A Virtual Private Network (VPN) was made to serve as a way for Internet users to securely encrypt your online communications from being compromised. With its main purpose of keeping your data from being hacked by outsiders looking to peer in to your network, it raises the question, “If you depend on it to safeguard your data, can a VPN be hacked in itself?”
To answer this question, let’s briefly look at how a VPN works:
A VPN is a point-to-point connection between you (aka. whatever device you’re on) and the data centre or the VPN. When you surf the web on a VPN connection, your information on the Internet gets packeted into an encrypted packet which will travel through a tunnel to the VPN. Your Internet Service Provider or government or hackers might be trying to get into this tunnel, but your data travelling through the encrypted tunnel would be protected.
The encryption key which is on the other end of the tunnel will note it as an authorised server, so the key authorises the server with your VPN provider. It will then take the encrypted data packet from the tunnel, decrypt it, and then send it off to the Internet. This process works vice versa with data travelling back to you/your device.
With that said, everything on the Internet is hackable given the time, resources and vulnerabilities in its system. There are two main ways a hacker might be able to compromise a VPN server:
With the first method, a hacker has to break the VPN encryption through previously established vulnerabilities in the system. Even with the most reliable computers, breaking an encryption code is time-consuming and could take years to crack. And that’s if the attackers even had the technology needed to do so.
The second tactic is a preferred alternative among cybercriminals as it involves stealing the encryption key itself. This method can be observed through a real-life case study which was brought to light just last month…
You might have heard the news late last month of a particular popular VPN provider which confirmed it was hacked. And if you didn’t, here’s what happened.
Back in 2018, a server of the VPN provider in Finland was accessed without authorisation via an exploit through remote management software that was left in place by the datacentre. The server was active for about a month with this vulnerability.
VPN providers typically do not own all their servers, but rather rent them in various datacentres around the world.
This datacentre in Finland had left a remote management utility in place. Bearing in mind, these are not things which should be left in place as they are like keys hanging out of a door; when you can get access to that then you have access to the server.
As mentioned from our basic understanding of the use of a VPN’s encryption key, you would understand the crucial role the key plays in keeping your virtual private network, well, private.
In this case, due to the unauthorised access via an attacker who got access to the server, the encryption key was stolen during that month of unauthorised access. With an encryption key being stolen and potentially used somewhere else for other means, the attackers could just repoint the encrypted tunnel to a fake receiving server of their own, thereby compromising your data.
According to Tech Crunch who first reported on the case, when speaking to the white-hat hackers who pointed out the VPN provider’s vulnerability, the researchers said “They spent millions on ads, but apparently nothing on effective defensive security”.
Yes, nothing is without its flaws and vulnerabilities on the Internet. There will always be hackers out there devising new methods and tactics. Everything can be hacked and in fact almost every major company such as Facebook, Google, Instagram, Microsoft and others have been hacked in some form or another.
However, what is important is the preventive measures the company is vigilantly taking for their users and customers, as well as the steps they take to address a breach rather than brushing it under a rug.
For the case of VPNs, VPNs too can be hacked. Although it does take some considerable effort to do so given the technological demand of it. With that said, the chances of getting hacked when you are not using a VPN is still higher than if you are using a VPN. Always choose a VPN service who is concerned for the safety of their subscribers, keeps no logs, and practices transparency with their users.
More like this