Law Enforcement Take Down Three Bulletproof VPN Providers (zdnet.com) 36
Law enforcement agencies from the US, Germany, France, Switzerland, and the Netherlands have seized this week the web domains and server infrastructure of three VPN services that provided a safe haven for cybercriminals to attack their victims. From a report: The three services were active at insorg.org, safe-inet.com, and safe-inet.net before the domains were seized and replaced with law enforcement banners on Monday. The services have been active for more than a decade, are believed to be operated by the same individual/group, and have been heavily advertised on both Russian and English-speaking underground cybercrime forums, where they were sold for prices ranging from $1.3/day to $190/year. According to the US Department of Justice and Europol, the three companies' servers were often used to mask the real identities of ransomware gangs, web skimmer (Magecart) groups, online phishers, and hackers involved in account takeovers, allowing them to operate from behind a proxy network up to five layers deep.
Re: (Score:2)
Re: ACAB (Score:2)
You kind of have to have a regulatory control of DNS, otherwise you end up with more severe cases of domain squatting and typo squatting. Spammers and other scam artists would love it if you could just snap up any domain that you want for any reason that you want without the entity you're trying to impersonate being able to do anything about it.
Cheaped out (Score:5, Funny)
If only they'd used two more proxies [knowyourmeme.com] rather than cheaping out, they wouldn't have faced this problem.
Only 5 proxies. (Score:3)
Were all their users ... (Score:2)
all cyber-criminals or are those the only ones that were are being talked about ? This will prob just end up in a game of what-a-mole where any criminals go elsewhere. The real effect will likely be that individual criminal groups just end up setting up their own VPNs which will make life harder for law enforcement.
Re: (Score:2)
Re: Were all their users ... (Score:3)
Well, if you're doing it wrong, it is.
Like always whacking the last link in the causal chain. And then being surprised it turns into a causal hydra. How insanely stupid and under-developed are we as a society, that we still don't get such obvious, fundamental things. This was known to people, literally thousands of years ago.
How about not being dicks to other people if it's not actually necessary? Like offensive wars, brutality by authorities, or just plain old treatment of employees and clients, etc. You k
Re: (Score:2)
I'm curious, what is your fundamental problem? What do you actually get out of all the trolling? Have you ever gotten an official diagnosis?
Re: (Score:2)
There are a lot of agents and a lot of courts. Let the whack-A-mole games begin, ;DDD. It is what happens, do you think they will ever give up on ticketing those who exceed the speed limit, there are so many of them, why bother. Catching the big fish and proving their crimes, makes going after the little fishies much easier, not only catching them but using preceding cases to help prosecute, established criminal patterns of transactions.
You can of course bet the various agencies would have much preferred to
Re: (Score:2)
PS I just thought of a traceable pattern, monitor IPs accessing VPNs in conjunction with their Crypto exchange connections and numbers of transactions. The top ones will likely be cyber-criminals to use the popular lexicon.
Re: Were all their users ... (Score:2)
Freedom = Bad Guys (Score:3)
The cost of freedom is having to deal with bad guys getting away with stuff.
We need to understand this fact. If you want to be perfectly safe, then you will have no freedom. If you want full freedom, you are in a lot of danger.
Governments and policies tend to try to find a balance of this, where some freedoms are restricted, too keep people mostly safe, while people are allowed to do harm to others, to insure that they have enough freedom in their lives.
The NRA is saying To be Safe We need our Guns. That is not a true statement, having guns for the general public makes us less safe. However I support Gun Rights, because I feel the freedom given to a person who chooses to own a gun (I do not own a gun) is worth the risk of what harm they normally can do with it.
Now this often comes down to particular limits, as some gun ownership is just far more dangerous than the freedom they receive from it. As well blocking too much gun ownership would create a black market for guns.
Taking down VPN providers now? (Score:5, Insightful)
What exactly did the VPN provider do, provide privacy to their users? Is there a law against being unidentifiable on the internet now?
Or perhaps the VPN providers' refused some vague order to collect and report on someone's traffic, or fail to identify which user did X (possibly due to having no logs) ?
I seriously doubt such cybercriminals would have given their VPN providers knowledge that they had any criminal intentions, or that a VPN provider would be dumb enough to market their service specifically for facilitating a particular crime, but then again they did get shut down, hmm...
Re: (Score:3, Interesting)
activities may include ignoring or fabricating excuses in response to abuse complaints made by their customer's victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs
The first one just follows from not looking to see what their customers are doing, a good policy for any ISP. The second is just a feature of a proxy. The third is a necessary one.
This just looks like a war on proxies in general.
Re: (Score:2)
Re: (Score:3)
The problem is, even for VPN providers who don't log, is that users make them trackable and force the providers to pretty much reveal them.
You'll find a lot of VPN providers offer services like "port forwarding" or somesuch, usually because it makes stuff like BitTorrent easier and faster. Unfortunately, it also makes you unmaskable since only one person can definitely be using that port.
If you're the only person on a VPN server, the same thing happens as well - if you're the only one using it, it's pretty
They have to rent another server? (Score:2)
Bummer!
Does a VPN need a registered domain name? (Score:1)
Just use their IP address.
But the real problem is that a VPN (and things like TOR) service is too easy to spot. They have to blend in to regular traffic better.
Re: Does a VPN need a registered domain name? (Score:2)
I don't think it's easy to spot, if most traffic nowadays is encrypted anyway. Just use a plausible dummy header.
Re: (Score:2)
It's the encryption that gives them away. It draws attention to itself. An unreadable message can still be tracked. Needs more steganography to hide in
And a safe haven FROM criminals too! (Score:4, Insightful)
State-sponsored ones, usually.
But corporate-mafia ones too.
"Bulletproof"?! (Score:1)
What court case found wrong doing? (Score:2)
What court case found wrong doing?
Or was this just an out-right theft of something someone doesn't like.
What law was broken. Specifically. When was it broken? Who was in charge at that time and didn't stop it? How did you get a conviction and the ability to seize the server so quickly? Or did you just seize the server even though legally no charges were filed (i.e. nothing wrong was happening)
Re: (Score:3)
i would hope seizing domains required the signature of at least some judge or magistrate. However its almost always illegal to aide someone in committing or concealing a crime.
There lots of laws the cover all sorts of ways various individuals and commercial operators are responsible in such cases. I don't know why some many geeks run around believing that plausible deniability is some kind of defense. That is the realm of politics where governments deny stuff in the world of law there are standards for Mens
Pros hide behind government PCs, by the way. (Score:2)
And poor pros use public wifi (SBX + solar power + hidden spot on a roof - cameras = proxy) l
and a small office PC whose USB ports were exposed while you were waiting in the office. (Funny, if those *are* government PCs.)
What is SBX (Score:2)
Search engine says SBX is Sea-Based X-band radar. Can you describe your acronym more precisely?