An international investigation involving the National Crime Agency has led to the takedown of DoubleVPN – the service used by cyber criminals around the world to mask their location and identities online.

doublevpn takedown noticeThe activity, led by the Dutch National Police, saw the seizure of server infrastructure across the world, with NCA officers taking the UK node of the network offline yesterday (29/06/2021).

Web domains were replaced with a law enforcement splash page explaining that the network has been seized and is no longer available for use.

DoubleVPN was advertised on both Russian and English-speaking cyber crime forums as a service which provided anonymity to those seeking to carry out cyber attacks.

Its cheapest virtual private network (VPN) connection cost as little as £19.

John Denley, Deputy Director of the NCA’s National Cyber Crime Unit, said:

“This operation is extremely significant. Not only have we successfully effected the takedown of DoubleVPN, but it is the first time law enforcement has been able to take direct action against a criminal enabling service of this type.

“Double VPN was a multi-layered virtual private network service run by cyber criminals, to enable fellow cyber criminals to mask their identities online.

“It allowed them to anonymously communicate, identify victims then effectively sneak in and conduct reconnaissance on their systems as a precursor to launching a cyber attack.

“Working with partners across Europe, the US and Canada, we have dismantled this network and therefore the service that cyber criminals so heavily relied on. This included taking servers offline which were hosted in the UK.

“NCA investigators were also able to identify a number of UK businesses whose networks had been unlawfully accessed by DoubleVPN. They were notified and officers helped them protect themselves against potential network intrusions.

“We know that criminal services such as DoubleVPN are used by the organised crime groups behind some of the world’s most prominent ransomware strains, which have been used to steal data from and extort victims.

“Ransomware attacks have evolved and increased in severity over recent years, with government and national infrastructure being targeted. The NCA is working closely with partners to bolster our capability to respond to this national security threat and strengthen the UK’s response to cyber crime.”

Statement issued in support of the following Europol/Eurojust announcement: https://www.europol.europa.eu/newsroom/news/coordinated-action-cuts-access-to-vpn-service-used-ransomware-groups

30 June 2021