A coordinated effort led by German Police, with support from other global law enforcement bodies including Europol and FBI, among others, has resulted in the seizure of Safe-Inet VPN service, which was touted as the hot favorite of cybercriminals to carry out malicious activities. The VPN provider’s service was shut down completely on Monday, December 21, followed by a physical seizure of its infrastructure in Germany, Switzerland, France, the Netherlands, and the U.S.
Why Safe-Inet VPN Services were Shut Down?
According to Europol, the Safe-Inet VPN service has been active over the past decade. Europol said that its service gained popularity among the underground cybercriminals as a “Bulletproof” service since it boasted of tools having up to five layers of anonymous VPN security. This degree of protection allowed cybercriminals a virtual shield that law enforcement organizations around the globe found difficult to penetrate.
Riding the wave of its popularity, the VPN service was sold at a higher premium to underground threat actors whose operations included ransomware attacks, e-Skimming frauds, data breaches, and various other forms of cybercriminal activities.
Europol said, “The Law enforcement was able to identify some 250 companies worldwide which were being spied on by the criminals using this VPN. These companies were subsequently warned of an imminent ransomware attack against their systems, allowing them to take measures to protect themselves against such an attack.”
The international takedown was codenamed “Operation Nova.” The law enforcement agencies involved in the takedown include:
- Germany: Reutlingen Police Headquarters (Polizeipräsidium Reutlingen)
- Europol: European Cybercrime Centre (EC3)
- The Netherlands: National Police (Politie)
- Switzerland: Cantonal Police of Argovia (Kantonspolizei Aargau)
- United States: Federal Bureau of Investigation (FBI)
- France: Judicial Police (Direction Centrale de la Police Judiciaire)
The takedown was a coordinated effort by the agencies mentioned above, as Safe-Inet’s infrastructure was spread across the globe. Europol, however, played a pivotal role in making it possible. The European Cybercrime Centre (EC3) led the path forward to bring all the law enforcement agencies together for devising a joint strategy to prepare for the final takedown.
Edvardas Šileris, Head of Europol’s European Cybercrime Centre, said, “The strong working relationship fostered by Europol between the investigators involved in this case on either side of the world was central in bringing down this service.”
The VPN Safe-Inet taken down by 🇩🇪 🇫🇷 🇳🇱 🇨🇭 🇺🇸 in an operation supported by #Europol. Safe-Inet was being used by some of the world’s biggest cybercriminals.
Its servers are now offline and more investigations are ongoing.
— Europol (@Europol) December 22, 2020
Safe-Inet’s seizure served as an example of the much-needed international cooperation between countries to take down cybercriminals and make the internet a safer space.
What the U.S. DoJ Said
According to the statement by the U.S. Department of Justice, Operation Nova helped seize three domains providing similar services – SAFE-INET.COM, SAFE-INET.NET and INSORG.ORG – which were used for criminal activities. It added that the service websites were offered in English and Russian languages, shedding light on the geo-targets of its providers.
Post the seizure, all agencies are further investigating the log files and physical infrastructure confiscated from Safe-Inet to get a hold of all the cybercriminals using it as a service.