An international coalition of law enforcement agencies announced Thursday that they have taken down a popular virtual private network service used by cybercriminals and arrested its administrator.
The FBI he said in a notice that First VPN was so popular that “at least” 25 ransomware gangs used the service to hide their malicious activity. Cybercriminals have also relied on VPNs to scan the Internet, run botnets, launch distributed denial-of-service attacks, and commit fraud. The first VPN operated servers in 27 different countries, according to the office.
Europol he said in a statement that, in addition to offering anonymous connections, First VPN offered cybercriminals anonymous payments, hidden infrastructure and other services available specifically for criminal hackers.
“The first VPN was deeply embedded in the cybercrime ecosystem, appearing in almost every major cybercrime investigation supported by Europol in recent years,” the statement said. “Criminals have used it to hide their identity and infrastructure when conducting ransomware attacks, large-scale fraud, data theft and other serious crimes.”
The service was advertised on well-known cybercrime forums, including at least two Russian-speaking markets, promising criminals protection against identification.
“We’re all about anonymity. We don’t store any logs that would allow us or third parties to associate an IP address over a specific time period with a user of our service,” FirstVPN said in a post seen by TechCrunch. “The only data we store is email and username, but it is impossible to link a user’s online activity to a specific user of our service.”
Europol, however, said First VPN users were notified of the shutdown and “informed that they have been identified”. The researchers said they did this by obtaining the service’s user database and tracing VPN connections, which “exposed thousands of users connected to the cybercrime ecosystem.”
The international law enforcement agency also said First VPN’s administrator was arrested, dozens of servers “dismantled” and its infrastructure disrupted — all products of an investigation that began in December 2021.
When you purchase through links in our articles, we may earn a small commission. This does not affect our editorial independence.
