TL;DR
Law enforcement agencies worldwide have taken down the First VPN service, which was used by cybercriminals under the false assumption of safety. The operation involved arrests, server dismantling, and international intelligence sharing, marking a significant blow to the criminal network.
Law enforcement agencies across multiple countries have dismantled the First VPN infrastructure, arresting its administrator and sharing intelligence that exposed hundreds of users, in a coordinated operation on May 19 and 20.
The FBI reported that the VPN’s activity was consistent with efforts to identify network vulnerabilities, such as open ports and services, which could facilitate cyberattacks like password spraying or brute-force attacks. Europol confirmed that the operation resulted in the seizure of 33 servers linked to the service, the arrest of the administrator in Ukraine, and the shutdown of associated domains including 1vpns.com, 1vpns.net, and 1vpns.org.
Authorities also shared intelligence packages that provided information on 506 users, supporting 21 ongoing investigations worldwide. The operation involved coordinated actions by law enforcement from France, the Netherlands, Luxembourg, Romania, Switzerland, Ukraine, and the UK, with support from Canada, Germany, the US, and others. The investigation began in December 2021 and entered a new phase in November 2023, facilitated by Eurojust’s support for judicial cooperation.
Why It Matters
This development marks a significant blow to cybercriminal operations that relied on the VPN, which was believed to provide a safe environment for illicit activities. The arrest and dismantling of the infrastructure not only disrupts ongoing criminal activities but also exposes users who thought they were anonymous, potentially leading to further investigations and prosecutions.
Unlock & Reset Tool for Ubiquiti® UniFi® Access Points & Cameras
Fast & Hassle-Free Removal – No more struggling with hard-to-release Ubiquiti access points.
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Background
The investigation into First VPN originated in December 2021, with intensified efforts starting in November 2023. The operation was part of a broader international crackdown on cybercrime networks exploiting VPN services to conceal their activities. Europol highlighted that VPN infrastructure can be exploited for reconnaissance and attack facilitation, emphasizing the importance of disrupting such tools for global cybersecurity efforts.
“With the infrastructure dismantled and the administrator under arrest, investigators across multiple jurisdictions are now using the intelligence gathered to support ongoing cybercrime investigations worldwide.”
— Europol
“VPN infrastructure may be used to enumerate systems within a target network following initial access, and exit nodes can facilitate password spraying or brute force attempts against exposed services.”
— FBI
Deeper Connect Mini(2026 Version) Decentralized VPN Router Lifetime Free for Travel Home Enterprise-Level Cybersecurity Wi-Fi Router with Dual Antennas Wi-Fi Adapter
1. True VPN Router – Network Protection for Every Device: This VPN router secures your entire homenetwork at…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What Remains Unclear
It is not yet clear how many users of the VPN have been identified or prosecuted, or the full scope of ongoing investigations supported by the intelligence gathered. Details about the specific criminal activities linked to the VPN are still emerging.
Mullvad VPN | 12 Months for 5 Devices | No-Log Security VPN Service | Protect Your Privacy
PRIVACY-FIRST VPN: This 12-month Mullvad VPN code gives you a full year of privacy protection without monthly renewals….
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
What’s Next
Authorities will continue analyzing seized data, pursuing further investigations into users and associated criminal networks. Additional arrests or prosecutions may follow, and law enforcement agencies are likely to monitor for similar VPN services exploited by cybercriminals.
GL.iNet Comet PoE (GL-RM1PE) Remote KVM Control Over Internet – PoE/Type – C Dual Power Option 4K@30Hz,32GB EMMC Tailscale Support for PC Server Remote Access Power Management Adapted KVM Switches
【Power over Ethernet (PoE)】 Comet PoE (GL-RM1PE) enables easy device powering with PoE support. Users can simply connect…
As an affiliate, we earn on qualifying purchases.
As an affiliate, we earn on qualifying purchases.
Key Questions
What exactly was the First VPN used for?
According to authorities, the VPN was used by cybercriminals to conceal their activities, conduct reconnaissance, and facilitate attacks such as password spraying and brute-force attempts against exposed network services.
How many users were affected or identified?
Authorities shared information on 506 users, but it is unclear how many have been formally identified or face prosecution at this stage.
Will users of the VPN be prosecuted?
It is still unclear how many users will face legal action. Authorities are analyzing the seized data and may pursue further investigations or prosecutions.
What does this mean for other VPN services used by criminals?
This operation demonstrates that law enforcement can successfully target and dismantle VPN infrastructure exploited by cybercriminals, potentially deterring similar activities in the future.
Source: Ars Technica
