According to their statements, law enforcement officers from Europe and the USA have struck a heavy blow against cybercrime. On Monday you switched off the “Safe-Inet” service and confiscated its web domains. There was also a “Virtual Private Network” (VPN) offering that many online criminals are said to have used to cover their tracks such as IP addresses. Europol calls it the “favorite VPN” of cyber criminals.
Five levels of anonymization
The anonymization service has been running since 2009. Its operators advertised with a lot of “positive feedback” from customers. According to the authorities, it has been used by some of the world’s biggest cyber criminals to conduct phishing, ransomware attempts, and web-skimming to intercept payment information. The VPN offer is at a comparatively high price primarily to the criminal underworld been marketed as one of the best tools available and covered up to 5 levels of anonymization.
The focus department for cybercrime of the Stuttgart public prosecutor’s office and the Reutlingen police headquarters initiated the investigations leading to the international “Operation Nova” and the seizure of a total of almost 50 servers and other IT infrastructure in Germany, the Netherlands, Switzerland, France and the USA led. The shutdown was coordinated via the European Multidisciplinary Platform Against Criminal Threats (Empact). The investigators also secured user data and accounts, which are now to be evaluated.
According to the German authorities involved, cyber specialists from the Esslingen criminal police department initially succeeded in “penetrating the criminal IT infrastructure and tracing back to the servers that have now been confiscated”. An essential component of this success was the excellent cooperation, in particular with Europol, the FBI, the Aargau canton police, the Swiss Federal Police, the police of the Netherlands, the French Police Nationale and the respective judicial authorities.
In the successive evaluation of the data that had already been secured during the previous investigations, the investigators stated that they repeatedly encountered indications of long-term cyber attacks that were directed against a large number of companies. For many, encryption of their data and thus a failure of their IT systems were imminent. All in all, around 250 companies spied on by the perpetrators were identified worldwide and mostly saved from blackmail in good time.
The FBI pointed out that the provider had acted as a particularly shielded “bulletproof hoster” and offered support in Russian and English. The service formerly known as “Insorg” was used to compromise networks around the world.