![]() NordVPN also immediately launched a thorough internal audit of its servers to check its entire infrastructure, and double-checked that "no other server could possibly be exploited this way." ![]() ![]() How NordVPN addressed the security breach? - After discovering the incident a few months ago, the company "immediately terminated the contract with the server provider" and shredded all the servers NordVPN had been renting from them. To be noted, "the (stolen encryption) keys couldn't possibly have been used to decrypt the VPN traffic of any other (NordVPN) server," the company confirmed. "However, by the evaluation of server loads, this server had around 50-200 active sessions." "We are strictly no-logs, so we don't know exactly how many users had used this server," NordVPN said. In other words, the attack possibly allowed attackers to only capture users' unencrypted data exchanged with non-HTTPS websites, if any, or DNS lookups for some users, and also defeated the purpose of using a VPN service. Join our webinar and learn how to stop ransomware attacks in their tracks with real-time MFA and service account protection. Learn to Stop Ransomware with Real-Time Protection "On the same note, the only possible way to abuse website traffic was by performing a personalized and complicated MiTM attack to intercept a single connection that tried to access ," the company said in its blog post. And if they do it not through this server, they would do it using MiTM," the NordVPN spokesperson told The Hacker News. "Even if the hacker could have viewed the traffic while being connected to the server, he could see only what an ordinary ISP would see, but in no way, it could be personalized or linked to a particular user. Now with some limited encryption keys in hand, attackers might have only decrypted that extra layer of protection coated over the traffic passed through the compromised server, which, however, can not be abused to decrypt or compromise users' HTTPS encrypted traffic. What might attackers have achieved? - Almost every website today use HTTPS to protect its users' network traffic, and VPNs basically just add an extra layer of authentication and encryption to your existing network traffic by tunneling it through a large number of its servers (exit nodes), restricting even your ISPs from monitoring your online activities. Though NordVPN tried to downplay the security incident in its blog post by quoting the stolen encryption keys as "expired," when The Hacker News approached the company, it did admit that the keys were valid at the time of the breach and expired in October 2018, almost 7 months after the breach. However, the company did confirm that the attackers successfully managed to steal three TLS encryption keys responsible for protecting VPN users' traffic routed through the compromised server. What has been stolen? - Since NordVPN does not log activities of its users, the compromised server "did not contain any user activity logs none of the applications send user-created credentials for authentication, so usernames/passwords couldn't have been intercepted either." How did it happen? - The company revealed that an unknown attacker gained access to that server by exploiting "an insecure remote management system left by the datacenter provider while we (the company) was unaware that such a system existed." One such server hosted with a Finland-based datacenter was unauthorizedly accessed on March 2018. What has been compromised? - NordVPN has thousands of servers across the world hosted with third-party data centers. Talk to us for more exciting #STACS updates and releases.Some of the information mentioned below also contains information The Hacker News obtained via an email interview with NordVPN. Project Ubin showcase, with 15- minute STACS/Ubin live demo Registration required.ĥ) Nov 13, Wednesday 240pm - 350pm, Hall 3 Responsible Stage: Live immersive STACS demo will be available. Join our exclusive event with special guest speakers from HSBC, Deloitte, PwC, Standard Chartered on the applications of blockchain in capital markets, and also understand more on how STACS can manage the entire lifecycle of securities on the STACS blockchain. Also understand more about other STACS projects in development with other banks and stock exchanges.Ĥ) Nov 12, 1130am-330pm. MAS Project Ubin main update, with STACS/Ubin 5 min live demoĢ) Nov 11, 2pm, Ubin Pavilion, Hall 3, 3F09:Ĥ5min presentation and live demo of how STACS integrates capital markets participants with the Ubin Payments Networkģ) Nov 11 9am - Nov 13 6pm, STACS booth, Hall 3, 3D07:Ĭome visit us to see live STACS demos of securities lifecycle management on the STACS blockchain, and also STACS-Ubin demos. #STACS Events happening at the Singapore Fintech Fest, Nov 11-13:
0 Comments
Leave a Reply. |