European authorities took down a prominent virtual private network service used by cybercriminals and arrested the alleged administrator in Ukraine in a two-day operation earlier this week, Europol said Thursday. Officials also dismantled 33 servers and seized multiple domains linked to First VPN.
KEY FACTS
- Service First VPN was used to hide infrastructure and identities.
- Scope Officials said it appeared in almost every major recent cybercrime investigation aided by Europol.
- Action Authorities seized domains including 1vpns.com, 1vpns.net and 1vpns.org.
- Impact Investigators identified thousands of users tied to cybercrime and opened leads on ransomware and fraud cases.
A Europol disclosure said the service was promoted on Russian-speaking cybercrime forums and became popular with users trying to conceal their infrastructure. Officials said the takedown was led by France and the Netherlands, with support from Europol, Eurojust and eight other countries.
Investigators obtained the service’s user database and identified VPN connections used by alleged cybercriminals. The disclosure said the intelligence gathered during the operation produced leads linked to ransomware attacks and fraud schemes, and it is being used in 21 additional inquiries worldwide.
French and Dutch authorities began investigating First VPN in earnest in November 2023 and shared evidence with 16 countries to coordinate data analysis and support other investigations. Europol also said users were notified of the shutdown and warned that their identities are now known to authorities.
WHY IT MATTERS
The operation removes a tool that officials say helped criminals hide online activity and evade detection. It also gives investigators new data that could support other cases involving ransomware, fraud and related cybercrime networks.