Penetration By The NSA etc

[Bawheed2017 0]

Dear All,

 

With all of the Vault 7 stuff etc, how can AIR VPN be sure that it has not been hacked by the NSA or one of these other organisations?

 

Do you routinely check for any intrusion or tampering with your network?

 

Apologies if I'm not using the right terms but I'm not an IT person.

 

Kind Regards,

 

 

[drkucho 1]

Just saw an article about VPN bugs, thought it could be an answer in this topic. Here's the link

https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/

[Keksjdjdke 35]

Just saw an article about VPN bugs, thought it could be an answer in this topic. Here's the link

https://guidovranken.wordpress.com/2017/06/21/the-openvpn-post-audit-bug-bonanza/

All the bugs he reported have been fixed in 2.4.3

https://community.openvpn.net/openvpn/wiki/VulnerabilitiesFixedInOpenVPN243

[serenacat 83]

Even without various "buggers'' escaping/stolen from warehouse storage as per Vault7, as the owner of a Chinese laptop (Lenovo) and a Chinese mobile (Motorola/Lenovo), I ponder how the NSA can install or run anything  on my systems without it potentially being captured and "turned" by Chinese "buggers" hiding in the firmware or Lenovo Companion system updates or Android updates (customised by OEMs). And similarly with the sneaky malware getting through the Google Play Store apps, even without rooting the phone or using other repositories, probably some apps from India and Russia, and for sale to their governments for a better price than running a ransomware operation with all sorts of people after you.

So creating or leaving undisclosed back doors and broken windows by one "agency" (can't  always blame the Yankers) invites a crowd of gatecrashers that can start stealing from and fighting each other in peoples pockets and houses and workplaces.

[strujus 1]

There (are) will be shell companies of CIA/NSA and other interested parties. Various internet and software giants who has a good customer record, and decades of operations in the market, opening their doors or selling themselves to government. Who on earth would suspect "Norton Antivirus is being operated by CIA scenario" A lot good aged software companies can easy be infiltrated. I'm no geek, but how about ultimate prize, freaking windows itself, everyone wants to collaborate in preventing another 911. I most certainly would help.

 

Here have at it, this is a backdoor to every computer on planet, work on it, trace the bad guys, collect all data you want, for as long as you need. This is a ultimate victory to any agency. I think that any VPN is a big illusion, it's only good for small caliber schmucks. Like me who sent fuck you letter to ISP because rats wouldn't stop sales call spam.

[Lonesome Joe 1]

Maybe this could answer some questions some folks have.https://www.schneier.com/blog/archives/2017/07/zero-day_vulner.html.

 

https://tech.slashdot.org/story/17/08/05/236227/the-nsa-intercepted-microsofts-windows-bug-reports

[stracciatella 1]

Norton and McAfee are used by the US National Security Agency and the CIA, as I read.

You cannot rely on proprietary software, ever.

[XX3S 0]

Quote Bawheed2017:

 

 

Dear All,

 

With all of the Vault 7 stuff etc, how can AIR VPN be sure that it has not been hacked by the NSA or one of these other organisations?

 

I guess that, at the end of the day, you cannot be completely sure.

 

That said, the NSA could probably not monitor a VPN service in detail by mass surveillance measures, but would have to start targeted attacks to infiltrate its systems.

But NSA and co. are usually much more parsimonious when it comes to active targeted attacks than when it comes to "passive" mass surveillance; and typically they use "secret weapons" only against high value targets. (The more often you use a secret attack vector, the higher is the risk that it will be discovered.)

There are dozens if not hundreds of VPN companies out there, and I think it is unlikely hat they try to hack them systematically, unless perhaps they have a special reason in a special case.