Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Privacy Security

Law Enforcement Take Down Three Bulletproof VPN Providers (zdnet.com) 36

Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a safe haven for cybercriminals to attack their victims. From a report: The three services were active at insorg.org, safe-inet.com, and safe-inet.net before the domains were seized and replaced with law enforcement banners on Monday. The services have been active for more than a decade, are believed to be operated by the same individual/group, and have been heavily advertised on both Russian and English-speaking underground cybercrime forums, where they were sold for prices ranging from $1.3/day to $190/year. According to the US Department of Justice and Europol, the three companies' servers were often used to mask the real identities of ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, allowing them to operate from behind a proxy network up to five layers deep.
This discussion has been archived. No new comments can be posted.

Law Enforcement Take Down Three Bulletproof VPN Providers

Comments Filter:
  • Cheaped out (Score:5, Funny)

    by DRJlaw ( 946416 ) on Tuesday December 22, 2020 @01:12PM (#60857364)

    According to the US Department of Justice and Europol, the three companies' servers were often used to mask the real identities of ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, allowing them to operate from behind a proxy network up to five layers deep.

    If only they'd used two more proxies [knowyourmeme.com] rather than cheaping out, they wouldn't have faced this problem.

  • by xack ( 5304745 ) on Tuesday December 22, 2020 @01:15PM (#60857374)
    Not 7 proxies like real hackers.
  • all cyber-criminals or are those the only ones that were are being talked about ? This will prob just end up in a game of what-a-mole where any criminals go elsewhere. The real effect will likely be that individual criminal groups just end up setting up their own VPNs which will make life harder for law enforcement.

    • Crime fighting IS mole-whacking. You solve "a" murder, not murder in general.
      • Well, if you're doing it wrong, it is.
        Like always whacking the last link in the causal chain. And then being surprised it turns into a causal hydra. How insanely stupid and under-developed are we as a society, that we still don't get such obvious, fundamental things. This was known to people, literally thousands of years ago.

        How about not being dicks to other people if it's not actually necessary? Like offensive wars, brutality by authorities, or just plain old treatment of employees and clients, etc. You k

        • by rtb61 ( 674572 )

          There are a lot of agents and a lot of courts. Let the whack-A-mole games begin, ;DDD. It is what happens, do you think they will ever give up on ticketing those who exceed the speed limit, there are so many of them, why bother. Catching the big fish and proving their crimes, makes going after the little fishies much easier, not only catching them but using preceding cases to help prosecute, established criminal patterns of transactions.

          You can of course bet the various agencies would have much preferred to

          • by rtb61 ( 674572 )

            PS I just thought of a traceable pattern, monitor IPs accessing VPNs in conjunction with their Crypto exchange connections and numbers of transactions. The top ones will likely be cyber-criminals to use the popular lexicon.

    • With VPN, itâ(TM)s not too difficult to find the provider. And if criminals are their own provider, then finding the provider is all you need.
  • by jellomizer ( 103300 ) on Tuesday December 22, 2020 @01:26PM (#60857410)

    The cost of freedom is having to deal with bad guys getting away with stuff.

    We need to understand this fact. If you want to be perfectly safe, then you will have no freedom. If you want full freedom, you are in a lot of danger.

    Governments and policies tend to try to find a balance of this, where some freedoms are restricted, too keep people mostly safe, while people are allowed to do harm to others, to insure that they have enough freedom in their lives.

    The NRA is saying To be Safe We need our Guns. That is not a true statement, having guns for the general public makes us less safe. However I support Gun Rights, because I feel the freedom given to a person who chooses to own a gun (I do not own a gun) is worth the risk of what harm they normally can do with it.
    Now this often comes down to particular limits, as some gun ownership is just far more dangerous than the freedom they receive from it. As well blocking too much gun ownership would create a black market for guns.

  • by mysidia ( 191772 ) on Tuesday December 22, 2020 @01:27PM (#60857412)

    What exactly did the VPN provider do, provide privacy to their users? Is there a law against being unidentifiable on the internet now?

    Or perhaps the VPN providers' refused some vague order to collect and report on someone's traffic, or fail to identify which user did X (possibly due to having no logs) ?

    I seriously doubt such cybercriminals would have given their VPN providers knowledge that they had any criminal intentions, or that a VPN provider would be dumb enough to market their service specifically for facilitating a particular crime, but then again they did get shut down, hmm...

    • Re: (Score:3, Interesting)

      From TFA:

      activities may include ignoring or fabricating excuses in response to abuse complaints made by their customer's victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs

      The first one just follows from not looking to see what their customers are doing, a good policy for any ISP. The second is just a feature of a proxy. The third is a necessary one.

      This just looks like a war on proxies in general.

      • by drhamad ( 868567 )
        Knowingly concealing a crime is a crime almost everywhere. If you're unaware of what is happening, that's OK. But if you're made aware you can't bury your head in the sand.
    • by tlhIngan ( 30335 )

      The problem is, even for VPN providers who don't log, is that users make them trackable and force the providers to pretty much reveal them.

      You'll find a lot of VPN providers offer services like "port forwarding" or somesuch, usually because it makes stuff like BitTorrent easier and faster. Unfortunately, it also makes you unmaskable since only one person can definitely be using that port.

      If you're the only person on a VPN server, the same thing happens as well - if you're the only one using it, it's pretty

  • Just use their IP address.

    But the real problem is that a VPN (and things like TOR) service is too easy to spot. They have to blend in to regular traffic better.

  • by BAReFO0t ( 6240524 ) on Tuesday December 22, 2020 @01:36PM (#60857428)

    State-sponsored ones, usually.
    But corporate-mafia ones too.

  • Slashvertisement!
  • What court case found wrong doing?

    Or was this just an out-right theft of something someone doesn't like.

    What law was broken. Specifically. When was it broken? Who was in charge at that time and didn't stop it? How did you get a conviction and the ability to seize the server so quickly? Or did you just seize the server even though legally no charges were filed (i.e. nothing wrong was happening)

    • by DarkOx ( 621550 )

      i would hope seizing domains required the signature of at least some judge or magistrate. However its almost always illegal to aide someone in committing or concealing a crime.

      There lots of laws the cover all sorts of ways various individuals and commercial operators are responsible in such cases. I don't know why some many geeks run around believing that plausible deniability is some kind of defense. That is the realm of politics where governments deny stuff in the world of law there are standards for Mens

  • And poor pros use public wifi (SBX + solar power + hidden spot on a roof - cameras = proxy) l
    and a small office PC whose USB ports were exposed while you were waiting in the office. (Funny, if those *are* government PCs.)

Genius is ten percent inspiration and fifty percent capital gains.

Working...