VPN services are designed to protect internet users and their personal data from hackers, snoopers, and other malicious attackers. But what if the VPN service that's supposed to protect gets hacked instead?
It might be ironic, but this is exactly what's been happening recently. Chinese hackers have been launching attacks on several VPN providers all over the world. Some of the attacks targeted popular VPNs, while other hackers picked on small VPN companies.
Although most of these security attacks have been dealt with by resolving the vulnerabilities exploited by hackers, these incidents left VPN users worrying about the safety of their personal data. These attacks got them into wondering whether the VPN they are using is also vulnerable to Chinese hackers.
To better understand this problem, let us take a closer look at the recent Chinese malicious attacks, why they happened, and what has been done to resolve the problem.
Chinese VPN Attacks
Earlier this September, security experts revealed the attacks against two enterprise VPN providers, Fortigate and Pulse Secure. The Chinese state-sponsored attacks were carried out after vulnerabilities in both VPN products were released last month.
The attacks were spearheaded by a group of hackers, known as APT5 or Manganese. This threat group is composed of several subgroups with different tactics and infrastructures. The group has been active since 2007 and has breached several organizations across multiple industries.
APT5 started its attacks in late August by scanning the internet for Fortinet and Pulse Secure VPN servers to exploit their vulnerabilities that were presented during the Black Hat USA security conference. These vulnerabilities, called CVE-2018-13379 and CVE-2019-11510, enable hackers to retrieve files from the VPN server, even without authentication. Using sensitive data collected from these servers, attackers are then able to take over vulnerable devices.
Fortinet's Fortigate VPN has more than 480,000 Fortigate SSL VPN servers all over the world, while Pulse Secure SSL VPN has 42,000 servers available online.
The vulnerabilities were discovered earlier by security researchers from Devcore. Pulse Secure released a patch in April 2019, while Fortinet released theirs in May. However, customers of the two VPN providers reported that they were not aware of the vulnerability or the patch that had to be installed. Not a lot of customers heeded the company’s advice. It is unsure how much data the hackers were able to collect.
This is not the first time that Chinese hackers have attacked VPN servers. In 2015, a Chinese VPN platform called Terracotta hacked into servers used by businesses. The hackers stole bandwidth and computing power from the servers and sold to other cybercriminals.
Can VPNs Be Hacked?
Using a VPN is one of the best ways to protect your online activities and keep your data private. But this protection is useless if your VPN can be easily hacked. How secure is your VPN? Encryption and VPN leaks are the two main factors that determine how secure a VPN connection is.
A VPN works by routing your internet traffic through an encrypted tunnel to another network or device. This virtual tunnel prevents anyone from monitoring your browsing activities, including your internet service provider.
A VPN protects your anonymity and privacy whenever you access the internet. It also ensures the confidentiality of your messages as they pass through the encrypted tunnel to the internet, making sure that your data remains protected and unaltered.
To use your VPN, all you need to do is turn the service on using the VPN client before connecting to the internet. But how can you be sure that your connection is truly secure? We’ll walk you through the different aspects of VPN security and how they affect the overall performance of the service.
VPN services use a protocol to secure and encrypt your personal data. VPN providers usually allow the users to choose from different protocols, including Point to Point Tunnelling Protocol (PPTP), Internet Protocol Security (IPSec), Layer Two Tunnelling Protocol (L2TP), and OpenVPN (SSL/TLS).
A VPN encryption works by turning your readable data into a completely unreadable form, called ciphertext, as it travels through the VPN tunnel. An algorithm defines how the encryption and decryption process is carried out within the VPN protocol. And the level of security of a VPN service has a lot to do with the cryptographic algorithm being implemented within the protocol.
There are three different types of ciphers or algorithms commonly used by VPNs, namely symmetric, asymmetric, and hashing.
Symmetric works simply by using one key to encrypt and decrypt data. Asymmetric encryption, on the other hand, uses two different keys for encrypting and decrypting data. Hashing is a one-way type of encryption that is permanent and irreversible, used mostly to protect the integrity of transmitted information.
How do hackers take advantage of the VPN’s encryption to steal data? There are two ways cybercriminals can hack into a VPN connection: by breaking the encryption or stealing the key.
Cryptographic attacks are carried out by hackers to retrieve plain text from the encrypted data without the key. Unfortunately, breaking the encryption using brute force takes up significant computing power and a lot of time. It might take several years just to break encryption.
Since brute force is not practical, hackers turn to stealing keys to get access to the data. Hackers prefer this method over the complex and time-consuming method of breaking the encryption. Stealing a key is far easier and more successful compared to brute force.
DNS and IP Leaks
Another factor that hackers can take advantage of to get access to your VPN is through VPN leaks. There are two kinds of VPN leaks: DNS and IP leaks.
DNS leaks happen when your internet connection unknowingly uses the unsecured DNS server assigned by your ISP. Because of this, your ISP and other people monitoring your connection are able to see which sites you are visiting and what you’re watching.
IP leaks, on the other hand, happen when your browser leaks your real IP address in the process of transmitting data. Although hackers are not able to access your data with IP leaks, they can trace your actual location and narrow down your identity.
Some VPN companies claim to have a built-in DNS and IP leak protection, but if you want to be sure, you can check it out yourself. There are several websites that help you check whether your VPN has leaks and they are very easy to use.
Is it Still Safe to Use a VPN?
Can VPNs be hacked? The answer is yes. Hackers, in general, are getting creative and smarter in stealing data. Aside from VPN leaks and stealing encryption keys, hackers also take advantage of the VPNs vulnerabilities, such as the case with the APT5 hacking.
So, does it still make sense to use a VPN? Hacking a VPN is possible, but as mentioned above, it will take a lot of time and effort to get access to your VPN connection. As long as you choose a reliable VPN service provider with a built-in anti-leak protection, strong encryption technology, and up to date security patches, you probably don’t have to worry about hackers getting into your connection.