Internet privacy and security course
Aa font
AA font size
20
About translation
Previous Next

Chapter 82

How hackers and security services hack VPN

All of you are well aware that using a VPN prevents the interception of valuable data at the Wi-Fi level, therefore while using public Wi-Fi VPN is a fundamental security tool. If you are connecting Wi-Fi without VPN in public places, I'm afraid this course will not be able to help you.

Probably, the weak security of Wi-Fi routers in general is not news for you, that is why you use VPN at home as well. If so, that is great and you are absolutely right.

Advice

I will never give up repeating: use VPN always and everywhere.

Today we will play a role of a hacker who was ordered to hack a Wi-Fi router in the victim’s apartment. The victim is very advanced and uses a VPN. All we can see is just encrypted Internet traffic going somewhere in the Netherlands.

For sure we can find out which devices are connected to the router and when, but the customer is waiting for access to the victim’s accounts on a number of sites of interest. We have already prepared exact copies of these sites and are looking forward to the victim, but still the same damned VPN does not leave us a chance to redirect them there.

If our victim had a wife who would connect to this router without a VPN, you could compromise her computer and there you could already turn on the apartment's wiretap through the microphone, view the perimeter through the camera, eventually try to get through the email from the wife or shared flash drive to working computer of the person of interest. But our victim has set up security for his wife as well, at least, all devices connect to Wi-Fi only via VPN (even mobile phones).
 
This is a very correct approach, it is necessary to configure the security of all devices in the apartment, and not just your working computer. And this greatly complicates the life of hackers.

Advice

Configure the protection of all devices in your accommodation, for example in the apartment.
 

VPN is an insurmountable obstacle, and at any cost it is necessary to get rid of it. On the victim's device there is a software that creates a secure channel with a VPN server, and we have no access to the device. Still there is an access to a Wi-Fi router. So our victim comes from work, turns on the laptop and finds out that the Internet is not working. He turns on and off the Internet, restarts the application, the operating system, but nothing helps, only then he realizes that the reason is in the VPN. The VPN has broken down and it will not be repaired by accident.

What happened? We blocked it. There are lots of ways to block VPNs, the easiest of which is to add an IP address to the blacklist or block a port (we will talk about VPN blocking methods and, of course, restrictions bypass methods).

But our victim has not read this course and after a while he will connect without a VPN and everything will work. He definitely writes in support of his VPN service, they do not understand him there, they say that everything works for them, they offer to check the firewall and contact the provider … of successful checks and calls.

All traffic is in our hands, but this is not a complete victory. HTTPS remains as another level of encryption, which is not as cryptographic as  AES 256 used in VPN, but still we are unable to cope with it.

We will not decrypt HTTPS, we will carry out a DNS substitution. About the substitution of the DNS and how it protects from the VPN I have already told in this chapter. And this is a victory, as the deed is done, you can transfer data to the customer and unlock the VPN of the victim. Let him use.

What do you need to get out of this chapter? If your VPN suddenly stopped working, it might not be accidental. Take advantage of any other VPN, in any case, do not use it without encryption. It is better to think in advance about a backup VPN in case of force majeure.

Advice

If suddenly your VPN stops working when the Internet is working properly, it can be a targeted attack on you.

The cause may be a problem with a VPN service or a server of your choice, or a regulator (like Roskomnadzor in Russia) added the IP address of your VPN to blackli