A security tool that hackers used to disguise their ransomware attacks, email scams and other nefarious activity is offline following a global law enforcement action.
Servers and web domains belonging to DoubleVPN, a virtual private network (VPN), were seized during an investigation by the Dutch National Police, the FBI, the U.K.’s National Crime Agency and Europol, authorities said Wednesday. Accused cybercriminals advertised DoubleVPN throughout Russian and English-speaking hacker markets as a means of helping customers hide their location and internet traffic from police for prices as low as $25.
“Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers,” a seizure notice on the site advised. “DoubleVPN’s owners failed to provide the services they promised.”
The police announcement did not identify the specific ransomware gangs that allegedly used DoubleVPN.
Internet users throughout the world rely on VPN technology to maintain their privacy, ensure secure internet connections and communicate through a trustworthy source. Unlike other services, DoubleVPN was based in Russia and marketed itself as a means of committing crimes, police said.
If global police in fact obtained personal data and activity logs from alleged hackers who utilized the DoubleVPN service, that information could provide investigators with roadmaps toward further probes. In an unrelated case in January, German police used evidence from a shuttered web hosting service, CyberBunker, to carry out action against an illicit market that trusted CyberBunker with its data.
International cops have seized VPN services apparently meant for scammers before. In December the FBI participated in a global disruption against another VPN tool, known alternatively as Insorg and Safe-Inet, that promised “bulletproof hosting” for furthering hacking activity, the Department of Justice announced last year.