Hack Notice

Hack Notice: VikingVPN

VikingVPN

Source
https://www.pcmag.com/news/371439/nordvpn-torguard-hit-by-hacks-involving-insecure-servers
Description
news & Analysis / NordVPN, TorGuard hit by Hacks Involving Insecure Servers The server did not contain user activity logs, but the hacker stole a transport layer Security key, which temporarily opened the door for a 'man in the middle' attack. The hackers may experience also gained root access to the server, enabling them to potentially view and modify VPN traffic. Michael Kan Icon By Michael Kan October 21, 2019 1:39PM EST Facebook Twitter Linkedin Pinterest Reddit Flipboard Email Copy Encryption and VPNs NordVPN has suffered a hack that may experience allowed a hacker to prospect the customer traffic flowing through a Finland-based VPN server. However, no login credentials were intercepted, the companionship says. The same hacker also strike competitor VPN providers TorGuard and VikingVPN; TorGuard is downplaying the severity of the hack. The hacks, which went unnoticed for at least a year, are stirring up certificate doubts about the affected VPN services, which can prevent net service providers from collecting details on your website lookups. in the case of NordVPN, the nag occurred in mar 2018 at a finnish data centre from which NordVPN was renting servers. The attacker gained access to the server by exploiting an insecure remote management system left by the data heart provider spell we were unaware that such a system existed, NordVPN said in a Monday statement. What was exposed NordVPN has a strict policy against keeping user traffic logs, so the server itself did not contain any user activity logs, it said. None of our applications send user-created credentials for authentication, so usernames and passwords couldn't have been intercepted either. NordVPN originally told Bloomberg only an estimated 50 to 200 customers were using the affected VPN server. However, the company has backtracked on that statement. It's impossible to tell exactly as such data fare not exist. Numbers, reported by Bloomberg is a raw estimate, a Nordvpn spokesperson told PCMag. The company, which is based in Panama, has in total over 12 million customers who can connect over 3,000 different company VPN servers across the globe. Nevertheless, the jade appears to have involved the hacker gaining base access to the Finland-based server. This would have allowed the mysterious attacker to potentially view and modify customer traffic. Although the Finnish data center quietly patched the vulnerability in the same month, the hacker also stole a NordVPN carry layer Security (TLS) key, which was used to encrypt traffic from customer browsers to the company's website and extensions. However, the key was never used to encrypt user traffic on the VPN server, the companion told PCMag. Stealing the TLS key did open the door for what's called a man in the midriff attack, which can exhibit your traffic, unencrypted, to the hacker. But pulling off such a scheme would necessitate additional steps. This could affect creating a blank NordVPN client or website, and then tricking a user into using it. The exposed TLS key also expired in October 2018. As a result, using the key certificate would have eventually displayed a warning on the user's computer about the expiration date. undefined @hexdefined So apparently NordVPN was compromised at some point. Their (expired) private keys have been leaked, import anyone canful just localize up a server with those keys... View image on TwitterView image on TwitterView image on TwitterView image on Twitter 4,225 5:26 am - Oct 20, 2019 Twitter Ads info and privacy 2,920 multitude are talking about this The source of the hack News of the cut first emerged over the weekend when a web developer tweeted that a NordVPN TLS key had been circulating on the internet, largely unnoticed. The stolen key was posted in may 2018 by an anonymous user on the forum 8chan, who also claimed to hold hacked servers at TorGuard and VikingVPN. The same 8chan post also indicates the hacker stole the OpenVPN Certificate Authority (CA) key on gameboard the NordVPN server, which is used to validate the encrypted connections between a VPN server and the user's computer. as a result, the hacker could have used the key to create rogue servers that would have successfully connected to NordVPN's official network. The same rogue servers could also be used for man in the middle attacks to stag on any users who were fooled into connecting to them. In response to these potential dangers, NordVPN told PCMag: even if the hacker could experience viewed the traffic piece being connected to the server, he could see only what an ordinary ISP (internet service provider) would see, but in no way it could be personalized or linked to a particular user. While the finnish data center patched the vulnerability with the remote management system on march 20, 2018, it apparently never notified NordVPN about the problem. NordVPN said it learned of the incident a few months ago. We did not expose the exploit immediately because we had to make sure that none of our infrastructure could be prone to similar issues, the companion said in today's statement. This couldn't be done quickly due to the huge amount of servers and the complexity of our infrastructure. In answer to the hack, NordVPN has terminated the company's take with the Finnish data center. All servers it had been renting from the heart have also been destroyed. even though only 1 of more than 3,000 servers we had at the time was affected, we are not trying to undermine the severity of the issue, the companion added. We failed by contracting an unreliable server provider and should hold done better to ensure the security of our customers. However, the finnish data center is disputing it was at fault. The CEO of Creanova, the third-party server provider, has been telling journalists the cut occured thanks to a remote management tool from either HP or Dell, which canful be logged into online. Creanova's CEO also claims NordVPN specifically requested the creature be installed on the server. Dell's reinforcement page specifically warns the nonpayment login credential on its remote management tool is widely known. Nathan <� < @NathOnSecurity Apparently this is how NordVPN was hacked (Default credentials on an exposed iDRAC web interface) View image on Twitter 669 6:10 pm - oct 21, 2019 Twitter Ads info and privacy 294 people are talking about this In response, NordVPN's spokesperson said: It's not that we didn't know about the solution; we never knew about additional accounts that experience been created and then deleted. The companion also provided a screenshot of the access log for the server. NordVPN response The TorGuard hack As for TorGuard, the company also confirmed on Monday it had suffered a hack. However, no certificate authorisation cay for validating encrypted connections was ever stored on gameboard the affected VPN server. We operate this way so if a worst-case scenario occurs and a VPN server is seized or even compromised, no one can tamper with or decrypt user traffic, or launch Man-in-the-Middle attacks on other TorGuard servers, the companionship said in a statement. It's unclear when the TorGuard cut occurred, but it involved a single server at a third-party provider, which removed the affected hardware in early 2018. The hacker did steal a TLS key for the domain torguardvpnaccess.com, but it has not been valid for the TorGuard network since 2017, the fellowship says. TorGuard said it became aware of the nag in May due to the company's ongoing case over an alleged blackjack attempt from NordVPN over how it found TorGuard server configuration files on the internet. RELATED The Fastest VPNs for 2019 The Fastest VPNs for 2019 What Is a VPN, and Why You need One What Is a VPN, and why You need One How We test VPNs How We trial VPNs Due to the ongoing lawsuit we cannot supply exact details about this specific hosting re-seller or how the aggressor gained unauthorized access, the company said. However, we would like the public to live this server was not compromised externally and there was never a terror to other TorGuard servers or users. The third VPN provider the hacker listed in the hack, VikingVPN, did not immediately respond to a asking for comment. Editor's Note: This story has been updated with more information about how the hacker may have also gained theme access to the affected NordVPN server, which reportedly only had 50 to 200 users. NordVPN is now backtracking on the 50 to 200 users estimate. Additional details make been included about the data center provider.

About HackNotice and VikingVPN

HackNotice is a service that notices trends and patterns in publically available data so as to identify possible data breaches, leaks, hacks, and other data incidents on behalf of our clients. HackNotice monitors data streams related to breaches, leaks, and hacks and VikingVPN was reported by one of those streams. HackNotice may also have the breach date, hack date, the hacker responsible, the hacked industry, the hacked location, and any other parts of the hack, breach, or leak that HackNotice can report on for the consumers of our product.

If you are a user of VikingVPN their products, services, websites, or applications and you were a client of HackNotice, monitoring for VikingVPN you may have been alerted to this report about VikingVPN . HackNotice is a service that provides data, information, and monitoring that helps our clients recover from and remediate data breaches, hacks, and leaks of their personal information. HackNotice provides a service that helps our clients know what to do about a hack, breach, or leak of their information.

If VikingVPN had a transgress of consumer data or a data leak, then there may be additional actions that our clients should take to protect their digital identity. Data breaches, hacks, and leaks often top to and cause identity theft, account take overs, ransomware, spyware, extortion, and malware. account takeovers are often caused by credential reuse, watchword reuse, easily guessed passwords, and are facilitated by the sharing of billions of credentials and other customer information through data leaks, as the direct outcome of data breaches and hacks.

HackNotice monitors trends in publically available data that indicates tens of thousands of data breaches each year, along with billions of records from data leaks each year. On behalf of our clients, HackNotice works to monitor for hacks that direct to depress client certificate and digital identities that experience been exposed and should be considered vulnerable to attack. HackNotice works with clients to describe the extent that digital identities have been exposed and provides remediation suggestions for how to handle each type of exposure.

HackNotice monitors the hacker community, which is a network of individuals that share data breaches, hacks, leaks, malware, spyware, ransomware, and many other tools that are often used for financial fraud, account take overs, and further breaches and hacks. HackNotice monitors the hacker community specifically for breaches, hacks, and data leaks that ache consumers. HackNotice applies industry specific knowledge and advanced security practices to monitor for trends that indicate breaches, hacks, and exposed digital identities.

HackNotice also enables clients to part nag notices with their friend, family, and collogues to help increase sentience around alleged hacks, breaches, or data leaks. HackNotice workings to provide clients with sharable reports to assist increase the surety of our clients personal network. The security of the people that our clients interact with directly impacts the level of surety of our clients. Increased exposure to accounts that make been taken over by hackers leads to further account take overs through phishing, malware, and other attach techniques.

If you found this cut observation to live helpful, then you may be interested in reading some additional cut notices such as:

red of corporate information such as trade secrets, sensitive corporate information, and details oto 14% by the Verizon 2013 data breach Investigations Report. The external threat category includes f attempts, ultimately a motivated attacker will likely chance a way into any given network. There are

Hamlin & Burton Liability Management, Inc.

Princeton Insurance Agency

Port Orange Stops Online Payments Due to Possible hack - News 13