aum Posted October 21, 2019 Share Posted October 21, 2019 NordVPN, a virtual private network provider that promises to “protect your privacy online,” has confirmed it was hacked. The admission comes following rumors that the company had been breached. It first emerged that NordVPN had an expired internal private key exposed, potentially allowing anyone to spin out their own servers imitating NordVPN. VPN providers are increasingly popular as they ostensibly provide privacy from your internet provider and visiting sites about your internet browsing traffic. That’s why journalists and activists often use these services, particularly when they’re working in hostile states. These providers channel all of your internet traffic through one encrypted pipe, making it more difficult for anyone on the internet to see which sites you are visiting or which apps you are using. But often that means displacing your browsing history from your internet provider to your VPN provider. That’s left many providers open to scrutiny, as often it’s not clear if each provider is logging every site a user visits. For its part, NordVPN has claimed a “zero logs” policy. “We don’t track, collect, or share your private data,” the company says. But the breach is likely to cause alarm that hackers may have been in a position to access some user data. NordVPN told TechCrunch that one of its data centers was accessed in March 2018. “One of the data centers in Finland we are renting our servers from was accessed with no authorization,” said NordVPN spokesperson Laura Tyrell. The attacker gained access to the server — which had been active for about a month — by exploiting an insecure remote management system left by the data center provider, which NordVPN said it was unaware that such a system existed. NordVPN did not name the data center provider. “The server itself did not contain any user activity logs; none of our applications send user-created credentials for authentication, so usernames and passwords couldn’t have been intercepted either,” said the spokesperson. “On the same note, the only possible way to abuse the website traffic was by performing a personalized and complicated man-in-the-middle attack to intercept a single connection that tried to access NordVPN.” According to the spokesperson, the expired private key could not have been used to decrypt the VPN traffic on any other server. NordVPN said it found out about the breach a “few months ago,” but the spokesperson said the breach was not disclosed until today because the company wanted to be “100% sure that each component within our infrastructure is secure.” A senior security researcher we spoke to who reviewed the statement and other evidence of the breach, but asked not to be named as they work for a company that requires authorization to speak to the press, called these findings “troubling.” “While this is unconfirmed and we await further forensic evidence, this is an indication of a full remote compromise of this provider’s systems,” the security researcher said. “That should be deeply concerning to anyone who uses or promotes these particular services.” NordVPN said “no other server on our network has been affected.” But the security researcher warned that NordVPN was ignoring the larger issue of the attacker’s possible access across the network. “Your car was just stolen and taken on a joy ride and you’re quibbling about which buttons were pushed on the radio?” the researcher said. The company confirmed it had installed intrusion detection systems, a popular technology that companies use to detect early breaches, but “no-one could know about an undisclosed remote management system left by the [data center] provider,” said the spokesperson. “They spent millions on ads, but apparently nothing on effective defensive security,” the researcher said. NordVPN was recently recommended by TechRadar and PCMag. CNET described it as its “favorite” VPN provider. It’s also believed several other VPN providers may have been breached around the same time. Similar records posted online — and seen by TechCrunch — suggest that TorGuard and VikingVPN may have also been compromised. A spokesperson for TorGuard told TechCrunch that a “single server” was compromised in 2017 but denied that any VPN traffic was accessed. TorGuard also put out an extensive statement following a May blog post, which first revealed the breach. Source Link to comment Share on other sites More sharing options...
Matrix Posted October 22, 2019 Share Posted October 22, 2019 NordVPN has confirmed that one of its servers was compromised in a hack early last year. The attacker gained access to a TLS encryption key which could be used to impersonate the NordVPN.com site or a VPN server, using a targeted man-in-the-middle attack. The key could not be used to decrypt regular VPN traffic. VPN service provider NordVPN was the victim of a server breach early last year, the provider has confirmed. The news was made public following a series of tweets from hacker / web developer ‘undefined.’ These were picked up by Ars Technica and TechCrunch, among others. The hack in question targeted a single server at a third-party datacenter. The attacker reportedly compromised the server by exploiting an insecure remote management system, which NordVPN wasn’t aware existed at the time. By compromising the server the attacker gained access to three TLS keys that would allow this person to operate a fake NordVPN.com site or VPN server, using a man-in-the-middle attack. NordVPN stresses that it doesn’t keep user logs and that it wasn’t possible to use the keys to decrypt regular VPN traffic or previously recorded VPN sessions. The server in question was compromised early 2018 but NordVPN didn’t disclose it at the time. The company now says that it chose not to do so because it had to make sure that none of its other infrastructure was prone to similar issues. Following the news reports, NordVPN published its own account of what happened and how this affected its users. The company stresses that the breached keys have since expired (they were initially active) and could never be used to decrypt VPN traffic of users. While the compromised TLS keys couldn’t decrypt VPN traffic, a server breach is of course always a big event of course. Especially in the VPN industry, where trust in a company is extremely important. That the effect appears to be limited here is a good thing, but that doesn’ change the fact that the server was hacked. While NordVPN stresses that the hack only had a minimal impact, it recognizes that security is a vital issue, and that it should do better going forward. “Even though only 1 of more than 3000 servers we had at the time was affected, we are not trying to undermine the severity of the issue. We failed by contracting an unreliable server provider and should have done better to ensure the security of our customers,” NordVPN says. “We are taking all the necessary means to enhance our security,” the company adds. NordVPN further informs TorrentFreak that it always treats VPN servers as the least secure part of their infrastructure, since breaches are always possible. This means that VPN endpoints do not contain any “vulnerable information,” nor do they provide access to the rest of the infrastructure or a user database. If anything, this episode shows that 100% security is nearly impossible. In addition to the NordVPN hack, competing services TorGuard and VikingVPN also suffered breaches, according to reports. TorGuard previously confirmed this a few months ago. Disclaimer: NordVPN is one of our sponsors. This article was written independently, as all of our articles are. VIEW: Original Article. Link to comment Share on other sites More sharing options...
zanderthunder Posted October 22, 2019 Share Posted October 22, 2019 NordVPN admits it was compromised last year, plans external audit NordVPN, a well-advertised virtual private network (VPN), has admitted that a datacenter in Finland was accessed by attackers in March 2018 and that it only became aware of the fact a couple of months ago. Luckily, the affected server was the only one in NordVPN’s roster to be affected and it didn’t contain any user activity logs and no usernames or passwords would have been obtainable by attackers. The one issue users should be aware of is that a now-expired TLS key was taken at the time of the attack which means that traffic going through that particular datacenter could be intercepted if it wasn’t secured by a HTTPS connection. In response to the breach, the firm has conducted an internal audit of its systems to find issues and plans to launch an independent external audit of its infrastructure next year. Commenting on the issue, Daniel Markuson from NordVPN said: Quote “Even though only 1 of more than 3000 servers we had at the time was affected, we are not trying to undermine the severity of the issue. We failed by contracting an unreliable server provider and should have done better to ensure the security of our customers. We are taking all the necessary means to enhance our security. We have undergone an application security audit, are working on a second no-logs audit right now, and are preparing a bug bounty program. We will give our all to maximize the security of every aspect of our service, and next year we will launch an independent external audit all of our infrastructure to make sure we did not miss anything else.” If you were subscribed to NordVPN around the time of the attack, it’s unlikely that you were affected by the breach but even if you did connect to the Finnish datacenter then your more sensitive site visits were likely made with HTTPS connections, giving you protection from attackers. The revelation from NordVPN only came after the flaw was exposed on Twitter, this means the firm has known about the issue for a while now and has failed to mention it publicly, which raises questions of whether anything else is being hidden. There are many VPN providers out there so you really ought to weigh up what’s available and you’ll probably want to go with one which is quick to alert users to customer facing issues. Source: NordVPN admits it was compromised last year, plans external audit (via Neowin) Link to comment Share on other sites More sharing options...
Arachnoid Posted October 22, 2019 Share Posted October 22, 2019 Link to comment Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.