Ukraine's cyber police have successfully apprehended a 28-year-old self-taught hacker from Khmelnytskyi accused of operating an illicit VPN service called Startup. This operation enabled users within Ukraine to gain unauthorized access to the Russian internet segment, known as Runet, circumventing national security restrictions.
The unauthorized VPN service called Startup reportedly provided access to over 48 million Runet IP addresses, with a daily network traffic volume exceeding 100 gigabytes. It was managed from an autonomous server within his residence, supplemented by rented servers located in Germany, France, the Netherlands, and Russia.
The operator advertised the service through Telegram channels and online forums, posing as the project developer. He now faces severe legal repercussions, potentially facing up to 15 years in prison.
Following sanctions imposed by Ukraine's National Security and Defense Council (NSDC), access to the Runet, encompassing sites with ".ru" and ".su" domains, is strictly prohibited.Â
The VPN service, established in the aftermath of Russia's invasion of Ukraine, facilitated access for Russians in occupied territories and sympathetic individuals across Ukraine, in violation of Part 5 of Article 361 of the Criminal Code of Ukraine.Â
The Ukrainian authorities have expressed concerns that the VPN service may have exposed user information to Russian intelligence agencies. This raises significant security implications, considering the potential for data leakage and espionage activities.
During the arrest and subsequent searches in Khmelnytskyi and Zhytomyr, police seized server equipment, computers, and mobile phones. The investigation is ongoing, with authorities analyzing the confiscated data to identify any additional accomplices or Russian operatives involved in the scheme.
In other recent news on VPNs, the Audiovisual Anti-Piracy Alliance published a document announcing intentions to extend blockades to VPNs, web browsers, search engines, and others.