Cybercrime has become increasingly challenging as efforts to disrupt it have shifted beyond the threat actors themselves towards the infrastructure that enables them to operate at scale have increased. First VPN has been dismantled in a significant enforcement action targeting that ecosystem by authorities. First VPN was alleged to be used as a means of concealing malicious activity and evading investigation by ransomware operators, fraud networks, and data thieves.
Through the coordinated operation, infrastructure spanning dozens of countries was seized, a suspected administrator was identified, and a service disrupted that investigators say had become a recurring element within major cybercrime investigations.
In light of this development, the focus has shifted away from pursuing the individuals responsible for carrying out illicit operations to dismantling the technical foundations which support illicit operations.
Despite playing a legitimate role in modern cybersecurity by encrypting internet traffic, masking IP addresses, and facilitating secure communications across untrusted networks, virtual private network services have also been used to conceal malicious activities.
Despite playing a legitimate role in modern cybersecurity by encrypting internet traffic, masking IP addresses, and facilitating secure communications across untrusted networks, virtual private network services have also been used to conceal malicious activities.
It has been alleged that First VPN developed beyond a conventional privacy service, becoming an integral part of the cybercriminal infrastructure stack, providing threat actors with a means for concealing operating footprints, anonymizing network activity, and complicating attribution.
Europol reports that references to the service have surfaced repeatedly throughout nearly every major cybercrime investigation it has assisted, highlighting its extensive use in preventing money laundering, fraud, and identity theft.
Europol reports that references to the service have surfaced repeatedly throughout nearly every major cybercrime investigation it has assisted, highlighting its extensive use in preventing money laundering, fraud, and identity theft.
On the 19th and 20th of May, authorities conducted a coordinated enforcement action targeting the infrastructure supporting the service, interviewed its suspected administrator, and conducted a house search in Ukraine while at the same time dismantling 33 servers and disrupting global systems thought to facilitate criminal activity.
Additionally, the operation resulted in the seizure of core domains, including 1vpns.com, 1vpns.net, and 1vpns.org, and associated onion services, effectively removing key access points relied upon by its user base. Further, investigators informed users that the service had been discontinued and that they were being scrutinized by law enforcement.
The platform was taken down as a result of an investigation initiated in December 2021 in which Europol’s European Cybercrime Centre and cybersecurity firm Bitdefender assisted authorities in gaining access to the platform’s infrastructure and user database.
By analysing the collected data, investigators were able to map VPN connections that were believed to facilitate criminal activity, uncovered intelligence on thousands of users, and generated actionable leads related to ransomware campaigns, fraud networks, and other serious cyber-enabled crimes across multiple jurisdictions.
By analysing the collected data, investigators were able to map VPN connections that were believed to facilitate criminal activity, uncovered intelligence on thousands of users, and generated actionable leads related to ransomware campaigns, fraud networks, and other serious cyber-enabled crimes across multiple jurisdictions.
The investigation has also revealed a fundamental contradiction in the core of criminal anonymity services, namely, that the promise of complete invisibility is very often dependent on the trustworthiness of the very operators who earn their profits from that promise.
It has been alleged that intelligence recovered during Operation Saffron included a database of VPN users which was capable of identifying specific VPN activities and individuals. This raises seriou
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: