Europol and law enforcement wiretapped the virtual private network service used by the world’s most notorious cyber criminals to evade interception and took them down on 12-21-2020!
This was done in a coordinated law enforcement action led by the German Reutlingen Police Headquarters together with Europol and law enforcement agencies from around the world. The Safe-Inet service was shut down and its infrastructure seized in Germany, the Netherlands, Switzerland, France and the United States. The servers were taken down, and a splash page prepared by Europol was put up online after the domain seizures. This coordinated takedown was carried out in the framework of the European Multidisciplinary Platform Against Criminal Threats (EMPACT)
Active for over a decade, Safe-Inet was being used by some of the world’s biggest cybercriminals, such as the ransomware operators responsible for ransomware, E-skimming breaches and other forms of serious cybercrime.
This VPN service was sold at a high price to the criminal underworld as one of the best tools available to avoid law enforcement interception, offering up to 5 layers of anonymous VPN connections.
Law enforcement were able to identify some 250 companies worldwide which were being spied on by the criminals using this VPN. These companies were subsequently warned of an imminent ransomware attack against their systems, allowing them to take measures to protect themselves against such an attack.
The service has now been rendered inaccessible.
Investigations are ongoing in a number of countries to identify and take action against some of Safe-Inet’s users.
International cyber sweep
International police cooperation was central to the success of this investigation as the critical infrastructure was scattered across the world.
Europol’s European Cybercrime Centre (EC3) supported the investigation from the onset, bringing together all the involved countries to establish a joint strategy and to organise the intensive exchange of information and evidence needed to prepare for the final phase of the takedown.
The Police President of the Reutlingen Police Headquarters, Udo Vogel, said:
The investigation carried out by our cybercrime specialists has resulted in such a success thanks to the excellent international cooperation with partners worldwide. The results show that law enforcement authorities are equally as well connected as criminals.
The Participating agencies:
- Germany: Reutlingen Police Headquarters (Polizeipräsidium Reutlingen)
- The Netherlands: National Police (Politie)
- Switzerland: Cantonal Police of Argovia (Kantonspolizei Aargau)
- United States: Federal Bureau of Investigation
- France: Judicial Police (Direction Centrale de la Police Judiciaire)
- Europol: European Cybercrime Centre (EC3)
|Cybercrime||To fight cybercrime, by (1) disrupting the criminal activities related to attacks against information systems, particularly those following a Crime-as-a-Service business model and working as enablers for online crime, by (2) combating child sexual abuse and child sexual exploitation, including the production and dissemination of child abuse material, and by (3) targeting criminals involved in fraud and counterfeiting of non-cash means of payment, including large-scale payment card fraud (especially card-not-present fraud), emerging threats to other non-cash means of payment and enabling criminal activities.|
|Drug trafficking||To (1) disrupt the activities of Organized Crime Groups (OCGs) involved in the wholesale trafficking of cannabis, cocaine and heroin to the EU, to (2) tackle the criminal networks involved in the trafficking and distribution of multiple types of drugs on EU markets and to (3) reduce the production of synthetic drugs and New Psychoactive Substances (NPS) in the EU and to dismantle OCGs involved in their production, trafficking and distribution.|
|Facilitation of illegal immigration||To disrupt OCGs who facilitate illegal immigration by providing facilitation services to irregular migrants along the main migratory routes crossing the external border of the EU and within the EU, particularly focussing on those whose methods endanger people’s lives, those offering their services online and making use of document fraud as part of their business model.|
|Organized property crime||To combat organized property crime by concentrating on disrupting highly mobile OCGs carrying out organised thefts and burglaries across the EU. This should include OCGs using new technologies or enhanced countermeasures which exploit the lacking interoperability of cross-border surveillance tools.|
|Trafficking in human beings||To fight against the trafficking in human beings (THB) in the EU for all forms of exploitation, including sexual and labour exploitation as well as all forms of child trafficking.|
|Excise and MTIC fraud||To disrupt the capacity of OCGs and specialists involved in excise fraud and Missing Trader Intra Community (MTIC) fraud.|
|Illicit firearms trafficking||To disrupt OCGs involved in the illicit trafficking, distribution and use of firearms.|
|Environmental crime||To disrupt OCGs involved in environmental crime, more particularly wildlife and illicit waste trafficking.|
|Criminal finances and money laundering||To combat criminal finances and money laundering and facilitate asset recovery in view of effectively confiscating the criminal profits of OCGs, especially targeting money laundering syndicates offering money laundering services to other OCGs and those OCGs making extensive use of emerging new payment methods to launder criminal proceeds.|
|Document fraud||To combat document fraud in the EU, targeting OCGs involved in the production and provision of fraudulent and false documents to other criminals.|
There is a lot taking place behind the scenes and more to come.