Clicky

Wednesday, January 20th, 2021

International law enforcement officials take down VPN used by cybercriminals

© Shutterstock

Law enforcement officials in the United States and worldwide have taken down a virtual private network (VPN) called “Operation Nova” that had been allegedly assisting cybercriminals.

United States Attorney Matthew Schneider said the investigation revealed three domains— INSORG.ORG; SAFE-INET.COM; SAFE-INET.NET— offered “bulletproof hosting services” to website visitors. A “bulletproof hosting service” is designed to provide web hosting or VPN services for criminal activity as they are designed to allow customers to operate while evading detections by law enforcement. A bulletproof hoster’s activities may include ignoring or fabricating excuses in response to abuse complaints made by their customer’s victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs. By providing these services, the bulletproof hosts knowingly support their clients’ criminal activities and become coconspirators in criminal schemes.

Much of the criminal activity occurring on the network involved ransomware, E-skimming breaches, spear phishing, and account takeovers. The service’s website offered support in Russian and English languages, at a high price to the criminal underworld. This infrastructure preferred by cybercriminals was used to compromise networks all around the world.

As a result of the investigation, these domain names were seized, and the related servers were shut down in five different countries. U.S.-based servers used in the scheme were taken offline by U.S. authorities, while International partners did the same.

The investigation was led by the German Reutlingen Police Headquarters together with Europol, the FBI, and other law enforcement agencies from around the world. The Justice Department’s Office of International Affairs provided investigative assistance.

Visitors to the sites will now find a seizure banner that notifies them that the domain name has been seized by federal authorities facilitating computer intrusions is a federal crime.