VPNLab was a VPN service that catered to cyber criminals. The service was shut down by following a seizure Europol in January 2022. [1] [2]
VPNLab was created in 2008. The service advertised VPN servers in multiple countries and offered double encryption. The service was known for providing services to cyber criminals, specifically ransomware authors. [3] The site accepted a variety of payments, including WebMoney and Bitcoin. The "DoubleVPN" service was offered at $129 a year. [4] The owners advertised the website on the dark web. [5]
On January 17, 2022, Europol, along with other national law enforcement agencies seized VPNLab's domain. As of January 19, 2022, no arrests were made. Along with Europol, the FBI (United States), Central Directorate of the Judicial Police (France), and National Crime Agency (United Kingdom) were involved in the site raid.
Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.
Avalanche was a criminal syndicate involved in phishing attacks, online bank fraud, and ransomware. The name also refers to the network of owned, rented, and compromised systems used to carry out that activity. Avalanche only infected computers running the Microsoft Windows operating system.
The dark web is the World Wide Web content that exists on darknets: overlay networks that use the Internet but require specific software, configurations, or authorization to access. Through the dark web, private computer networks can communicate and conduct business anonymously without divulging identifying information, such as a user's location. The dark web forms a small part of the deep web, the part of the web not indexed by web search engines, although sometimes the term deep web is mistakenly used to refer specifically to the dark web.
The Microsoft Digital Crimes Unit (DCU) is a Microsoft sponsored team of international legal and internet security experts employing the latest tools and technologies to stop or interfere with cybercrime and cyber threats. The Microsoft Digital Crimes Unit was assembled in 2008. In 2013, a Cybercrime center for the DCU was opened in Redmond, Washington. There are about 100 members of the DCU stationed just in Redmond, Washington at the original Cybercrime Center. Members of the DCU include lawyers, data scientists, investigators, forensic analysts, and engineers. The DCU has international offices located in major cities such as: Beijing, Berlin, Bogota, Delhi, Dublin, Hong Kong, Sydney, and Washington, D.C. The DCU's main focuses are child protection, copyright infringement and malware crimes. The DCU must work closely with law enforcement to ensure the perpetrators are punished to the full extent of the law. The DCU has taken down many major botnets such as the Citadel, Rustock, and Zeus. Around the world malware has cost users about $113 billion and the DCU's jobs is to shut them down in accordance with the law.
Operation In Our Sites is an ongoing effort by the U.S. government's National Intellectual Property Rights Coordination Center to detect and hinder intellectual property violations on the Internet. Pursuant to this operation, governmental agencies arrest suspects affiliated with the targeted websites and seize their assets including websites' domain names. Web users intending to access targeted websites are directed to the server operated by the U.S. government, and greeted with a graphic bearing the seals of the United States Department of Justice (DOJ), the National Intellectual Property Rights Coordination Center (NIPRCC), and U.S. Immigration and Customs Enforcement (ICE).
Operation Onymous was an international law enforcement operation targeting darknet markets and other hidden services operating on the Tor network.
AlphaBay was a darknet market operating at different times between September 2014 and February 2023. At times, it was both an onion service on the Tor network and an I2P node on I2P. After it was shut down in July 2017 following law enforcement action in the United States, Canada, and Thailand as part of Operation Bayonet, it was relaunched in August 2021 by the self-described co-founder and security administrator DeSnake. The alleged original founder, Alexandre Cazes, a Canadian citizen born on 19 October 1991, was found dead in his cell in Thailand several days after his arrest, with police suspecting suicide.
A darknet market is a commercial website on the dark web that operates via darknets such as Tor and I2P. They function primarily as black markets, selling or brokering transactions involving drugs, cyber-arms, weapons, counterfeit currency, stolen credit card details, forged documents, unlicensed pharmaceuticals, steroids, and other illicit goods as well as the sale of legal products. In December 2014, a study by Gareth Owen from the University of Portsmouth suggested the second most popular sites on Tor were darknet markets.
dark0de, also known as Darkode, is a cybercrime forum and black marketplace described by Europol as "the most prolific English-speaking cybercriminal forum to date". The site, which was launched in 2007, serves as a venue for the sale and trade of hacking services, botnets, malware, stolen personally identifiable information, credit card information, hacked server credentials, and other illicit goods and services.
Operation Shrouded Horizon was an 18-month international law enforcement investigation culminating in the July 2015 seizure of Darkode, an online cybercrime forum and black market, and the arrest of several of its members. The case involved law enforcement agencies from 20 countries, led by the United States Federal Bureau of Investigation (FBI) with the assistance of Europol, in what the FBI called "the largest-ever coordinated law enforcement effort directed at an online cyber criminal forum".
Operation Bayonet was a multinational law enforcement operation culminating in 2017 targeting the AlphaBay and Hansa darknet markets. Many other darknet markets were also shut down.
REvil was a Russia-based or Russian-speaking private ransomware-as-a-service (RaaS) operation. After an attack, REvil would threaten to publish the information on their page Happy Blog unless the ransom was received. In a high profile case, REvil attacked a supplier of the tech giant Apple and stole confidential schematics of their upcoming products. In January 2022, the Russian Federal Security Service said they had dismantled REvil and charged several of its members.
Windscribe is a commercial, cross-platform virtual private network (VPN) service provider based in Canada.
The ANOM sting operation is a collaboration by law enforcement agencies from several countries, running between 2018 and 2021, that intercepted millions of messages sent through the supposedly secure smartphone-based proprietary messaging app ANOM. The ANOM service was widely used by criminals, but instead of providing secure communication, it was actually a trojan horse covertly distributed by the United States Federal Bureau of Investigation (FBI) and the Australian Federal Police (AFP), enabling them to monitor all communications. Through collaboration with other law enforcement agencies worldwide, the operation resulted in the arrest of over 800 suspects allegedly involved in criminal activity, in 16 countries. Among the arrested people were alleged members of Australian-based Italian mafia, Albanian organised crime, outlaw motorcycle clubs, drug syndicates and other organised crime groups.
Hydra was a Russian language dark web marketplace, founded in 2015, that facilitated trafficking of illegal drugs, financial services including cryptocurrency tumbling for money laundering, exchange services between cryptocurrency and Russian rubles, and the sale of falsified documents and hacking services. On April 5, 2022, American and German federal government law enforcement agencies announced the seizure of the website's Germany-based servers and cryptocurrency assets. Before its closure, it had been the longest-running dark web marketplace. The United States Department of Justice has indicted one Russian man for his role in running the servers for the website.
ispoof.cc was a website used by many people to make unauthorised phone calls while displaying a caller ID falsely indicating that they were legitimate callers. In 2021 and 2022 it was part of an investigation by numerous law enforcement agencies into frauds enabled by this caller ID spoofing. It was shut down in November 2022 as the result of Operation Elaborate, a multi-agency investigation led by the Metropolitan Police and supported by Netherlands Police, Europol and Eurojust. As of 2022, it is the largest fraud investigation that has ever taken place in the United Kingdom.
Operation PowerOFF is an ongoing joint operation by the FBI, EUROPOL, the Dutch National Police Corps, German Federal Criminal Police Office, Poland Cybercrime Police and the UK National Crime Agency to close "booter/stresser" services offering DDoS attack services for hire. Beginning in 2018, the operation shut down 48 websites offering DDoS services, and six people were arrested in the United States. Multiple companies, including Cloudflare, PayPal, and DigitalOcean provided information to the FBI to assist in the seizure.
BreachForums is an English-language black hat–hacking crime forum. The website acted as an alternative and successor to RaidForums following its shutdown and seizure in 2022. Like its predecessor, BreachForums allows for the discussion of various hacking topics and distributed data breaches, pornography, hacking tools and various other services.
Genesis Market was a cybercrime-facilitation website noted for its easy-to-use interface. It enabled users to spoof over two million different victims, providing access to their bank accounts.
Hive was a ransomware as a service (RaaS) operation carried out by the eponymous cybercrime organization between June 2021 and January 2023. The group's purpose was to attack mainly public institutions to subsequently demand ransom for release of hijacked data.