Software costing as little as €20 that was used by hackers to hide their real-life locations and identities has been taken down in an international sting.
Law enforcement in Europe, the UK, US and Canada seized the web domains and server infrastructure of DoubleVPN this week.
The service, used by cyber criminals to evade detection, was advertised on Russian and English-speaking forums on the dark web.
Europol confirmed law enforcement "has taken control of the #DoubleVPN encryption service" in an operation coordinated by the EU's law enforcement agency and Eurojust, the EU's agency for criminal justice cooperation.
The golden age of criminal VPNs is over 👋
Law enforcement has taken control of the #DoubleVPN encryption service in an operation coordinated by #Europol & @Eurojust
Servers were seized across the world, and web domains replaced with a splash page. https://t.co/BHqkxpxNAX pic.twitter.com/7iRU1mJlCBAdvertisement— Europol (@Europol) June 30, 2021
John Denley, deputy director of the UK's National Crime Agency (NCA) cyber crime unit, said: “DoubleVPN was a multi-layered virtual private network service run by cyber criminals, to enable fellow cyber criminals to mask their identities online.
“It allowed them to anonymously communicate, identify victims then effectively sneak in and conduct reconnaissance on their systems as a precursor to launching a cyberattack.
He said that services such as DoubleVPN are used by organised crime groups behind ransomware used in major international attacks.
“Ransomware attacks have evolved and increased in severity over recent years, with government and national infrastructure being targeted,” Mr Denley added.
