state the message published by the authorities on the seized domain. “International law enforcement continues to work collectively against facilitators of cybercrime, wherever and however it is committed. The investigation regarding customer data of this network will continue.”
Follow me on Twitter: @securityaffairs and Facebook
|[adrotate banner=”9″]||[adrotate banner=”12″]|
(SecurityAffairs – hacking, cybercrime)