In a rather unprecedented enforcement action, the FBI and Europol have shut down a ‘bulletproof’ VPN provider that helped cybercriminals to conceal their operations. The service didn’t keep logs and routed traffic through a series of VPN connections. While many VPNs strive to keep customers private and secure, this company clearly crossed a line.
Millions of Internet users around the world use a VPN to protect their privacy online.
Another key benefit is that VPNs hide users’ true IP-addresses, making them more anonymous. This prevents third-party monitoring outfits from carrying out unwanted snooping.
While there are good reasons to remain ‘relatively’ anonymous these services can also be abused by criminals. That can present problems, as most good VPN providers keep no identifiable logs, which makes the job of law enforcement agencies harder.
This week, the FBI and Europol shut down “Safe-Inet,” a VPN service that went to extreme lengths to keep its customers hidden. The enforcement effort, dubbed “Operation Nova,” was coordinated by the German Reutlingen Police Headquarters with help from many international partners.
According to Europol, Safe-Inet was used by some of the biggest cybercriminals including ransomware operators that held hundreds of companies hostage. With help from the VPN service, the criminals were able to avoid detection.
“This VPN service was sold at a high price to the criminal underworld as one of the best tools available to avoid law enforcement interception, offering up to 5 layers of anonymous VPN connections,” Europol notes.
“Law enforcement were able to identify some 250 companies worldwide which were being spied on by the criminals using this VPN. These companies were subsequently warned of an imminent ransomware attack against their systems, allowing them to take measures to protect themselves against such an attack.”
Servers and Domains Seized
The operation targeted several servers and domains of the VPN service, which also offered bulletproof hosting. U.S. authorities also seized several servers and have assumed control over three associated domain names: INSORG.ORG, SAFE-INET.COM and SAFE-INET.NET.
The domain names all show a seizure banner now complete with the badges of the various enforcement agencies that contributed to the operation. A screenshot copy (via) of the working INSORG site shows that it offered various VPN, proxy and anonymizer options.
At first sight, it’s quite an unprecedented move to take down a company that does what every good VPN is supposed to. That is, protecting the privacy of its users. However, it appears that Safe-Inet went further than that.
“Designed to Support Crime”
Commenting on the matter, the US Department of Justice notes that so-called “bulletproof” services are “intentionally designed” to provide hosting or VPN services to criminals.
“These services are designed to facilitate uninterrupted online criminal activities and to allow customers to operate while evading detections by law enforcement. Many of these services are advertised on online forums dedicated to discussing criminal activity.
“A bulletproof hoster’s activities may include ignoring or fabricating excuses in response to abuse complaints made by their customer’s victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs.”
The Justice Department says that by acting in this manner, these companies knowingly aid and support the criminal activities of their customers, which makes them liable as well.
Needless to say, this enforcement action and the comments that come with it will create a lot of uncertainty among VPN providers. There are dozens if not hundreds of VPN companies that don’t keep logs, and some of these are undoubtedly used by criminals as well.
Advertising in Shady Places
While further details about the investigation have not been revealed, we expect that Safe-Inet was not just any regular VPN provider. The Justice Department claims that it was actively helping and advertising to criminals. That changes things.
When we searched through a few forums where stolen credit cards are traded, Safe-Inet and associated names indeed showed up to market its services.
“We are happy to announce you about our elite level of service for high anonymity in the Internet network from insorg.org company, on advert reads, with another one mentioning that they don’t record logs and never show the real IP-address.
Needless to say, Operation Nova comes as a shock to the VPN industry, but regular VPNs don’t advertise in these places.
The i2Coalition, which includes several prominent VPN services among its members, says it supports the law enforcement action. While many of its members don’t keep any logs, they do what they can to deter criminal abuse.
“Any technology can be misused, and the overwhelming majority of VPN usage is for legal and legitimate purposes, and millions of consumers and businesses rely on VPNs for essential online protection,” i2Coalition notes.
VPN services won’t be rendered illegal anytime soon, but those who advertise their services on criminal platforms or knowingly help dodgy customers could be in trouble. The problem is, however, that it’s not entirely clear where the line is drawn.
Many thanks to TorrentFreak for the breaking news.