The last couple of days in the VPN industry have been frantic. On October 21st, TechCrunch broke the staggering news that NordVPN had seen a remote server in Finland breached.
The Panama-based VPN provider confirmed that an attacker had hacked into one of their servers. In March 2018, by gaining access to an encryption key, they experienced a breach. In a blog post accepting the attack’s admission, NordVPN also stated that owing to a stringent no-logs policy. The breached server did not contain any sensitive user data. Moreover, the hack had no impact on the rest of the services offered by NordVPN.
Following the admission of the breach, the cybersecurity realm has been ablaze with specialists. The cybersecurity journalists are pointing fingers at NordVPN. It also includes a small group of individuals questioning the true nature of TechCrunch’s intentions.
The situation has evolved into a giant puddle of accusations, implications, and suspicions on both sides of the spectrum. If you’re an outsider looking in, it’s hard to get an accurate idea of what’s going on, which is where we come into the picture.
What happened exactly?
Although a surface-level reading of the blog post published by NordVPN might seem like a blatant attempt to clear their name. But it does provide a pretty clear image of what went down in March 2018.
More than a year ago, as revealed by NordVPN, the hacking incident took place. An unidentified person gained access to a NordVPN server rented from a third-party data center in Finland. In January 2018, the NordVPN server list added the exploited server.
According to the information provided by the VPN provider, the perpetrator gained access to TLS encryption keys. The VPN service further states that the expired TLS key could be used to attack NordVPN users. It can even lead to a MITM (Man in the Middle) attack.
Moreover, it was brought into light that the attacker was able to access the TLS key through a loophole left behind by the third-party data center. It was in the shape of an insecure remote management system account. According to NordVPN, they were not notified of the exploited user accounts. Instead, the third-party data center had the accounts deleted.
The issue didn’t affect any of NordVPN’s other servers and was isolated to a single data center.
In the same blog post, NordVPN mentions that the incident was brought into the company’s knowledge a “few” months ago. Their immediate response was to sever all ties with the data center and scrubbed off whatever data they had on the third-party data centers.
Do The General Public Know About The Hack Immediately?
The public and existing NordVPN customers weren’t informed of the hack until three days ago. NordVPN states that they immediately ran an internal audit of their infrastructure and didn’t want to notify the public. They first want to ensure that a similar attack could be duplicated elsewhere on their network.
According to the service provider, the audit of over 3000 servers requires time. Hence, the confirmation of the attack took so long to reach the public. At the end of the blog post, NordVPN ensures its readers (and customers ) that it has taken significant measures to increase security. It includes undergoing an application security audit and preparing for a bug bounty program. The company revealed plans to perform an independent external examination of its entire infrastructure.
What does NordVPN’s server breach imply for the company’s future?
Throughout the blog post published by NordVPN, they’ve assured (or at least, tried to) that the server breach did not cause any harm. It is because the VPN provider keeps no logs on their user’s activities.
But, for a company that prides itself on offering “secure and private access to the internet,” the situation does not look too good. The blog post linked above provides users broad information about the hack. But it also raises some critical questions.
People wonder what took the company so long to come through with the admission of the attack—keeping in mind that they’ve always furthered the transparency principles in the VPN industry, having undergone an application security audit at the beginning of October.
Although NordVPN tries to assure the general public that the third-party data center was responsible for the hack. The blog post’s title bearing witness to that, their approach to the whole incident leaves a lot to be desired. Rather than passing the blame along to other ‘third-parties,’ the company should have accepted its mistakes. They should accept that they have kept the public in the dark for such a long time.
It’s also been suspected that the hack would not have been brought out into the open if it weren’t for TechCrunch publishing their article. These articles contain quotes from unnamed cybersecurity researchers. The article states that the company spends millions on ads but nothing on defensive security.
Does TechCrunch have ulterior motives?
From the get-go, TechCrunch has been relentless in its pursuit of the truth about the whole situation. The cybersecurity mag hasn’t missed a single opportunity to point out the loopholes in NordVPN’s infrastructure. The information they released caused quite the storm.
But, as mentioned above, there’s been quite a substantial group of people that believe that TechCrunch has ulterior motives. The most evidence being that TechCrunch, owned by Verizon- a company that released a VPN recently.
We want to urge our readers to treat the situation somewhat, without teaming up against NordVPN or TechCrunch. But, it’s impossible to tell whether TechCrunch has an underlying bias against them. But it’s always in the people’s best interest to do their due research.