Europol, the US Department of Justice and the UK’s National Crime Agency have suspended a VPN service they are said to be primarily used by criminals – boasting that they have collected “personal information, logs and statistics” from the site.
DoubleVPN went dark yesterday after law enforcement dug into its servers, with a joint public statement this afternoon confirming that the removal was genuine.
Led by the Dutch National Police, the servers behind DoubleVPN have been seized by law enforcement in multiple jurisdictions.
Europol said the service “has been heavily advertised on Russian and English-speaking secret cybercrime forums,” offering double, triple or even four-tier VPN services to its customers.
This kind of setup is an old joke to hackers about leaving seven proxies in the works: Multiple VPN tunnels, within each other, were supposed to make hard-to-reach Internet traffic a very difficult challenge for adversaries—whether they were law enforcement officers, criminals, or… commercial competitors.
The trial began in October last year, a few months after the French-Dutch police removed the encrypted EncroChat app.
DoubleVPN-dot-com splash screen at the time of writing
Archive.org’s latest DoubleVPN-dot-com capture on June 28 shows that it works like most other VPN sites – complete with Russian text that says, “We have relatively high prices because customer payments for subscriptions are our only source of income. Ask yourself: Where are you getting VPN services for free and cheap money to pay their expenses?”
As stated in the marketing text, “We can certify with full responsibility that there is no logging of customer activity on our Service,” which may or may not be true when criminal charges are filed.
It seems unlikely that law enforcement would shut down the service without finding a way around it – if only to paint the infrastructure.
The UK VPN service hotspot has been the main target of the National Crime Agency. “Double VPN was a multi-layered virtual private network service operated by cybercriminals that allowed fellow cybercriminals to conceal their identities online,” John Denley, deputy director of the NCA’s National Cybercrime Unit, said in a statement. their identity, identify the victims, and then effectively infiltrate and investigate their systems in preparation for a cyberattack.
NCA researchers have also contacted a number of British companies that DoubleVPN operators appear to have illegally contacted.
“We know that criminal services like DoubleVPN are being used by organized crime groups behind some of the world’s most prominent ransomware strains, and have been used to steal data and extort victims,” the agency’s deputy director added.
In addition to the European Union coordination agencies, the United States and the British National Command Agency were police forces from Germany, the Netherlands, Canada, Sweden, Italy, Bulgaria and Switzerland.
Police seizures of crime-related internet infrastructure have escalated over the past year, with the takeover of EncroChat, followed by the shutdown of chat app Anom and revelations to terrified criminal users that the entire service is being run by the US Federal Bureau of Investigation. ®