Law enforcement agencies from the US and several European countries seized domain names from an organization that offered hosting and VPN services used to facilitate criminal activities. The related servers were also shut down. An international cooperation was essential as the infrastructure was scattered around the world.
Operation Nova Downs Cybercriminals’ Favorite VPN
Following a coordinated action dubbed “Operation Nova”, the German Reutlingen Police Headquarters together with Europol, the FBI and law enforcement agencies from around the world, took down a virtual private network (VPN). Its infrastructure was seized in Germany, the Netherlands, Switzerland, France and the United States.
“Criminals can run but they cannot hide from law enforcement”, said the Head of Europol’s European Cybercrime Centre, Edvardas Šileris, on Tuesday in a press release. “We will continue working tirelessly together with our partners to outsmart them.”
Operation Nova affected three domain names: insorg.org, safe-inet.com and safe-inet.net. All three websites offered “bulletproof hosting services” to its visitors. Like regular web hosting services bulletproof hosts provide space on a server and internet connectivity. However, their policies are all but strict, making them an ideal hiding place for cybercriminals.
The takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT). This framework is designed to take robust action against 10 priority crime areas, including fraud and cybercrime.
What Is Bulletproof Hosting?
Bulletproof hosting services are designed to be very lenient. The hosts allow customers to upload and distribute any kind of content. This includes content that is usually restricted, like pornography, copyright-protected materials, spam, etc. Their philosophy is “don’t ask, don’t tell”. However, by providing such services, they knowingly and willingly support and become coconspirators in criminal schemes.
Most bulletproof hosts are located in countries like Russia, China, Malaysia and other on and offshore locations that are much more “relaxed” about copyright and cybercrime. Most also have more lenient extradition laws. This makes it easier for bulletproof hosts to evade law enforcement when the rubber meets the road. If necessary, they even prefer to shut down operations rather than giving over any evidence.
“Many of these services are advertised on online forums dedicated to discussing criminal activity”, explains United States Attorney Matthew Schneider. “A bulletproof hoster’s activities may include ignoring or fabricating excuses in response to abuse complaints made by their customer’s victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs (so that none are available for review by law enforcement).”
Up To 5 Layers of Anonymous VPN Connections
“This VPN service [Safe-Inet] was sold at a high price to the criminal underworld as one of the best tools available to avoid law enforcement interception, offering up to 5 layers of anonymous VPN connections”, said Europol in their announcement. Insorg offered similar services, with up to 3 layers of VPN connections. Both provided customer support in English or Russian.
Some of the world’s biggest cybercriminals have used Safe-Inet for over a decade. These included operators responsible for ransomware attacks, e-skimming breaches, phishing campaigns, and various other forms of cybercrimes.
Operation Nova also revealed that cybercriminals were spying on some 250 companies. Law enforcement agencies subsequently warned these companies, so they could take measures to prevent attacks and strengthen their systems. All three domains are now in the custody of authorities and their infrastructure has been rendered inoperable. Investigations against both hosts and users are ongoing in a number of countries.