Skip to content
Quick exit
  • Cymraeg
  • Reporting SARs
Protecting the public from serious and organised crime
  • Who we are
    • Our mission
    • Our people
    • Our leadership
    • Governance and transparency
    • Inclusion, diversity and equality
    • Publications
  • What we do
    • What we investigate
    • Border vulnerabilities
    • Bribery, corruption and sanctions evasion
    • Cyber crime
    • Child sexual abuse and exploitation
    • Drug trafficking
    • Illegal firearms
    • Fraud
    • Kidnap and extortion
    • Modern slavery and human trafficking
    • Money laundering and illicit finance
    • Organised immigration crime
    • Operation Stovewood: Rotherham child sexual abuse investigation
    • How we work
    • Intelligence: enhancing the picture of serious organised crime affecting the UK
    • Investigating and disrupting the highest risk serious and organised criminals
    • Providing specialist capabilities for law enforcement
    • Supporting victims and survivors
    • National Strategic Assessment for Serious and Organised Crime
  • News
    • All news
  • Careers
    • How to join the NCA
    • Applying and onboarding
    • Current vacancies
    • A day in the life
    • Benefits and support
  • Most Wanted
  • Contact us
    • Verify an NCA Officer
    • Complaints
  • Home >
  • News >
  • DoubleVPN takedown: NCA takes UK server of criminal network offline

Share this page:

Share this page:

News

DoubleVPN takedown: NCA takes UK server of criminal network offline

  • Cyber crime

An international investigation involving the National Crime Agency has led to the takedown of DoubleVPN – the service used by cyber criminals around the world to mask their location and identities online.

doublevpn takedown noticeThe activity, led by the Dutch National Police, saw the seizure of server infrastructure across the world, with NCA officers taking the UK node of the network offline yesterday (29/06/2021).

Web domains were replaced with a law enforcement splash page explaining that the network has been seized and is no longer available for use.

DoubleVPN was advertised on both Russian and English-speaking cyber crime forums as a service which provided anonymity to those seeking to carry out cyber attacks.

Its cheapest virtual private network (VPN) connection cost as little as £19.

John Denley, Deputy Director of the NCA’s National Cyber Crime Unit, said:

“This operation is extremely significant. Not only have we successfully effected the takedown of DoubleVPN, but it is the first time law enforcement has been able to take direct action against a criminal enabling service of this type.

“Double VPN was a multi-layered virtual private network service run by cyber criminals, to enable fellow cyber criminals to mask their identities online.

“It allowed them to anonymously communicate, identify victims then effectively sneak in and conduct reconnaissance on their systems as a precursor to launching a cyber attack.

“Working with partners across Europe, the US and Canada, we have dismantled this network and therefore the service that cyber criminals so heavily relied on. This included taking servers offline which were hosted in the UK.

“NCA investigators were also able to identify a number of UK businesses whose networks had been unlawfully accessed by DoubleVPN. They were notified and officers helped them protect themselves against potential network intrusions.

“We know that criminal services such as DoubleVPN are used by the organised crime groups behind some of the world’s most prominent ransomware strains, which have been used to steal data from and extort victims.

“Ransomware attacks have evolved and increased in severity over recent years, with government and national infrastructure being targeted. The NCA is working closely with partners to bolster our capability to respond to this national security threat and strengthen the UK’s response to cyber crime.”

Statement issued in support of the following Europol/Eurojust announcement: https://www.europol.europa.eu/newsroom/news/coordinated-action-cuts-access-to-vpn-service-used-ransomware-groups

30 June 2021

Latest from twitter

Visit the NCA timeline on Twitter

Share this page:

TOP ˄
0370 496 7622
NCA general enquiries or to verify an NCA officer, available 24/7
Click CEOP logo: Advice, Help, Report

  • Who we are

  • Our mission

  • What we do

  • How we investigate
  • How we work

  • News

  • Most wanted

  • Careers

  • A day in the life
  • Current vacancies

  • Contact us

  • Operation Stovewood
  • Suspicious activity reports
  • Verify an NCA officer
  • Complaints

Follow us

  • Sitemap
  • Privacy and Cookie Policy
  • Terms and Conditions
  • Publications
  • Accessibility statement
© Crown Copyright
© Crown Copyright