Cybercriminals’ Favorite VPN Service Rendered ‘Inaccessible’ in a Joint Operation Conducted by Europol and the FBI.
Safe-Inet is a virtual private network (VPN) that the world’s most notorious cyber criminals were using to perform their malicious digital activities. Reportedly, this particular VPN has been taken down and rendered inaccessible by law enforcement authorities from around the world in a well-coordinated operation.
The operation, dubbed Operation Nova; was headed by officials from the German Reutlingen Police Headquarters and supervised by Europol and international law enforcement agencies, including the US, Switzerland, France, and the Netherlands.
The operation was conducted under the European Multidisciplinary Platform Against Criminal Threats (EMPACT) framework.
Europol’s European Cybercrime Centre (EC3) was also overseeing the investigation from the beginning and brought together agencies from different countries to develop a joint strategy and exchange information/evidence to prepare for the final takedown.
Reutlingen Police Headquarters’ Police President Udo Vogel thanked the international cooperation against a widely used VPN.
“The investigation carried out by our cybercrime specialists has resulted in such a success thanks to the excellent international cooperation with partners worldwide. The results show that law enforcement authorities are equally as well connected as criminals,” said Vogel
Several Domains Seized
Matthew Schneider, US attorney, announced in a Department of Justice press release that the FBI has worked with the European agencies to take down a VPN. The domains were offered by an organization involved in bulletproof hosting to assist cyber criminals in their illegal activities.
The DOJ’s press release further revealed three US-based domains INSORG.ORG; SAFE-INET.COM; SAFE-INET.NET were seized during the operation. These domains offered bulletproof hosting services to VPN users helping them conduct uninterrupted criminal activities.
Bad News for Cybercriminals
The Safe-Inet VPN service is no more active. Authorities have seized its entire infrastructure in the Netherlands, Germany, France, Switzerland, and the United States, and taken down its servers. Furthermore, Europol prepared a splash page to be displayed online once the domain was seized.
No More Safe Net for Threat Actors
Safe-Inet was active for more than a decade. It was used by some of the world’s foremost cybercriminals, including ransomware operators who carried out ransomware attacks, E-skimming breaches, and similar serious cybercrimes.
The service was sold to the cybercriminals at a high price as it was claimed to be one of the few most reliable tools to evade interception from law enforcement. It offered five layers of anonymous VPN connections.
VPN Helped Spy on 250 Global Firms
According to a press release from Europol, authorities identified around 250 companies worldwide that the cybercriminals were spying on discreetly using the Safe-Inet VPN. These companies were later informed about the imminent ransomware attack on their systems to take necessary precautionary measures.
The investigation is Underway
The investigation is still underway in several countries to identify users of the VPN service. Europol’s Head of European Cybercrime Centre, Edvardas Šileris, stated in an official press release that:
“The strong working relationship fostered by Europol between the investigators involved in this case on either side of the world was central in bringing down this service. Criminals can run but they cannot hide from law enforcement, and we will continue working tirelessly together with our partners to outsmart them.”