Is hacking a VPN a new olympic discipline?
In addition to NordVPN, two other VPN providers apparently hacked servers. This is shown by an old thread at 8chan. Further details about the NordVPN hack are now known.
At the beginning of 2018, a whole series of servers from VPN providers were compromised. Already yesterday we reported that private keys of the provider NordVPN appeared in the network, in the same course apparently also the providers VikingVPN and Torguard were hacked. In all cases cryptographic keys were published.
This is traceable from an old thread in the extremist Imageboard 8chan, which can be accessed via Wayback Machine. There an anonymous discussion participant linked several log files of console sessions at the three providers. At Torguard and NordVPN, the logs also contain private cryptographic keys that match website certificates. Although the information about the hacks was posted in a public forum, it did not attract much attention at the time.
Access to NordVPN via provider’s administration interface
Access to NordVPN via NordVPN has meanwhile reacted to the incident with a statement. According to this statement, the server was accessed via an administration interface of the provider.
The provider is the Finnish company Creanova. In a statement Creanova gave a Bloomberg journalist, the administration interface was either HP iLO or iDRAC from Dell. Such administration interfaces are common with servers, but they are usually not directly accessible on the Internet.
NordVPN claims that they knew nothing about this interface. Creanova, on the other hand, blames NordVPN. Security-conscious customers could therefore ask the company to outsource appropriate administration interfaces to private networks. Provider’s administration interface.
NordVPN had been aware of the incident for several months
According to NordVPN, it learned of the incident a few months ago, but apparently decided not to inform its customers for the time being. “We did not publish this exploit immediately because we wanted to make sure that none of our infrastructure was vulnerable to similar problems,” writes NordVPN. Torguard has also issued a statement on the incident. The vendor points out that the keys of their own certification authority are not affected by the incident. The private key belongs to a website certificate for a proxy server. This has not been used since 2017.
There is no public statement about VikingVPN yet. My request remained unanswered so far. Let’s just hope that VPN Hacking will not continue.