[German]The servers of the VPN providers like NordVPN, VikingVPN and TorGuard, were hacked. The attackers stole and published the private keys of the certificates used to secure the web servers and VPN configuration files.
Advertising
Over the weekend, the security researcher @hexdefined published a tweet indicating that NordVPN had been hacked.
So apparently NordVPN was compromised at some point. Their (expired) private keys have been leaked, meaning anyone can just set up a server with those keys… pic.twitter.com/TOap6NyvNy
— undefined (@hexdefined) October 20, 2019
The server of this provider was compromised because the private keys for the website certificate are publicly available on the Internet. With the certificates, Drite can read the encrypted communication of a VPN connection.
In addition to the website certificate, a link to an 8chan post was published via the Twitter account of the OpenVPN provider CryptoStorm.is, in which a hacker claimed to have full root access to servers of NordVPN, TorGuard and VikingVPN. This could have allowed the attacker to steal OpenVPN keys and configuration files. CryptoStorm.believes that by stealing these keys, the attacker was able to decrypt traffic at the time of the hack.
NorthVPN has now published this statement on the incident. Server access is expected to have taken place in March 2018 via an insecure remote management system. According to NorthVPN, no customer data was captured. The captured keys are said to have already been invalid at that time. TorGuard has also published a statement which also states that no keys have been lost. Meanwhile, various media such as Techcrunch and Bleeping Computer has reported about this hack.
Advertising
