I, like all IT professionals, have given advice on VPNs (virtual private networks) and which one to use. This article, posted on Bleeping Computer about a hacker breaching servers belonging to multiple VPN providers brings up a good point in why I try to be agnostic about operating systems, software, hardware and protection software security tools. Full disclosure: I almost became a NORDVPN reseller but changed my mind because of situations such as this. Your reputation can be locked in with a vendor; good, bad or ugly.
I made a recommendation based on testing from reputable sources and looked into reselling because of the testing I’d done. However, we only know what information is available at the time.
It has come out that this breach happened approximately eighteen months ago. The found out about it a few months later in May, TorGuard and VikingVPN were also breached in 2017.
Is Your Company VPNs Secure?
Which brings us to today. The breaches were revealed to the public because of a dispute between TorGuard and NORDVPN in court, and because of backlash from InfoSec professionals after NORDVPN posted a tweet that read, “Ain’t no hacker can steal your online life. (If you use VPN). Stay safe.” The tweet was misleading because it made the public believe VPNs can protect you from identity thieves. To their credit, NORDVPN took the tweet down.
To boil this down to laymen’s terms, (experts don’t crucify me for my pedestrian explanation;) VPNs act as tunnels, protecting the connection between you and your destination. If you go to www.disney.com you are protected because your traffic from your computer (if that is where you have the VPN, some have VPN active on their routers) to the site can’t be viewed because you using the VPNs encrypted tunnel to traverse the Internet.
They act like a second ISP, most VPN providers (verify which do or don’t) keep logs, activities, user IDs or personal information on the traffic that flows through its tunnel.
However, whatever information you share with www.disney.com sites can be breached or in most cases, you give permission for sites to read all the cookies you store allowing them access to your travels.
So what was stolen in the NORDVPN case was the private keys which make up the encryption for the VPN tunnels. The keys have since expired.
Security online or in the real world is a layered approach. You don’t put all your trust in locks? VPNs are one layer in that plan. You have to know the real limitation to every layer and act accordingly. Stay Aware, Stay Safe. #BeCyberSmart
WareGeeks Solutions is a Roselle, New Jersey-based complete IT consultant and solutions provider. We specialist in Data Protection, specifically Business Continuity and Disaster Recovery (#BCDR). We work with medium and large law firms and in the healthcare industry. If you have IT or security questions contact Seth at WareGeeks Solutions. For information or a consultation, call (877) 653-7146, or email us at email@example.com. www.waregeeks.com