A coordinated effort between global law enforcement agencies—led by the Dutch National Police—shut down a VPN service that was advertised on cybercrime forums. The VPN company promised users the ability to double- and triple-encrypt their web traffic to obscure their location and identity.

The service, called DoubleVPN, had its domain page seized on June 29. According to a splash page that has replaced DoubleVPN’s domain, in seizing the VPN’s infrastructure, law enforcement also seized “personal information, logs, and statistics kept by DoubleVPN about all of its customers.”

“Servers were seized across the world where DoubleVPN had hosted content, and the web domains were replaced with a law enforcement splash page,” Europol said in a press release issued Wednesday. The takedown effort received support from law enforcement and judicial authorities in The Netherlands, Germany, the United Kingdom, Canada, the United States, Sweden, Italy, Bulgaria, and Switzerland, along with coordination from Europol and Eurojust.

According to an archive of DoubleVPN’s domain before it was seized, the company offered “simple,” “double,” and “triple” encryption to customers. Like any VPN service, DoubleVPN told its users that their web activity would first be encrypted through a VPN tunnel before connecting them to the Internet. The additional layers of encryption advertised by the company—which came in costlier monthly subscription plans—came from additional connections to VPN servers that DoubleVPN controlled.

In its press release, Europol said DoubleVPN “was heavily advertised on both Russian and English-speaking underground cybercrime forums as a means to mask the location and identities of ransomware operators and phishing fraudsters.” A screen capture taken by the news outlet BleepingComputer appears to support this. In the image, a hacker forum user is answering a question about the “best, fully anonymous” VPN service and they offer two options. One of those options is DoubleVPN.


Hear the story of how a cyberstalker who hid his activity through a VPN was eventually caught

This video cannot be displayed because your Functional Cookies are currently disabled.

To enable them, please visit our privacy policy and search for the Cookies section. Select “Click Here” to open the Privacy Preference Center and select “Functional Cookies” in the menu. You can switch the tab back to “Active” or disable by moving the tab to “Inactive.” Click “Save Settings.”

The takedown now marks at least the third time this year that law enforcement agencies across the world have come together to stop cybercrime.

In January, Europol was also involved in taking down the infrastructure of the Emotet botnet, and just two weeks ago, Ukrainian law enforcement officials—aided internationally—arrested several individuals allegedly involved in money laundering for the Clop ransomware gang.