European police lay siege to hacker haven DoubleVPN

Europol has shut down a VPN service that had been providing cover for criminal malware gangs.

The European law enforcement agency said it combined forces with local Dutch police to seize the servers of DoubleVPN, a Netherlands-based company that made its money by offering VPN services to ransomware and phishing groups as a way to mask locations and evade police.

Europol said that the company had spread its servers throughout the U.S., Canada and Europe. All have since been taken down and their landing pages replaced with notices from the police. Seized info includes not only server logs, but account information for customers.

Authorities claim the DoubleVPN service provided servers that allowed criminals to throw investigators off their trail by running traffic across proxy servers. This made it more difficult for investigators to pinpoint the physical location of the people who ran the command and control servers for malware networks, phishing runs and ransomware attacks.

According to Europol, DoubleVPN's role in cybercrime was not accident. The hosting service had specifically positioned itself as a partner for malware gangs. DoubleVPN had gone out of its way to advertise its services on popular English- and Russian-language cybercrime forums and dark web marketplaces.

"The service claimed to provide a high level of anonymity by offering single, double, triple and even quadruple VPN-connections to its clients," Europol said in an announcement. "DoubleVPN was being used to compromise networks all around the world. Its cheapest VPN-connection cost as little as €22 ($25)."

While the crackdown was spearheaded by Dutch national police, the investigation was a global effort. Netherlands cops coordinated with their colleagues from the U.S., Italy, Bulgaria, Sweden, Canada, the U.K., Germany and Switzerland in their efforts to track down DoubleVPN's operations.

The aim of the raid, prosecutors said, is to cut off the support network that malware gangs rely on to evade law enforcement and conceal their identities.

"This criminal investigation concerns perpetrators who think they can remain anonymous, while facilitating large-scale cybercrime operations," Dutch public prosecutor Wieteke Koorn said in the Europol statement. "By taking legal action, including the special investigatory power for digital intrusion, we want to make it very clear there cannot be any safe havens for these kind of criminals."

The crackdown on VPN providers comes as security experts are wising up to what has become a lucrative ecosystem for providing cash and support to cybercrime gangs. As criminal hackers who were once inexperienced small-time crooks come of age, a sophisticated ecosystem has emerged where ransomware outfits are getting investment backing and high-profile attacks have a number of satellite operations to support their efforts.

As a result, public and private entities are now facing a far more complex and resourceful enemy, one with hosts, financial backers and technical partners.