International law enforcement op nukes Russian-language DoubleVPN service allegedly favoured by cybercriminals

Vendor claimed not to log user data – we'll see


Europol, the US Department of Justice, and Britain's National Crime Agency have taken down a VPN service they claimed was mainly used by criminals – boasting that they hoovered up "personal information, logs and statistics" from the site.

The DoubleVPN site went dark yesterday after law enforcement agencies swooped on its servers, with a joint public statement this afternoon confirming that the takedown was genuine.

Led by the Dutch national police, servers behind DoubleVPN in multiple jurisdictions were seized by law enforcement.

Europol said the service was "heavily advertised on both Russian and English-speaking underground cybercrime forums," offering double, triple or even quadruple-layered VPN services to its customers.

This kind of setup is the old hacker joke about staying behind seven proxies put into practice: multiple VPN tunnels, onion-layered inside one another, were supposed to make accessing internet traffic inside them an extra difficult challenge for adversaries – whether law enforcement, criminals, or commercial rivals.

The operation began in October last year, a few months after a Franco-Dutch police operation to take down encrypted comms app EncroChat.

DoubleVPN-dot-com's splash screen at the time of writing

DoubleVPN-dot-com's splash screen at the time of writing

Archive.org's last capture of DoubleVPN-dot-com, on 28 June, shows it operating like most other VPN sites – complete with Russian text stating: "We have relatively high prices because customer payments for subscriptions are our only source of income. Ask yourself a question: where do free and cheap VPN services get money to pay for their expenses?"

Marketing text also said: "We can declare with full responsibility that there is no logging of client activity in our service," something which may or may not prove to be true when criminal charges are brought.

It seems unlikely that law enforcement would have killed off the service without finding a way of compromising it first – even if only to map out its infrastructure.

A UK-based node of the VPN service was the National Crime Agency's main target. John Denley, deputy director of the NCA's National Cyber Crime Unit, said in a statement: "Double VPN was a multi-layered virtual private network service run by cyber criminals, to enable fellow cyber criminals to mask their identities online. It allowed them to anonymously communicate, identify victims then effectively sneak in and conduct reconnaissance on their systems as a precursor to launching a cyber attack."

NCA investigators also contacted a number of UK businesses that were apparently unlawfully accessed by DoubleVPN's operators.

The agency's deputy director added: "We know that criminal services such as DoubleVPN are used by the organised crime groups behind some of the world's most prominent ransomware strains, which have been used to steal data from and extort victims."

Alongside the EU coordinating agencies, the US and the UK's NCA were police agencies from Germany, the Netherlands, Canada, Sweden, Italy, Bulgaria, and Switzerland.

Police seizures of crime-linked web infrastructure has ramped up over the past year, with the EncroChat seizure followed by the Anom chat app shutting down and revealing to its horrified criminal users that the whole service had been operated by the US FBI for years. ®

Similar topics

Broader topics


Other stories you might like

  • DuckDuckGo tries to explain why its browsers won't block some Microsoft web trackers
    Meanwhile, Tails 5.0 users told to stop what they're doing over Firefox flaw

    DuckDuckGo promises privacy to users of its Android, iOS browsers, and macOS browsers – yet it allows certain data to flow from third-party websites to Microsoft-owned services.

    Security researcher Zach Edwards recently conducted an audit of DuckDuckGo's mobile browsers and found that, contrary to expectations, they do not block Meta's Workplace domain, for example, from sending information to Microsoft's Bing and LinkedIn domains.

    Specifically, DuckDuckGo's software didn't stop Microsoft's trackers on the Workplace page from blabbing information about the user to Bing and LinkedIn for tailored advertising purposes. Other trackers, such as Google's, are blocked.

    Continue reading
  • Despite 'key' partnership with AWS, Meta taps up Microsoft Azure for AI work
    Someone got Zuck'd

    Meta’s AI business unit set up shop in Microsoft Azure this week and announced a strategic partnership it says will advance PyTorch development on the public cloud.

    The deal [PDF] will see Mark Zuckerberg’s umbrella company deploy machine-learning workloads on thousands of Nvidia GPUs running in Azure. While a win for Microsoft, the partnership calls in to question just how strong Meta’s commitment to Amazon Web Services (AWS) really is.

    Back in those long-gone days of December, Meta named AWS as its “key long-term strategic cloud provider." As part of that, Meta promised that if it bought any companies that used AWS, it would continue to support their use of Amazon's cloud, rather than force them off into its own private datacenters. The pact also included a vow to expand Meta’s consumption of Amazon’s cloud-based compute, storage, database, and security services.

    Continue reading
  • Atos pushes out HPC cloud services based on Nimbix tech
    Moore's Law got you down? Throw everything at the problem! Quantum, AI, cloud...

    IT services biz Atos has introduced a suite of cloud-based high-performance computing (HPC) services, based around technology gained from its purchase of cloud provider Nimbix last year.

    The Nimbix Supercomputing Suite is described by Atos as a set of flexible and secure HPC solutions available as a service. It includes access to HPC, AI, and quantum computing resources, according to the services company.

    In addition to the existing Nimbix HPC products, the updated portfolio includes a new federated supercomputing-as-a-service platform and a dedicated bare-metal service based on Atos BullSequana supercomputer hardware.

    Continue reading

Biting the hand that feeds IT © 1998–2022