Police boast of hacking VPN where criminals "believed themselves to be safe"

TL;DR

Law enforcement agencies worldwide have taken down the First VPN service, which was used by cybercriminals under the false assumption of safety. The operation involved arrests, server dismantling, and international intelligence sharing, marking a significant blow to the criminal network.

Law enforcement agencies across multiple countries have dismantled the First VPN infrastructure, arresting its administrator and sharing intelligence that exposed hundreds of users, in a coordinated operation on May 19 and 20.

The FBI reported that the VPN’s activity was consistent with efforts to identify network vulnerabilities, such as open ports and services, which could facilitate cyberattacks like password spraying or brute-force attacks. Europol confirmed that the operation resulted in the seizure of 33 servers linked to the service, the arrest of the administrator in Ukraine, and the shutdown of associated domains including 1vpns.com, 1vpns.net, and 1vpns.org.

Authorities also shared intelligence packages that provided information on 506 users, supporting 21 ongoing investigations worldwide. The operation involved coordinated actions by law enforcement from France, the Netherlands, Luxembourg, Romania, Switzerland, Ukraine, and the UK, with support from Canada, Germany, the US, and others. The investigation began in December 2021 and entered a new phase in November 2023, facilitated by Eurojust’s support for judicial cooperation.

Why It Matters

This development marks a significant blow to cybercriminal operations that relied on the VPN, which was believed to provide a safe environment for illicit activities. The arrest and dismantling of the infrastructure not only disrupts ongoing criminal activities but also exposes users who thought they were anonymous, potentially leading to further investigations and prosecutions.

Amazon

VPN security tools

As an affiliate, we earn on qualifying purchases.

As an affiliate, we earn on qualifying purchases.

Background

The investigation into First VPN originated in December 2021, with intensified efforts starting in November 2023. The operation was part of a broader international crackdown on cybercrime networks exploiting VPN services to conceal their activities. Europol highlighted that VPN infrastructure can be exploited for reconnaissance and attack facilitation, emphasizing the importance of disrupting such tools for global cybersecurity efforts.

“With the infrastructure dismantled and the administrator under arrest, investigators across multiple jurisdictions are now using the intelligence gathered to support ongoing cybercrime investigations worldwide.”

— Europol

“VPN infrastructure may be used to enumerate systems within a target network following initial access, and exit nodes can facilitate password spraying or brute force attempts against exposed services.”

— FBI

What Remains Unclear

It is not yet clear how many users of the VPN have been identified or prosecuted, or the full scope of ongoing investigations supported by the intelligence gathered. Details about the specific criminal activities linked to the VPN are still emerging.

What’s Next

Authorities will continue analyzing seized data, pursuing further investigations into users and associated criminal networks. Additional arrests or prosecutions may follow, and law enforcement agencies are likely to monitor for similar VPN services exploited by cybercriminals.

Key Questions

What exactly was the First VPN used for?

According to authorities, the VPN was used by cybercriminals to conceal their activities, conduct reconnaissance, and facilitate attacks such as password spraying and brute-force attempts against exposed network services.

How many users were affected or identified?

Authorities shared information on 506 users, but it is unclear how many have been formally identified or face prosecution at this stage.

Will users of the VPN be prosecuted?

It is still unclear how many users will face legal action. Authorities are analyzing the seized data and may pursue further investigations or prosecutions.

What does this mean for other VPN services used by criminals?

This operation demonstrates that law enforcement can successfully target and dismantle VPN infrastructure exploited by cybercriminals, potentially deterring similar activities in the future.

Source: Ars Technica

You May Also Like

Telegram’s T.me Domain Has Been Suspended

Telegram’s official short link domain, t.me, has been suspended, disrupting access for users and publishers. The cause remains unconfirmed.

US Government directive to suspend access to Fable 5 and Mythos 5

The US government has directed a suspension of all access to Anthropic’s Fable 5 and Mythos 5 models over security concerns, effective immediately.

Meta deletes popular 1M follower account after Kuwaiti request

Meta removed a popular account with 1 million followers following a request from Kuwaiti authorities, raising questions about platform moderation and censorship.

LG Monitors Silently Install Software Through Windows Update Without Consent

LG monitors are reportedly installing software silently through Windows Update, raising privacy and security concerns among users.