Law enforcement shuts down VPN service used by two dozen ransomware gangs
Law enforcement shuts down VPN service used by two dozen ransomware gangs
执法部门关闭了被二十多个勒索软件团伙使用的 VPN 服务
An international coalition of law enforcement agencies announced Thursday that they took down a popular virtual private network service used by cybercriminals and arrested its administrator. 一个国际执法机构联盟周四宣布,他们取缔了一项被网络犯罪分子广泛使用的虚拟专用网络(VPN)服务,并逮捕了其管理员。
The FBI said in an alert that First VPN was so popular that “at least” 25 ransomware gangs used the service to hide their malicious activity. Cybercriminals also relied on the VPN to scan the internet, run botnets, launch distributed denial-of-service attacks, and for running scams. 美国联邦调查局(FBI)在一份警报中表示,First VPN 非常受欢迎,以至于“至少”有 25 个勒索软件团伙使用该服务来隐藏其恶意活动。网络犯罪分子还依赖该 VPN 来扫描互联网、运行僵尸网络、发动分布式拒绝服务攻击以及进行诈骗。
First VPN operated servers across 27 different countries, according to the bureau. Europol said in an announcement that, apart from offering anonymous connections, First VPN offered cybercriminals anonymous payments, hidden infrastructure, and other services specifically marketed for criminal hackers. 据该局称,First VPN 在 27 个不同的国家运营服务器。欧洲刑警组织在一份公告中表示,除了提供匿名连接外,First VPN 还为网络犯罪分子提供匿名支付、隐藏基础设施以及其他专门针对犯罪黑客营销的服务。
“First VPN had become deeply embedded in the cybercrime ecosystem, appearing in almost every major cybercrime investigation supported by Europol in recent years,” read the announcement. “Criminals used it to conceal their identities and infrastructure while carrying out ransomware attacks, large-scale fraud, data theft, and other serious offences.” 公告写道:“First VPN 已深深植根于网络犯罪生态系统中,近年来欧洲刑警组织支持的几乎每一项重大网络犯罪调查中都能看到它的身影。犯罪分子利用它来隐藏身份和基础设施,同时进行勒索软件攻击、大规模欺诈、数据窃取和其他严重犯罪。”
The service advertised on known cybercrime forums, including at least two Russian-speaking marketplaces, promising criminals protection against being identified. 该服务在知名的网络犯罪论坛上进行广告宣传,包括至少两个俄语市场,承诺为犯罪分子提供保护,使其免于被识别。
“We are for anonymity. We do not store any logs that would allow us or third parties to link an IP address in a specific period of time with a user of our service,” FirstVPN said in one post that TechCrunch has seen. “The only data we store is e-mail and username, but it is impossible to link a user’s online activity with a specific user of our service.” “我们支持匿名。我们不存储任何允许我们或第三方将特定时间段内的 IP 地址与我们的服务用户关联起来的日志,”FirstVPN 在 TechCrunch 看到的一篇帖子中写道。“我们存储的唯一数据是电子邮件和用户名,但不可能将用户的在线活动与我们服务的特定用户关联起来。”
Europol, however, said that First VPN users were notified of the shutdown and “informed that they have been identified.” Investigators said they did this by obtaining the service’s user database and identifying VPN connections, which “exposed thousands of users linked to the cybercrime ecosystem.” 然而,欧洲刑警组织表示,First VPN 的用户已收到关闭通知,并“被告知他们的身份已被识别”。调查人员表示,他们通过获取该服务的用户数据库并识别 VPN 连接完成了这一操作,这“暴露了数千名与网络犯罪生态系统有关联的用户”。
The international law enforcement agency also said First VPN’s administrator was arrested, dozens of servers “dismantled,” and its infrastructure was disrupted — all products of an investigation launched in December 2021. 该国际执法机构还表示,First VPN 的管理员已被逮捕,数十台服务器被“拆除”,其基础设施遭到破坏——这一切都是 2021 年 12 月启动的一项调查的成果。