"We operate this way so if a worst-case scenario occurs and a VPN server is seized or even compromised, no one can tamper with or decrypt user traffic, or launch Man-in-the-Middle attacks on other TorGuard servers," the company said in a statement. However, no Certificate Authority key for validating encrypted connections was ever stored on board the affected VPN server. "We failed by contracting an unreliable server provider and should have done better to ensure the security of our customers."Īs for TorGuard, the company also confirmed today it had suffered a breach. "Even though only 1 of more than 3,000 servers we had at the time was affected, we are not trying to undermine the severity of the issue," the company added.
All servers it had been renting from the center have also been destroyed. In response to the breach, NordVPN has terminated the company's contract with the Finnish data center. "This couldn't be done quickly due to the huge amount of servers and the complexity of our infrastructure." "We did not disclose the exploit immediately because we had to make sure that none of our infrastructure could be prone to similar issues," the company said in today's statement. NordVPN said it learned of the incident a few months ago. While the Finnish data center patched the vulnerability with the remote management system on March 20, 2018, it apparently never notified NordVPN about the problem. In response to these potential dangers, NordVPN told PCMag: "Even if the hacker could have viewed the traffic while being connected to the server, he could see only what an ordinary ISP (internet service provider) would see, but in no way it could be personalized or linked to a particular user." If you happen to connect to the rogue server, the hacker would be able to see all your traffic as well. As a result, the hacker could have used the key to create rogue servers that would have successfully connected to NordVPN's official network. The same 8chan post also indicates the hacker stole the OpenVPN Certificate Authority (CA) key on board the NordVPN server, which is used to validate the encrypted connections between a VPN server and the user's computer. In other words, the mysterious attacker could have briefly viewed and modified all the aggregate traffic on the machine when the breach occurred in March 2018. What's troubling about the 8chan post is how it indicates the hacker gained root access to the affected NordVPN server. The stolen key was posted in May 2018 by an anonymous user on the forum 8chan, who also claimed to have breached servers at TorGuard and VikingVPN. News of the breach first emerged over the weekend when a web developer tweeted that a NordVPN TLS key had been circulating on the internet, largely unnoticed. Their (expired) private keys have been leaked, meaning anyone can just set up a server with those keys. So apparently NordVPN was compromised at some point.
As a result, using the key certificate would have eventually displayed a warning on the user's computer about the expiration date. The exposed TLS key also expired in October 2018. It would require the creation of a dummy NordVPN client or website, and then tricking a user into using it, which ultimately would have only victimized one computer.
But pulling off such a scheme wouldn't necessarily be easy. Stealing the TLS key did open the door for what's called a "man in the middle attack," which can expose your traffic, unencrypted, to the hacker. However, the key was never used to encrypt user traffic on the VPN server, the company told PCMag. "None of our applications send user-created credentials for authentication, so usernames and passwords couldn't have been intercepted either."Īlthough the Finnish data center quietly patched the vulnerability in the same month, the hacker stole a NordVPN Transport Layer Security (TLS) key, which was used for encryption over the company's website and extensions. NordVPN has a strict policy against keeping user traffic logs, so "the server itself did not contain any user activity logs," it said. "The attacker gained access to the server by exploiting an insecure remote management system left by the data center provider while we were unaware that such a system existed," NordVPN said in a Monday statement. In the case of NordVPN, the breach occurred in March 2018 at a Finnish data center from which NordVPN was renting servers.
Torguard vs nordvpn software#
Best Hosted Endpoint Protection and Security Software.
0 kommentar(er)
