Cybercrime , Fraud Management & Cybercrime , Fraud Risk Management

Police Dismantle Cybercrime 'Bulletproof Hosting Service'

Authorities Shut Down VPN That Supported Illegal Operations
Police Dismantle Cybercrime 'Bulletproof Hosting Service'
One of the three domains seized by law enforcement during Operation Nova

The FBI, Europol and other law enforcement agencies shut down a virtual private network Tuesday that was providing a "bulletproof hosting service" that allowed cybercriminals to conduct a variety of illegal operations, including ransomware attacks, while remaining hidden from police.

See Also: OnDemand | Combatting Rogue URL Tricks: How You Can Quickly Identify and Investigate the Latest Phishing Attacks

No arrests were made in association with the takedown.

The joint effort, dubbed "Operation Nova," took down three domains associated with the VPN named Safe-Inet - Insorg.org, Safe-Inet.com and Safe-Inet.net - all of which were used as part of the bulletproof hosting service, the U.S. Justice Department reports.

"These services are designed to facilitate uninterrupted online criminal activities and to allow customers to operate while evading detections by law enforcement,” the Justice Department states. “Many of these services are advertised on online forums dedicated to discussing criminal activity."

Europol, the European law enforcement agency, says this high-priced VPN service was advertised on darknet forums. For more than a decade, cybercriminals used it to facilitate online crimes, including ransomware attacks and e-commerce skimming. The service offered up to five layers of anonymous VPN connections to help avoid law enforcement interception.

"Law enforcement was able to identify some 250 companies worldwide which were being spied on by the criminals using this VPN,” Euopol states. “These companies were subsequently warned of an imminent ransomware attack against their systems, allowing them to take measures to protect themselves against such an attack.”

Operation Nova

The takedown was led by the German Reutlingen Police headquarters, working in conjunction with the FBI, Europol, French, Swiss and Dutch law enforcement agencies. In addition to the domains being taken offline, the police agencies took down servers located in five countries on Monday, the Justice Department says.

The VPN moved its customer accounts and data from one IP address, server or country to another to help evade detection, authorities say. Also, it did not maintain logs.

"Much of the criminal activity occurring on the network involved cyber actors responsible for ransomware, e-skimming breaches, spear phishing and account takeovers,” the Justice Department says. “The service's website offered support in Russian and English languages at a high price to the criminal underworld. This infrastructure preferred by cybercriminals was used to compromise networks all around the world."

International Cooperation

Operation Nova is the latest in a series of international legal actions designed to crack down on online operations that help facilitate cybercrime.

In November, Europol, working with other European agencies, arrested two Romanians for allegedly selling services - including malware encryption - that helped cybercriminals circumvent antivirus tools (see: 2 Arrested for Operating Malware Encryption Service).

An international law enforcement operation in October involving 16 countries resulted in the arrest of 20 individuals suspected of belonging to the QQAAZZ criminal network, which helped launder cash and cryptocurrency for other cybercriminals (see: 20 Arrested in Money-Laundering Crackdown).


About the Author

Doug Olenick

Doug Olenick

Former News Editor, ISMG

Olenick has covered the cybersecurity and computer technology sectors for more than 25 years. Prior to his stint as ISMG as news editor, Olenick was online editor for SC Media, where he covered every aspect of the cybersecurity industry and managed the brand's online presence. Earlier, he worked at TWICE - This Week in Consumer Electronics - for 15 years. He also has contributed to Forbes.com, TheStreet and Mainstreet.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.in, you agree to our use of cookies.