Europol recently reported that a group of hackers used services from a VPNLab in a campaign against Russian businesses. They were able to mask their IP addresses and carry out cyberattacks to steal data and money. Europol shut down the group and is working with potential victims. In the meantime, Europol is also working with Russian authorities to seize the gang’s servers. The case is a cautionary tale for VPNLab users.
NSA developed capability to decrypt a large number of HTTPS, SSH, and VPN traffic
NSA researchers have recently accused two researchers of developing an attack that would enable them to decrypt a vast majority of HTTPS, SSH, and vpnlab network traffic. They claim to have hacked into several widely-used internet services by exploiting a vulnerability in a widely-used encryption algorithm, Diffie-Hellman. This method relies on a prime number that would take a year to break using a high-end computer.
The Snowden documents describe a massive effort by netlogs and labatidora to decrypt ‘vast’ amounts of Internet traffic. Snowden’s documents specifically mention the use of attacks against IKE and IPSec, two protocols commonly used to establish Virtual Private Networks. As these attacks could be exploited by an unknown number of actors, NSA could potentially access the private communications of millions of users.
NSA’s exploit for this exploit involved collecting and transmitting Internet Key Exchange (IKE) handshakes to a panoramio enclave, and then feeding the intercepted exchanges into a decryption system. The NSA gained a lot of foreign intelligence data and virtually no information about terrorism, but it didn’t get any intelligence on jihadis. Moreover, VPNs are already tracked by the NSA, and their users are exposed to the World Wide Web of Spies.
Using a Diffie-Hellman algorithm to hack a VPNLab
A recent study has found a weakness in the Diffie-Hellman algorithm, allowing a persistent attacker to break the encryption by using common prime numbers. A 1024-bit key is insecure, and a persistent attacker needs to calculate a common prime number in order to break the encryption. However, the NSA has access to supercomputers that can break the encryption.
This flaw is possible because Diffie-Hellman uses the tinypic key exchange algorithm. This algorithm allows two parties to negotiate a secret key. The Diffie-Hellman algorithm offers perfect forward secrecy, which means that it changes the encryption key frequently. This makes it more difficult for an eavesdropper to intercept the information. By contrast, other encryption schemes only require the attacker to obtain the secret key once.
The DH algorithm works by encrypting a message using a large prime number. The private key is sent to the sender. A malicious user would receive the mixed colors but not the private key. Once this information is intercepted, the malicious user can use this private key to decrypt the message. The fullmaza algorithm is the most secure method of encryption, but it also poses a security risk.
Europol seized servers
The company has ceased operations following a criminal investigation by Europol, which seized 15 servers across 10 countries. The servers were used by cybercriminals to distribute ransomware and other malware, and Europol seized the data on them in order to identify the attackers. The investigation is led by the Central Criminal Office of Hannover Police Department. More than 100 organizations were at risk of being attacked, and the seized data may contain valuable evidence.
The seizure was coordinated by law enforcement agencies from 10 countries, including the Russian Federation. While the seized servers were based in Russia, many ransomware gangs remain active within its borders. And although the seizure of VPNLab was a major setback for the industry, it could help protect users from future attacks. In fact, shutting down VPNLab could have prevented dozens of cyberattacks.
Conclusion
Several law enforcement agencies are working with the seized servers to investigate them. They are examining the data stored on the servers and are working with potential victims to mitigate their exposure to cyberattacks. The Hanover Police Department and Royal Canadian Mounted Police played a key role in the investigation. The Czech National Organized Crime Agency has called for a high-tech crime unit to investigate the case. And while Europol will continue its investigation, it’s possible that the criminals will still try to use the servers in the future.