Dutch police help smash network allegedly masking cybercriminals

DoubleVPN’s domains and server infrastructure taken down by international team

“These people thought they could remain anonymous while facilitating large-scale cybercrime operations,” said Dutch public prosecutor Wieteke Koorn. Photograph: Getty
“These people thought they could remain anonymous while facilitating large-scale cybercrime operations,” said Dutch public prosecutor Wieteke Koorn. Photograph: Getty

A global network allegedly used by cybercriminals to hide their identities during high-profile attacks has been taken down in a co-ordinated fightback by police in the United States, Canada and Europe against increasingly brazen ransomware attacks and data phishing.

The raid – led by Dutch police in co-operation with the European policing agency Europol – seized the web domains and server infrastructure of DoubleVPN, a company that provided a virtual private network from which the criminals allegedly targeted their victims.

According to Europol, the service claimed to provide a high level of anonymity by offering single, double, triple and even quadruple VPN connections to its clients, thereby significantly boosting – it was assumed – the security of a single-server connection.

Multihop servers

So called multi-hop connections add an extra layer of encryption for each hop around the globe by “cascading” or “chaining” two or more servers together. Multihop servers are often called “double VPNs”, hence the name of the company.

READ SOME MORE

“These people thought they could remain anonymous while facilitating large-scale cybercrime operations,” said Dutch public prosecutor Wieteke Koorn, “but we’ve made it clear that from now on there are no safe havens for these criminals.”

Such was DoubleVPN’s confidence that it was beyond the law that it advertised prominently on both Russian-speaking and English-speaking “dark net” cybercrime forums – allegedly offering to mask the locations and identities of ransomware operators and phishing fraudsters.

Incriminating data

Hackers allegedly paid as little as $25 or €22 for access to a VPN that allowed them to go to work undermining companies, small and large, and perhaps even governments around the world, in the belief they could not be detected.

On Thursday, however, the company's website showed a "splash" page informing clients that police in the Netherlands, Germany, the US and Canada had seized the domain, along with incriminating data on DoubleVPN's customers.

“We are sending this message to the criminals who’ve been using these services – the golden age of criminal VPNs is over,” said Edvardas Sileris of Europol.

Ireland was the victim of a Conti ransomware attack in May when the Health Service Executive was forced to shut down its IT systems. According to the FBI, Conti attacks typically attack healthcare and first-responder networks.

Phishing attacks usually aim to steal data such as log-in details or credit card numbers.

The long-term social impact of successful attacks, warns Europol, is to undermine public trust in digital technology.

Peter Cluskey

Peter Cluskey

Peter Cluskey is a journalist and broadcaster based in The Hague, where he covers Dutch news and politics plus the work of organisations such as the International Criminal Court