Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
The Internet Crime

Russian Hackers Are Abusing VPNs To Hijack Accounts, US and UK Officials Say (reuters.com) 39

Russian spies accused of interfering in the 2016 U.S. presidential election have spent much of the past two years abusing virtual private networks (VPNs) to target hundreds of organizations worldwide, U.S. and British authorities said on Thursday. Reuters reports: The governments said in a joint advisory that Unit 26165, the arm of Russia's military spy agency whose officers were indicted for allegedly breaking into Democratic Party emails, had been using VPNs and Tor - a privacy-focused network - to conduct "widespread, distributed, and anonymized brute force access attempts against hundreds of government and private sector targets." The advisory did not identify any of the targets by name, saying only that they were mainly in the United States and Europe and included government offices, political parties, energy companies, law firms and media organizations. The National Security Agency (NSA) today also disclosed details of "brute force" methods they say have been used by Russian intelligence to try to break into the cloud services of hundreds of government agencies, energy companies and other organizations.

Earlier this week, law enforcement seized the servers and customer logs for DoubleVPN, a Russian-based VPN service that was reportedly used by cyber criminals to hide their activities while conducting ransomware attacks, phishing campaigns and other malicious hacking operations.
This discussion has been archived. No new comments can be posted.

Russian Hackers Are Abusing VPNs To Hijack Accounts, US and UK Officials Say

Comments Filter:
  • by gurps_npc ( 621217 ) on Thursday July 01, 2021 @08:35PM (#61542484) Homepage

    Now, I like VPNS. They are a great way to give yourself some privacy from a bunch of outright evil corporations. (hashtag, Not all corporations.)

    But this is not abusing VPNs, this is their intended ability, provide privacy. Whether you are honest or dishonest, that is what VPNs do.

    It is like someone were to say criminals were abusing cars to get to a bank, rob it, then drive away at the speed limit. NO. That is what the cars are supposed to do, it is not abuse.

    Instead it is simple criminal USE of the car, or VPN, as the case may be. The criminals are not abusing the VPN any more than they are abusing a web browser. They are using it for it's normal, intended use, it just happens to be being used in the commission of a crime.

    • by phalse phace ( 454635 ) on Thursday July 01, 2021 @09:36PM (#61542602)

      But this is not abusing VPNs, this is their intended ability, provide privacy.

      They are abusing the VPN by violating their terms of use

      DoubleVPN's Term of service state:

      Terms of service of DoubleVPN.com

      Signing up in our service you agree the following rules, otherwise you can't be our client.
      Strictly prohibited:

              — Spam
              — Hacking and other illegal activities
              — Sharing your account with third parties
              — Attempts of hacking into our servers' software

      Violation of these rules will lead to immediate suspension of your account!

      • Yes, it's not fair that the criminals violate ToS in the commission of their crimes. If they're going to be using a VPN to break the law then they should follow the rules like everyone else.

      • They are abusing the VPN by violating their terms of use

        Cyka blyat!

      • This is like indicting someone on a felony gun possession charge after they shoot up a school. If they are going to shoot up a school, it's a lock that they don't give a fuck about the felony weapon charge.

    • "But this is not abusing VPNs, this is their intended ability, provide privacy. Whether you are honest or dishonest, that is what VPNs do."

      Exactly, and log-files are what they do NOT do.

      • Sadly there's an ever increasing incentive to collect logs and simply lie to users about said collection. When a reward for such illegally collected information becomes high enough the payout may be worth the loss of users. Most users won't even notice and/or care though.

    • by gweihir ( 88907 )

      Indeed. It is like with any freedom: It can be used for good and bad.

  • by rtb61 ( 674572 ) on Thursday July 01, 2021 @08:44PM (#61542500) Homepage

    Yes, we know Russian hackers, Chinese hackers, Nigerian hackers, Romania hackers, Ukrainian hackers, American hackers, English hackers, German hackers and the list goes on, are all trying to hack you, which is why you have take all sorts of precautions, yes we know this not a headline.

    You know what though, it looks really fucking stupid and prejudiced when you do shite like this, worked last millennium, is it just starting to make the idiots making those announcements look like arseholes. Shut up Reuters or use a propaganda header and be honest.

    • American hackers, Russian hackers, all from Taiwan!

    • by Frank Burly ( 4247955 ) on Thursday July 01, 2021 @10:29PM (#61542686)
      Xenophobia is a powerful propaganda tool and we should be weary of "othering.", But for fuck's sake, they are describing Russian spies (your hint is in the summary "Russia's military spy agency"), so it is unreasonable to ask that they be referred to as anything other than Russian. Maybe just accept that your government does shitty things. As an American, I can guarantee you'll get over it.
      • by phantomfive ( 622387 ) on Friday July 02, 2021 @12:46AM (#61542840) Journal

        they are describing Russian spies (your hint is in the summary "Russia's military spy agency")

        Assertion made without evidence. Not your assertion, but the article (and the US intelligence agencies) has not given anything close to convincing evidence that these hackers are Russian.

        • I'm not sure why either US or British intelligence would release the specific evidence of Russian involvement--I don't see a benefit to doing so. This is especially true when Russians and American pro-Trumps deny Russian involvement and bad acts even when they are very well established. You convince the convincible, and hope reality reaches the rest eventually.
          • I'm not sure why either US or British intelligence would release the specific evidence of Russian involvement--I don't see a benefit to doing so

            There is every reason to believe that the US intelligence would lie, and that British intelligence would be incompetent. That's what they do.

      • Maybe just accept that your government does shitty things. As an American, I can guarantee you'll get over it.

        That may be the most tragic statement I have read this century.

  • Block off all of Russia. They'll have to send all their internet through Iran.

  • Sit tight, western government are certainly not looking to curtail any more of the few Liberties you have left...
    • Are you QUITE certain the Russians are not trying to corrupt my Precious Bodily Fluids?

      Hmm? They are known for that. Watch those Chinese, too. They want to steal all the IP and "All Your Base Are Belong to Us"

  • by NFN_NLN ( 633283 ) on Friday July 02, 2021 @12:46AM (#61542842)

    > Russian spies accused of interfering in the 2016 U.S. presidential election

    2016 - election hacked by Russians
    2020 - most secure election ever

    https://www.youtube.com/watch?... [youtube.com]

  • we want vpns to be made illegal for the masses.
  • Let's get real (Score:4, Interesting)

    by jtara ( 133429 ) on Friday July 02, 2021 @04:01AM (#61543146)

    Does anyone actually believe that third-party VPNs actually protect anyone's privacy?

    The public gets confuzeled about VPNs. They think they are some cloud service, for watching porn, or BBC iPlayer.

    They are a secure way to link branch offices, securely work-from-home, or browse the Interwebs from a coffee shop through your home router. And there's no cloud service needed.

    Oh, yea, and the silly cloud services for watching Faulty Towers.

  • Next steps - we need to ban VPN and peer-to-peer for the safety of all citizens of the continued glory of free and democratic west.
  • These VPN's probably had backdoors or deliberate programming errors in them per instructed by the NSA.

    "After all, if you encrypt your stuff you probably have something to hide and therefore me, myself and I wanna know about it."
  • I'm sure this will be used as an excuse to try to ban VPNs.

    The international media industry will be ecstatic about that, as well as authoritarian governments.

  • In the USA, there are individuals, political organisations, criminal organisations, & government agencies using guns to commit crimes all over the place. What should they do about it?

"The following is not for the weak of heart or Fundamentalists." -- Dave Barry

Working...