Russian-based VPN service DoubleVPN has been officially shut down by the Dutch National Police and additional international law enforcement, after failing to provide full anonymity for its customers — which so happened to be malicious hackers.
Seized on July 29, 2021, law enforcement gained access to the encryption service’s servers and seized personal information, logs, and statistics of all customers, meaning DoubleVPN stored private data of anyone using it. Bad news for those using it for cybercriminal activities.
As spotted by BleepingComputer, DoubleVPN was commonly advertised on cybercriminal forums, promising to hide the identity and location of threat hackers utilizing ransomware and phishing scams.
“International law enforcement continues to work collectively against facilitators of cybercrime, wherever and however it is committed. The investigation regarding customer data of this network will continue,” the blocked DoubleVPN website now states.
According to Europol, the VPN service provided customers “single, double, triple and even quadruple VPN-connections.” Also known as multi-hop, this feature allowed threat actors to add an extra layer of protection, hiding their originating IP address by connecting to a chain of VPN servers. However, it’s all for nothing if a VPN service keeps a user’s logs.
DoubleVPN servers across the world have now been taken down, after a coordinated takedown by the Dutch National Police (Politie), with international activity coordinated by Europol and Eurojust, along with additional judicial authorities in Europe, the U.S. and Canada.
Can we trust VPN services?
Speaking with CEO of Exidio — the development arm of VPN service Sentinel — Dan Edlebeck, you’ll find many VPN companies claim they’re not logging user data. However, these companies aren’t open-source. This means they can’t prove the “no-logging” guarantee — which you’ll often find on VPN service websites — is taking place.
To help with these claims, companies will have third-party audits so they can validate and assure users there is no logging taking place. ExpressVPN recently used auditing firm PricewaterhouseCoopers (PwC) to confirm the VPN service’s privacy protection, while NordVPN also used PwC to evaluate its no-logs claims.
One of a VPN’s main use cases is protecting a customer’s traffic, information and personal data. By keeping user’s personal information, DoubleVPN didn’t truly provide anonymity. For more information on logs, check out our interview with the Exidio CEO, and for more trustworthy providers, check out the best VPN services today.