Law enforcement aimed to make it harder for criminal hackers to cover their tracks on Tuesday. Europol, joined by the FBI and law enforcement agencies from Germany, the Netherlands and France, said they shut down a service favored by ransomware groups and other cybercriminals for hiding their identities, a VPN called Safe-Inet.
The service, which hides its customers’ IP addresses and offers a level of anonymity on the internet, was active for more than a decade, according to Europol. It was used by criminals who run ransomware campaigns and steal credit card numbers off retail websites, as well as other attacks likeand account takeovers. Law enforcement seized three website domains as well as servers in Germany, the US and three other countries.
“This VPN service was sold at a high price to the criminal underworld as one of the best tools available to avoid law enforcement interception, offering up to 5 layers of anonymous VPN connections,” Europol said in its announcement.
The agencies didn’t announce any arrests or charges against the VPN provider or any of its customers. However, taking down the VPN service is likely to make it harder for criminals who used it to continue their operations, at least for the moment.
Cybersecurity experts say this approach makes sense when it’s not possible to catch cybercriminals or fully shut down their operations, and fits in with actions taken by major tech companies. For example, Microsoft seized web domains used to stop a massive malware campaign in December. To take on scammers targeting their users, Facebook sued a domain name registrar in March for helping fraudsters make their apps look like they were affiliated with Facebook.
The owners of the Safe-Inet VPN offered something called “bullet-proof hosting,” which the US Department of Justice said in a statement is “intentionally designed to provide web hosting or VPN services for criminal activity.” Services that provide this type of hosting typically ignore complaints of abuse from victims of cybercrime, and don’t keep logs of their customers’ activities.