investigators infiltrated the VPN infrastructure before it went offline, enabling collection of traffic data to identify users.

Tom’s Guide notes the VPN testing focus is on legal uses and does not condone illegal activity with VPN services.

Industry response underscored that targeting infrastructure disrupts multiple operations, forcing attackers to move and reassess exposure, aiding broader intelligence efforts.

First VPN operated as a marketplace and forum favorite for cybercriminals, promising protection against identification.

A major international law enforcement operation dismantled the First VPN service, linked to ransomware and data theft, seizing 33 servers across 27 countries and prompting the Ukrainian suspect’s questioning.

Europol emphasizes that privacy tools aren’t the problem; criminals exploit legitimate infrastructure, and compromising that infrastructure erodes anonymity quickly.

The takedown is a significant public-safety win, potentially accelerating follow-on investigations, with Bitdefender providing crucial assistance.

Experts say disrupting anonymization services increases criminals’ operational costs and shortens the window to launch new services, though the category isn’t eliminated and adaptation will continue.

Targeted domains included 1vpns.com, 1vpns.net, 1vpns.org and related .onion sites, with messages sent to all users announcing the takedown and identification.

Eurojust facilitated the case since 2022, establishing a joint investigation team in 2023 to bolster cross-border cooperation, evidence-sharing, and prosecutorial strategy.

Next steps involve analyzing seized infrastructure, tracing connections to known groups, and continuing international cooperation to deter anonymization services in cybercrime.

The operation exposed the platform’s user database, alerting thousands that their identities had been compromised.