Vpn services: virtual private network or virtually private network?

VPN, or Virtual Private Network is a method in which users use a sort of, private network extended through a public network to exchange data as if they were connected into a private network. Therefore, those that enjoy the benefit from the functionality, security and management of a private network will find many uses for a VPN. A good thing to note is that encryption, though common, is not necessarily part of a VPN connection.

With the rise of Geo-Restrictions and censorship that has extended its ugly reach into the Internet, private VPN providers seem to be on the rise, with VPN advertisements becoming almost as frequent as all those available singles in areas near you, and for good reason, some would say. VPN allows users to bypass certain websites that are censored in some countries, and would allow those annoying videos on youtube that are "not available in your country" to be finally be viewed.

That said however, almost a week ago, the news spread that one of the biggest VPN service providers got hacked.

Following the rumors of leaked expired TLS certificates of NordVPN and the eventual public announcement verifying that indeed there was a data breach, the VPN service providers have fallen under harder scrutiny. According to one article by VPN Service the story started shortly after NordVPN's twitter posted the following line: "Ain’t no hacker can steal your online life (if you use VPN). Stay safe". To the surprise of nobody ever, a few hours later a hacker posted hacks on NordVPN and VikingVPN on 8chan.

The story was covered by many outlets, including PCMag, TechCrunch, VPN Service and CPO magazine, whose articles are linked so that you may read more on the story. What they all agree on however, is that the companies seem to have things under control, and that the attack was focused on a single server  based off of Finland, which the affected companies assure us that they have since then stopped working with the server provider.

All companies affected assure us that they do not keep logs and as such no personal information was leaked, though according to CPO magazine, certain IT experts claim, that is not necessarily the case.

Though the TLS certificates that were hacked have expired since about 2018, it was possible for someone to potentially use them to lure users into false websites that could potentially expose the users to a more serious attack. According to VPN Service, there are indeed screenshots of a user posting up a server that led to an empty page that simply read "This is not NordVPN" which was promptly taken down by NordVPN.

A week later, things seem to have calmed down, and it is safe to say that the issue is resolved. However the obvious implications this has, as well as the, now strong, evidence that even VPN services are not unassailable have led to the companies being under close scrutiny. 

According to some sources the hack took place around May of 2018, which brings up the question why are we only learning about this now and whether or not the silence was due to the ongoing investigation or perhaps an attempt to keep the story on a down low. 

Whatever the case, it seems that no personal info was leaked, as far as we know, and that ultimately more and more people are taking a harder more serious look into what the VPN companies are up to. 

For me, this news marks a "new era" for the VPN companies. As seen with the anti virus companies, I feel that it is only a matter of time until news like this crop up more often than we are used to. With the VPN companies already started to compete against each other, often going as far as posting security risks the other companies have.

As we have seen with the Anti-Virus shenanigans, it will not surprise me if the VPN companies start hiring successful hackers to have them secure their own product while throwing attacks at the other companies. 

I mean, lets be honest with ourselves, its a competitive market out there on the Internet and this is to be expected.  

At the end of the day, as long as our personal data remain unspoiled in whatever turf war this might be the herald of, I am fine with. One thing is for sure however: there is no such thing as 100% risk free internet.