It turns out that NordVPN isn't the only company which has questions to answer about the nature and timing of the attack. That's interesting, but it's not the end of our date concerns. They knew what they were doing, and they'd been doing it for months, if not longer. The intruder may still have done nothing beyond spending a couple of minutes browsing the server, but it shows this wasn't someone casually playing around one evening, either. Now we can see the hacker compromised NordVPN sometime between January 31st (when the server came online) and March 5th, 2018, and separately attacked TorGuard and VikingVPN, maybe months later. Nothing much to worry about, nothing to see here. The attacker read the messages, went off to look for a few vulnerabilities, reported the results and moved on, all more or less in a day. NordVPN had suggested this all happened on a single day, as a response to an 8chan thread. While that may be true, we would argue that it changes what we know about the motivation for the attack. However, the actual timeline, except this one date, remains the same.' When we pointed this out, NordVPN conceded the error, but claimed this didn't make any significant difference to its account of the attack: 'It seems that we really made a mistake interpreting the date when the discussion started on 8chan. (We know this for sure because the 8chan site indicated 5-3 was a Thursday 3rd of May 2018 was a Thursday, but 5th of March was a Monday.) The 8chan discussion started on 5-3-2018, yes, but that's the US month-day-year format (3rd May), not European day-month-year (5th March), as NordVPN initially believed. That's interesting, but there's some confusion over times. Later our configuration was changed, so the config file would have looked differently.' The exposed configuration file indicated the attack happened on the same day, the company went on: 'March 5th was the last day when such configuration file existed. NordVPN initially told us: 'We believe that the discussion on 8chan was the cause for someone to start looking for vulnerabilities of different VPN service providers, and that discussion started on March 5th.' When did the hack occur, then? That's where the picture gets murky. NordVPN's details didn't include any dating information. That's either a very speedy hack, or the user already knew the vulnerability for each provider. That suggests the user hadn't just found these somewhere, or got them from someone else he saw the thread and grabbed live server information almost immediately. Scanning the text, we noticed the VikingVPN (opens in new tab) and TorGuard (opens in new tab) links appeared to show session connection times and some file information from Thursday May 3rd, the day the 8chan discussion began. Mullvad and cryptostorm got an approving 'good choice!', but NordVPN, TorGuard and VikingVPN got a 'lol, no', with links to evidence showing hacked server details from each provider: configuration files, private keys, basic session details and more. On May 3rd, 2018, a user on the 8chan message board started a discussion (opens in new tab) asking for VPN recommendations, and other users began adding their favorites: NordVPN, Mullvad, TorGuard, VikingVPN, cryptostorm and more.Īt 20:46, another user made a post commenting on these suggestions.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |