An international coalition of law enforcement agencies announced Thursday that it has taken down a popular virtual private network service used by cybercriminals and arrested its administrator.
The FBI said in its warning that First VPN was so popular that “at least” 25 ransomware gangs used the service to hide their malicious activities. Cybercriminals have also used VPNs to scan the Internet, run botnets, launch distributed denial-of-service attacks, and commit fraud. According to the agency, the first VPN operated servers across 27 countries.
In a statement, Europol said that apart from providing anonymous connections, First VPN also provided cybercriminals with anonymous payments, hidden infrastructure and other services marketed specifically to criminal hackers.
“First VPN is deeply embedded in the cybercrime ecosystem and has appeared in nearly every major cybercrime investigation supported by Europol in recent years,” the announcement said. “Criminals have used it to hide their identities and infrastructure when carrying out ransomware attacks, large-scale fraud, data theft, and other serious crimes.”
The service was advertised on known cybercrime forums, including at least two Russian-speaking marketplaces, and promised to protect criminals from identification.
“We value anonymity. We do not store logs that would allow us or a third party to link IP addresses to users of our service over a specific period of time,” FirstVPN said in a post seen by TechCrunch. “Although the only data we store is email and username, it is not possible to link your online activities to any particular user of our services.”
However, Europol said First VPN users were notified of the shutdown and were “informed that they had been identified.” Investigators said they did this by obtaining the service’s user database and identifying VPN connections, “exposing thousands of users involved in the cybercrime ecosystem.”
The international law enforcement agency also said First VPN’s administrator had been arrested, dozens of servers had been “dismantled” and its infrastructure had been disrupted. All of this was the result of an investigation that began in December 2021.
If you buy through links in our articles, we may earn a small commission. This does not affect editorial independence.
Source link
