Jump to content
Not connected, Your IP: 34.227.191.136
B3nB3n

DoubleVPN - Take down

Recommended Posts

The VPN provider DoubleVPN was taken down by law enforcement.
More info:
https://www.cnet.com/news/russian-based-doublevpn-taken-down-by-international-law-enforcement/

Can anyone tell me, what keeps law enforcement from doing the same with other VPN providers (like AirVPN)?

Share this post


Link to post

AirVPN does not actively market the service to criminals in the darker corners of the earth.


NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post
1 hour ago, OpenSourcerer said:

AirVPN does not actively market the service to criminals in the darker corners of the earth.


Still, the legal basis for seizing servers is probably the same.
However, I agree. AirVPN doesn't promote itself as a VPN for ciriminals, therefore law enforcement is probably less interested.

Share this post


Link to post
3 hours ago, B3nB3n said:

Still, the legal basis for seizing servers is probably the same.


Of course it is. But have no fear, something like this will probably not happen here.

NOT AN AIRVPN TEAM MEMBER. USE TICKETS FOR PROFESSIONAL SUPPORT.

LZ1's New User Guide to AirVPN « Plenty of stuff for advanced users, too!

Want to contact me directly? All relevant methods are on my About me page.

Share this post


Link to post

Hello!

We did not know DoubleVPN, in the last years dozens (hundreds?) of VPN have been born around the world and we know only a part of them.

It's strictly necessary to know which exact law(s) of which legal framework(s) the service would have allegedly infringed. Perhaps we will know that only during the hearing, when we will also see whether the allegations and charges will hold in court. According to the articles you passed to us, it's not possible to comment properly at this stage. Does anyone have more precise information?

Kind regards


 

Share this post


Link to post

https://www.europol.europa.eu/newsroom/news/coordinated-action-cuts-access-to-vpn-service-used-ransomware-groups

Share this post


Link to post
On 7/2/2021 at 10:46 AM, Kenwell said:

Hello!
Thanks. It's still very vague, essentially a press release mentioning alleged crimes committed by the users, and not by the service administrators. However two sentences caught our attention:
 
Quote

DoubleVPN was heavily advertised on both Russian and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and phishing fraudsters.


If the owners advertised the service for criminal activities, at least some form of "aiding, abetting, facilitating crime" is strongly suspected, and it's a crime itself in any legal framework we know.
 
Quote

This criminal investigation concerns perpetrators who think they can remain anonymous, while facilitating large-scale cybercrime operations.


Here the prosecutor might mean that DoubleVPN operators/owners tried to remain anonymous? If so, that sounds like a bad premise for the owners of any service, as they must be available to be contacted timely by any competent authority, because in the EU and the USA, in order to keep the mere conduit status and/or any liability exception for the actions of the users, one of the requisites is that a service provider acts quickly to stop an ongoing illegal activity when it comes to know about such illegal activity.

Of course, presumption of innocence stands, and it will be crucial to know exactly which laws would have been infringed by the service, and if the allegations will hold in court.

Kind regards
 

Share this post


Link to post

Hi.

To give you a bit more inside of this story i stumbled upon this dutch police website.

Its in Dutch so google just translated the Police website: https://www.politie.nl/nieuws/2021/juni/30/klap-voor-communicatie-criminelen-doublevpn-uit-de-lucht.html

A hit for communication criminals: DoubleVPN off the air

A large-scale international action by the police and the judiciary has dealt another blow to communication between criminals. DoubleVPN has been taken off the air. This company provided VPN services (Virtual Private Network); secure and shielded internet connections that provided a safe haven for cybercriminals to attack their victims.

In many European countries, including the Netherlands and Germany, as well as in the United States and Canada, DoubleVPN servers were seized yesterday and the infrastructure was shut down. The DoubleVPN websites now show a splash page from the police and the judiciary: cybercrime facilitators are not anonymous.

The large, international investigation into DoubleVPN was led by the National Unit of the Dutch police, under the authority of the National Public Prosecutor's Office.
Within this investigation, Team High Tech Crime (THTC) of the National Unit, National Criminal Investigation Service, worked together with foreign partners in the fight against (inter)national serious crime.

Important partners from the very beginning were Germany, the United States, the United Kingdom and Canada. Later on, Italy, Bulgaria, Sweden and Switzerland also joined. Europol and Eurojust played an important coordinating role during the investigation.

Hacking Authority
In this investigation, the Dutch police and the Public Prosecution Service have used their hacking powers to penetrate DoubleVPN's infrastructure. In the Netherlands, the police and the judiciary are legally authorized to enter computers secretly and remotely for the purpose of investigating serious crimes. The Digital Intrusion Team (DIGIT) of the National Unit, Specialist Operations Service, is the only team that has this authority. The team consists of employees of the (regional) police units, the Royal Netherlands Marechaussee and the Fiscal Intelligence and Investigation Service.

Ransomware and Phishing
DoubleVPN was a small VPN provider, but very important to cybercriminals. It has been discussed a lot on various forums. The service also advertised itself on these forums; especially on Russian- and English-language underground cybercriminal forums. DoubleVPN was used by ransomware spreaders and phishing fraudsters, among others.

The service offered customers maximum anonymity by offering not only single, but also double, triple and even quad VPN connections. The cheapest VPN connection cost €22 per month.

Money laundering and participation in a criminal organization
DoubleVPN is suspected of being a criminal organization. The company is also suspected of money laundering and complicity in or involvement in the crimes committed by its customers using DoubleVPN's services. Think of hacking, selling and/or spreading malware, such as ransomware and selling the data that DoubleVPN's customers received by hacking.

Global joining of forces
“Criminal facilitators like DoubleVPN have a global reach. Their servers are located in almost all countries. Combating these types of criminals can therefore only be successful if we join forces internationally and make use of each other's knowledge, skills and networks. The National Unit continuously plays an important role in this type of international investigation because of its specializations in the field of cyber, intelligence and tactics," said Andy Kraag, head of the National Investigation Service of the National Unit. “This research shows once again that cybercrime facilitators are not untouchable.”

No safe harbor
“The people behind DoubleVPN think they can remain anonymous when facilitating large-scale cybercrime operations, but they are certainly not,” said public prosecutor Wieteke Koorn. “By taking legal action and breaking into their infrastructure digitally, we make one thing very clear: there is no safe harbor for these types of criminals. These criminal acts harm the digitized society. They affect the trust of citizens and companies in digital technology. For that reason, we have to stop their behavior.”

What is a Virtual Private Network?
A VPN service encrypts internet traffic from the user's IP address to the VPN service. To the outside world, this means that the internet traffic does not seem to come from the user, but from the IP address of the VPN service. The IP address of the user is thus protected. In this way, an ISP or a network administrator does not know which websites a user is visiting.

A secure VPN internet connection is legal. Individuals and companies use it because they want to communicate confidentially with each other. Abuse of VPN internet connections for criminal activities is of course punishable by law.

Share this post


Link to post

Thank you @Kenwell . The last press release you translated clarifies important points and define more precisely the scenario which convinced the prosecutors of the necessity to crack DoubleVPN computers and later shut down servers.

Kind regards
 

Share this post


Link to post

Perhaps there was part of the story that got skipped over? Correct me if I am wrong, but did they really make all this fanfare with media/press releases and not make a single arrest? 


Its cybercrime specialists organised over 30 coordination meetings and four workshops to prepare for the final phase of the takedown, alongside providing analytical and crypto-tracing support. A virtual command post was set up by Europol on the action day to ensure seamless coordination between all the authorities involved in the takedown. 



Color me unimpressed if that is all they can muster from exhausting all of the aforementioned resources. 

=/

Share this post


Link to post

The only part I find funny about this is how this "Russian-based" VPN has now only European agencies' logos plastered all over the website. Such Russian. Very based.

On 7/12/2021 at 10:33 PM, Jack_Soft said:

Perhaps there was part of the story that got skipped over? Correct me if I am wrong, but did they really make all this fanfare with media/press releases and not make a single arrest? 

If it really only was advertised among the Russians on their cringe forums then that's probably all you will hear for a very long while. To me it's questionable why they would announce it so loudly when it's allegedly an ongoing investigation. Unless they've been running this entity themselves (unlike the FBI Tor case, I believe law enforcement (e.g. Russian in this case) can run a VPN as long as they want, only acting upon abuse emails but besides that logging and monitoring all they want and use this data as they please)... unless they've been running it themselves, the operators and users will be mostly Russian and out of reach. Until they cross international borders :)
I
diots get what they deserve. The sad part is, law enforcement would've never cared if whoever didn't step on some fat cat's toes. If you as an ordinary citizen had suffered then it's your problem. I've helped resolve a malware problem with very delicate matters, these people went to police and basically were told to turn around and walk right where they came from.
...sometimes I can understand the four-letter cop slogan.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...