【AI前沿】Police boast of hacking VPN where criminals "believed themselves to be safe"

Plenty of logsPolice boast of hacking VPN where criminals “believed themselves to be safe”Law enforcement intercepted VPN traffic, seized domains, and arrested its operator.Jon Brodkin–May 22, 2026 2:43 pm|22Screenshot of the First VPN website after its domain was seized.Screenshot of the First VPN website after its domain was seized.Text settingsStory textSizeSmallStandardLargeWidthStandardWideLinksStandardOrange Subscribers onlyLearn moreMinimize to navEuropean law enforcement say they hacked into a VPN (virtual private network) service used for ransomware attacks and other crimes, and identified thousands of users before shutting the VPN down and arresting its administrator.Europolannounced yesterday the results of the operationagainst the service, First VPN. The First VPNwebsitenow displays a message saying the domain was seized by a joint international law enforcement action.“A VPN service used by cybercriminals to conceal ransomware attacks, data theft, and other serious offenses has been dismantled in an international operation led by France and the Netherlands, with support from Europol and Eurojust,” the agency said. “For years, the service, known as ‘First VPN,’ was promoted on Russian-speaking cybercrime forums as a trusted tool for remaining beyond the reach of law enforcement. It offered users anonymous payments, hidden infrastructure, and services designed specifically for criminal use.”The probe began in December 2021. At some point, “investigators gained access to the service, obtained its user database and identified VPN connections used by cybercriminals seeking to conceal their activities,” Europol said. Security vendor Bitdefender helped law enforcement conduct the operation, Europol said.“The gathered intelligence exposed thousands of users linked to the cybercrime ecosystem and generated operational leads connected to ransomware attacks, fraud schemes, and other serious offenses worldwide,” according to Europol.Users “mistakenly believed themselves to be safe”Astatement from the Dutch National Police Corpssaid that before the domain seizures, “police had access to the criminal traffic of the users of the service, who mistakenly believed themselves to be safe.”AnInternet Archive captureof the now-defunct VPN service’s website shows it advertised the ability to conceal one’s IP address, encrypt all communications, and hide one’s actions “from the provider and other interested persons.” First VPN also made the “no logs” promise that is common among VPN providers to assure customers that they don’t store records that could be handed to law enforcement or other third parties.“All of our servers, meet high security requirements and do not keep logs, are set up by specialists with vast experience in this field. Big Brother is watching you, we are not!” the website said.Like many online platforms, VPNs can be used for both legitimate and criminal purposes. It’s difficult or impossible for users to know whether a VPN service’s privacy and security claims are credible.The risk of law enforcement infiltrating a VPN provider’s internal systems adds to that uncertainty for users, although Dutch police stressed that this particular VPN service “was considered criminal, because it specifically targeted cyber criminals and gave them the opportunity to protect their identity.”FBI: 25 ransomware groups used First VPNFirst VPN “mainly advertised on the cyber criminal forums known to the police and thus expressly approached cyber criminals as potential clients,” Dutch police said. “The website of the service also stated that any cooperation with the judiciary would be denied, that the service was not subject to any jurisdiction and that no data on users was stored. As a result, the service pretended to be reliable and its users safe, which in reality was not the case.”Eurojust, the European Union Agency for Criminal Justice Cooperation,saidthat “First VPN’s website promoted itself by emphasizing anonymity, promising its users that it would not cooperate with any judicial authority, that it would not store data, and that the service would not be subject to any jurisdiction.”First VPN had been active since 2014 and provided 32 exit node servers in 27 countries, the FBI said in anintelligence alertyesterday. It advertised in Russian-language forums that “provide marketplaces for cyber criminals to buy and sell unauthorized access to computer systems, stolen personal identifying information, hacking tools, and contraband,” according to the agency.“At least 25 ransomware groups, such as Avaddon Ransomware, have used First VPN Service infrastructure to perform network reconnaissance and intrusions,” the FBI said. “First VPN Service IP addresses have been used for scanning activity, botnets, denial of service attacks, scams, and hacking.”The scanning activity observed from First VPN IP addresses was “consistent with adversary efforts to identify open ports, services, and network configurations,” the FB