“Law enforcement gained access to the servers of DoubleVPN and seized personal information, logs and statistics kept by DoubleVPN about all of its customers,” the notice reads, adding that officials intend to use the data to continue their investigation.
“Today’s announcement sends a strong message to the criminals using such services: the golden age of criminal VPNs is over,” said Edvardas Šileris, head of the European Cybercrime Center.
DoubleVPN advertised itself as a privacy-protecting tool that customers could use — for as little as $25 a month — to obscure their true location and encrypt their internet traffic. VPNs work by routing user traffic through third-party servers that make it appear as if the customer is located somewhere else. DoubleVPN’s more advanced plans offered to route internet traffic through multiple VPNs for added privacy.
That capability allowed online criminals to use DoubleVPN as a safe haven from which they could launch malicious cyberattacks, Europol said in a statement.
“DoubleVPN was heavily advertised on both Russian and English-speaking underground cybercrime forums,” the statement said, “as a means to mask the location and identities of ransomware operators and phishing fraudsters.”
The group of agencies coordinated for months leading up to the takedown, Europol said, beginning last October.
The FBI and US Secret Service, which participated in the operation, according to Europol, didn’t immediately respond to requests for comment.