- Joined
- May 15, 2016
- Messages
- 13,922
- Likes
- 2,643
- Points
- 1,730
The popular VPN provider NordVPN, which promises to "protect your privacy on the Internet," confirmed the fact of breaking the internal network more than a year ago .
The company admitted this after rumors, and then incontrovertible evidence: on 8chan , the NordVPN secret encryption key was expired (expired in the Web Archive ) and root access logs to NordVPN . Theoretically, with such a key, anyone can raise their NordVPN server .
NordVPN representatives explainedthat the hack took place in March 2018: “There was unauthorized access to one of the data centers in Finland, where we rent servers,” said NordVPN spokeswoman Laura Tyrell.
The company found out about the violation “several months ago”, but until today did not disclose information, because “it wanted to be 100% sure that every component in our infrastructure is safe.”
An attacker gained access to the server using an insecure remote control system from a data center provider. NordVPN says it did not know about the existence of such a system. The company also does not name a specific data center.
Recently, VPN providers have become increasingly popular because they allow you to hide traffic from your Internet provider and other MiTIM entities, while allowing you to bypass blockages at the national level and gain access to services that work only in certain countries (via GeoIP).
The VPN provider routes your traffic through the encrypted channel so that the external observer cannot analyze the packets. But often this means keeping your browsing history with the VPN provider. For its part, NordVPN has announced a zero-log policy . “We do not track, collect or transmit your personal data,” the company promises.
“The server itself did not contain any user activity logs; None of our applications send user credentials for authentication, so usernames and passwords could also not be intercepted, the spokesman said. “At the same time, the only possible way to abuse it was to perform a personalized and complex man-in-the-middle attack to intercept one connection that was trying to access NordVPN.”
According to the spokesperson, the leaked private key could not be used to decrypt VPN traffic on some other server.
According to independent experts, the facts of penetration into the internal network and leakage of the secret key indicate a complete remote compromise of the systems of this provider: "This should deeply concern everyone who uses or promotes specific services [VPN]."
NordVPN representatives emphasized that only one server was hacked, and the rest were not affected. A security researcher in a TechCrunch comment replied that NordVPN ignores the main problem of an attacker’s possible access through the network: “Your car was just stolen, but what kind of buttons
did you click on the radio?” NordVPN says that they have a high-quality intrusion detection system installed, but "no one could know about the secret remote control system left by the [data center] provider."
There is information that in addition to NordVPN, several other VPN providers, namely TorGuard and VikingVPN, suffered.