Police boast of hacking VPN where criminals "believed themselves to be safe"
Ars Technica • • world
Key Points:
- European law enforcement agencies, led by France and the Netherlands with support from Europol and Eurojust, have shut down First VPN, a service used by cybercriminals for ransomware and other crimes, after hacking into its system and identifying thousands of users.
- First VPN, active since 2014 and heavily advertised on Russian-speaking cybercrime forums, promised anonymity, no data logging, and no cooperation with judicial authorities, but investigators gained access to its user database and criminal traffic.
- The FBI reported that at least 25 ransomware groups, including Avaddon Ransomware, used First VPN infrastructure for network reconnaissance, intrusions, and various cyberattacks such as botnets and denial of service.
- The operation resulted in 83 intelligence packages, information on 506 users shared internationally, and support for 21 ongoing Europol investigations; authorities arrested the VPN administrator in Ukraine and dismantled 33 related servers.
- The coordinated law enforcement action involved multiple countries and judicial cooperation, with users of the service being notified of the shutdown and informed that their identities have been revealed.