Ukraine arrests rogue VPN operator providing access to Runet

Ukraine's cyber police have arrested a 28-year-old man who operated a massive virtual private network (VPN) service, allowing people from within the country to access the Russian internet (Runet).

Runet is the portion of the internet that includes Russian sites on the ".ru" and ".su" top-level domains, including government sites, social media platforms, search engines, and various news platforms from the country. The Russian government has taken steps to control, restrict, monitor, and isolate from the broader global internet,

Per restrictions and sanctions imposed by Ukraine's National Security and Defense Council (NSDC), access to the Runet is forbidden. Hence, Ukrainian internet service providers (ISPs) block access to Russian platforms from within the country.

The rogue VPN service, which was set up shortly after the Russian invasion of Ukraine, enabled Russians in occupied territories, as well as Russian sympathizers across Ukraine, to bypass the restrictions.

This constitutes a violation of Part 5 of Article 361 of the Criminal Code of Ukraine, for which the self-taught hacker from Khmelnytskyi faces charges that could incur up to 15 years in prison.

According to the police's announcement, the VPN service offered access to over 48 million Runet IP addresses and facilitated network traffic that surpassed 100 gigabytes daily.

"The 'startup' allowed access to more than 48 million IP addresses of the Russian internet segment, bypassing the NSDC sanctions," explained the police.

"According to the investigation, the daily volume of network traffic exceeded 100 gigabytes."

The service was advertised through Telegram channels and related online communities, with the hacker presenting himself as a project developer.

The suspect controlled the rogue VPN service from an autonomous server located in his apartment. At the same time, he also rented servers in Germany, France, the Netherlands, and Russia to facilitate access to the Russian network.

Because of this, the Ukrainian police believe Russian intelligence agents had access to information on the VPN service's users.

During the arrest and associated searches in Khmelnytskyi and Zhytomyr, the police seized server equipment, computers, and mobile phones.

The police are currently analyzing the data, hoping to identify more accomplices or Russian agents working closely with the VPN service operator.