Raid in Germany: Authorities shut down cybercrime hoster RedVDS
International investigators and Microsoft struck a blow against cybercrime hoster RedVDS, whose servers were also in Germany.
(Image: Gorodenkoff/Shutterstock.com)
International law enforcement agencies, together with Microsoft, have taken down the virtual hoster RedVDS, whose infrastructure is alleged to have been used for various fraudulent activities. The core of the service frequented by IT criminals is said to have been a data center in Germany.
Starting at US$24 per month, RedVDS offered virtual dedicated servers and international IP addresses, as well as other anonymous services. According to Microsoft and law enforcement findings, the offering was used for numerous fraud cases. After the act, the servers are deleted, thus hindering investigations.
"Digital Crime Tool"
"This offering was designed to provide cybercriminals with a digital crime tool to enable the largely anonymous commission of offenses," it states in the declaration by the Central Office for Internet and Computer Crime (ZIT) at the Public Prosecutor General's Office in Frankfurt and the Brandenburg State Criminal Police Office.
A physical location of RedVDS was in a data center in Germany. Authorities have seized servers there. According to dpa, the data center is located in Limburg an der Lahn. Suspects were not arrested. They are presumed to be in a Middle Eastern country not specified.
Microsoft names the group operating RedVDS as "Storm-2470". The platform has been used by numerous other observed actors, according to an analysis by the corporation.
Phishing and Boss Fraud
According to Microsoft, the Red VDS platform was used "for a wide variety of purposes," including mass phishing emails or "hosting scam infrastructure." Within a month, perpetrators are said to have sent an average of one million phishing messages per day to Microsoft customers via more than 2,600 virtual machines from RedVDS.
RedVDS is also said to have been used for the currently popular payment redirection fraud scam. In this scam, perpetrators gain access to their victims' computer systems via phishing to spy on them. During upcoming payment transactions, for example by companies or real estate agents, they can then convincingly impersonate involved parties, falsify invoices, and redirect payments.
Videos by heise
"RedVDS is an online subscription service and part of the growing Cybercrime-as-a-Service ecosystem – a shadow economy where IT criminals buy and sell services and tools to carry out large-scale attacks," explains Steven Masada from Microsoft's Digital Crimes Unit.
Millions in Damages Only "Tip of the Iceberg"
According to Microsoft, RedVDS was involved in one of the largest fraud cases of recent years as a platform. In the USA alone, damages of 40 million US dollars (34.3 million euros) have occurred in the past seven months. "But that's just the tip of the iceberg," a spokesperson told dpa.
Among the victims were, on the one hand, the pharmaceutical company H2 Pharma from the US state of Alabama, which was defrauded of 7.3 million dollars. A condominium association in Florida was also affected, losing almost 500,000 dollars.
"Microsoft is very grateful to H2 Pharma and the Gatehouse Dock Condominium Association for coming forward and sharing their experiences," Masada emphasized. "Their cooperation made this action possible."
German investigators assume hundreds of victims in Germany, and a low double-digit number in Brandenburg. The Brandenburg State Criminal Police Office is leading the investigation.
Investigators are increasingly targeting the online infrastructure of criminals. Last November, Dutch police managed to dismantle a so-called bulletproof hoster. In 2019, Germany was the scene of a spectacular raid in the Cyberbunker. Its operators have since been legally sentenced to prison terms.
(vbr)
