Skip to main content
Press Release

U.S. LAW ENFORCEMENT JOINS INTERNATIONAL PARTNERS TO DISRUPT A VPN SERVICE USED TO FACILITATE CRIMINAL ACTIVITY

For Immediate Release
U.S. Attorney's Office, Eastern District of Michigan
Seized Websites Allegedly Offered VPN and Proxy Services To Individuals for Illegal Activities

DETROIT – United States Attorney Matthew Schneider announced today that law enforcement in the United States has worked jointly in support of an international takedown of a virtual private network (VPN), dubbed “Operation Nova.”  Domain names offered by an organization engaged in “bulletproof hosting” that provided assistance to cyber-criminals were seized, and related servers were shut down. U.S.-based servers used in the scheme were taken offline by U.S. authorities, while International partners did the same.

Schneider was joined in the announcement by Special Agent in Charge Timothy Waters of the Federal Bureau of Investigation (FBI) in Detroit.

The coordinated effort was led by the German Reutlingen Police Headquarters together with Europol, the FBI and other law enforcement agencies from around the world.  Today, law enforcement from around the world conducted a coordinated takedown of servers in at least five different countries, in addition to the domain seizures.

The investigation revealed that three domains— INSORG.ORG; SAFE-INET.COM; SAFE-INET.NET.—offered “bulletproof hosting services” to website visitors.  A “bulletproof hosting service” is an online service provided by an individual or an organization that is intentionally designed to provide web hosting or VPN services for criminal activity.  These services are designed to facilitate uninterrupted online criminal activities and to allow customers to operate while evading detections by law enforcement.  Many of these services are advertised on online forums dedicated to discussing criminal activity.  A bulletproof hoster’s activities may include ignoring or fabricating excuses in response to abuse complaints made by their customer’s victims; moving their customer accounts and/or data from one IP address, server, or country to another to help them evade detection; and not maintaining logs (so that none are available for review by law enforcement).  By providing these services, the bulletproof hosts knowingly support the criminal activities of their clients and become coconspirators in criminal schemes.

Much of the criminal activity occurring on the network involved cyber actors responsible for ransomware, E-skimming breaches, spearphishing, and account takeovers.  The service’s website offered support in Russian and English languages, at a high price to the criminal underworld.  This infrastructure preferred by cybercriminals was used to compromise networks all around the world.

The seized domains are in the custody of the federal government. Visitors to the sites will now find a seizure banner that notifies them that the domain name has been seized by federal authorities facilitating computer intrusions is a federal crime.

The Justice Department’s Office of International Affairs provided investigative assistance.  The Justice Department thanks Germany’s Reutlingen Police Headquarters (Polizeipräsidium Reutlingen),  The Netherlands’ National Police (Politie), Switzerland’s Cantonal Police of Argovia (Kantonspolizei Aargau), France’s Judicial Police (Direction Centrale de la Police Judiciaire) and Europol’s European Cybercrime Centre (EC3) for their assistance and collaboration in this matter.

###

Updated December 22, 2020

Topic
Cybercrime