{"id":11590,"date":"2019-10-22T19:36:34","date_gmt":"2019-10-22T17:36:34","guid":{"rendered":"http:\/\/159.69.82.204\/win\/?p=11590"},"modified":"2022-11-04T11:56:36","modified_gmt":"2022-11-04T10:56:36","slug":"vpn-anbieter-wie-nordvpn-und-torguard-wurden-gehackt","status":"publish","type":"post","link":"https:\/\/borncity.com\/win\/2019\/10\/22\/vpn-anbieter-wie-nordvpn-und-torguard-wurden-gehackt\/","title":{"rendered":"VPN provider like NordVPN and TorGuard hacked"},"content":{"rendered":"<p><img loading=\"lazy\" decoding=\"async\" style=\"float: left; margin: 0px 10px 0px 0px; display: inline\" src=\"https:\/\/www.borncity.com\/blog\/wp-content\/uploads\/2015\/01\/Schutz.jpg\" width=\"40\" align=\"left\" height=\"47\">[<a href=\"https:\/\/www.borncity.com\/blog\/2019\/10\/22\/vpn-anbieter-wie-nordvpn-und-torguard-wurden-gehackt\/\" target=\"_blank\" rel=\"noopener noreferrer\">German<\/a>]The servers of the VPN providers like NordVPN, VikingVPN and TorGuard, were hacked. The attackers stole and published the private keys of the certificates used to secure the web servers and VPN configuration files.<\/p>\n<p><!--more--><\/p>\n<p>Over the weekend, the security researcher @hexdefined published a tweet indicating that NordVPN had been hacked. <\/p>\n<blockquote class=\"twitter-tweet\">\n<p lang=\"en\" dir=\"ltr\">So apparently NordVPN was compromised at some point. Their (expired) private keys have been leaked, meaning anyone can just set up a server with those keys&#8230; <a href=\"https:\/\/t.co\/TOap6NyvNy\">pic.twitter.com\/TOap6NyvNy<\/a><\/p>\n<p>\u2014 undefined (@hexdefined) <a href=\"https:\/\/twitter.com\/hexdefined\/status\/1185864801261477891?ref_src=twsrc%5Etfw\">October 20, 2019<\/a><\/p><\/blockquote>\n<p><script async src=\"https:\/\/platform.twitter.com\/widgets.js\" charset=\"utf-8\"><\/script> <\/p>\n<p>The server of this provider was compromised because the private keys for the website certificate are publicly available on the Internet. With the certificates, Drite can read the encrypted communication of a VPN connection.<\/p>\n<p>In addition to the website certificate, a <a href=\"https:\/\/twitter.com\/cryptostorm_is\/status\/1186097950327476224\" target=\"_blank\" rel=\"noopener noreferrer\">link to an 8chan post<\/a> was published via the Twitter account of the OpenVPN provider <a href=\"https:\/\/cryptostorm.is\/\" target=\"_blank\" rel=\"noopener noreferrer\">CryptoStorm.is<\/a>, in which a hacker claimed to have full root access to servers of NordVPN, TorGuard and VikingVPN. This could have allowed the attacker to steal OpenVPN keys and configuration files. CryptoStorm.believes that by stealing these keys, the attacker was able to decrypt traffic at the time of the hack.<\/p>\n<p>NorthVPN has now published <a href=\"https:\/\/nordvpn.com\/de\/blog\/official-response-datacenter-breach\/\" target=\"_blank\" rel=\"noopener noreferrer\">this statement<\/a> on the incident. Server access is expected to have taken place in March 2018 via an insecure remote management system. According to NorthVPN, no customer data was captured. The captured keys are said to have already been invalid at that time. TorGuard has also published <a href=\"https:\/\/web.archive.org\/web\/20201209013439\/https:\/\/torguard.net\/blog\/why-torguards-network-is-secure-after-an-isolated-2017-server-breach\/\" target=\"_blank\" rel=\"noopener noreferrer\">a statement<\/a> which also states that no keys have been lost. Meanwhile, various media such as <a href=\"https:\/\/techcrunch.com\/2019\/10\/21\/nordvpn-confirms-it-was-hacked\/\" target=\"_blank\" rel=\"noopener noreferrer\">Techcrunch<\/a> and <a href=\"https:\/\/web.archive.org\/web\/20220910072822\/https:\/\/www.bleepingcomputer.com\/news\/security\/hacker-breached-servers-belonging-to-multiple-vpn-providers\/\" target=\"_blank\" rel=\"noopener noreferrer\">Bleeping Computer<\/a> has reported about this hack.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>[German]The servers of the VPN providers like NordVPN, VikingVPN and TorGuard, were hacked. The attackers stole and published the private keys of the certificates used to secure the web servers and VPN configuration files.<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[580],"tags":[69],"class_list":["post-11590","post","type-post","status-publish","format-standard","hentry","category-security","tag-security"],"_links":{"self":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/11590","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/comments?post=11590"}],"version-history":[{"count":0,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/posts\/11590\/revisions"}],"wp:attachment":[{"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/media?parent=11590"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/categories?post=11590"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/borncity.com\/win\/wp-json\/wp\/v2\/tags?post=11590"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}