Police Hacked a VPN Where Criminals Felt ‘Safe’
▼ Summary
– European law enforcement seized the VPN service First VPN and arrested its administrator, after infiltrating the service and identifying thousands of users linked to ransomware and other crimes.
– The operation was led by France and the Netherlands with support from Europol and Eurojust, and involved security vendor Bitdefender.
– First VPN was promoted on Russian-language cybercrime forums as a trusted tool for criminals, offering anonymous payments, hidden infrastructure, and services designed for illicit use.
– Investigators gained access to the service’s user database and identified VPN connections used by cybercriminals, leading to operational leads for ransomware, fraud, and other offenses.
– The Dutch police stated they accessed criminal traffic from users who mistakenly believed the VPN kept them safe, despite First VPN advertising no-logs and IP concealment features.
European authorities have revealed that they successfully infiltrated a VPN platform widely used by cybercriminals, dismantling the operation and arresting its administrator after gathering intelligence on thousands of users. The takedown targeted First VPN, a service long promoted on Russian-language cybercrime forums as a haven for illegal activities.
Europol announced the results of the coordinated action, which involved law enforcement from France, the Netherlands, and support from Eurojust. The First VPN website now displays a seizure notice, confirming the domain was taken over by international authorities. According to Europol, the service was “used by cybercriminals to conceal ransomware attacks, data theft, and other serious offenses.” For years, it marketed itself as a trusted tool for staying beyond law enforcement’s reach, offering anonymous payment methods, hidden infrastructure, and features tailored specifically for criminal use.
The investigation began in December 2021. At some point, investigators “gained access to the service, obtained its user database, and identified VPN connections used by cybercriminals seeking to conceal their activities,” Europol stated. Security firm Bitdefender assisted law enforcement during the operation. The resulting intelligence exposed “thousands of users linked to the cybercrime ecosystem” and generated operational leads connected to ransomware attacks, fraud schemes, and other serious offenses worldwide.
A statement from the Dutch National Police Corps emphasized that before the domain was seized, “police had access to the criminal traffic of the users of the service, who mistakenly believed themselves to be safe.” An archived version of the First VPN website from the Internet Archive shows it advertised the ability to hide IP addresses, encrypt all communications, and conceal user actions “from the provider and other interested persons.” Like many VPN providers, First VPN also made the standard “no logs” promise, assuring customers that no records would be stored that could be handed over to law enforcement or third parties.
(Source: Ars Technica)
