• The biggest spy agencies advise on choosing a VPN

    Home » Forums » Cyber Security Information and Advisories » Code Red – Security/Privacy advisories » The biggest spy agencies advise on choosing a VPN

    Author
    Topic
    #2392633

    The NSA (National Security Agency) and the CISA (Cybersecurity and Infrastructure Security Agency) published a joined paper : Selecting and Hardening Remote Access VPN Solutions

    (VPNs they can tap to and spy on).

    Virtual Private Networks (VPNs) allow users to remotely connect to a corporate network
    via a secure tunnel. Through this tunnel, users can take advantage of the internal
    services and protections normally offered to on-site users, such as email/collaboration
    tools, sensitive document repositories, and perimeter firewalls and gateways. Because
    remote access VPN servers are entry points into protected networks, they are targets
    for adversaries. This joint NSA-CISA information sheet provides guidance on:
    Selecting standards-based VPNs from reputable vendors that have a proven
    track record of quickly remediating known vulnerabilities and following best
    practices for using strong authentication credentials…

    https://theintercept.com/2018/06/25/att-internet-nsa-spy-hubs/

    • This topic was modified 2 years, 5 months ago by Alex5723.
    • This topic was modified 2 years, 5 months ago by Alex5723.
    3 users thanked author for this post.
    Viewing 13 reply threads
    Author
    Replies
    • #2392662

      That is a good find of the government published VPN guidelines.

    • #2392700

      A strong defense encourages stronger attacks. Like the red cap of a toreador provoking a bull. A strong defense means that there is something very valuable kept there deserving to be so defended. Banks with strong vaults have been the preferred targets of master bank rovers, because as a notorious one, Billy Sutton, allegedly explained to journalists once — that he denied saying, but thought he would have said it if asked — “that’s where the money is.”

      So, from time to time. a repeated examination of what is going on “now”, already some time after the previous evaluation of security measures, in this case the procedures to follow when choosing and installing a corporate VPN, is not just a good idea, but an absolute necessity.

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #2392719

      Might it be a good idea to use other glasses to to look at these matters than only the USA-glasses?

      * _ being 20 in the 70's was fun _ *
    • #2392722

      Might it be a good idea to use other glasses to to look at these matters than only the USA-glasses?

      No glasses will help you. USA is the creator of the International spying, tracking, hacking..ring called the 14Eyes. Every member in this ring spies on every citizen and collaborate and exchange data with the others members.

      It is advised to choose non-14eyes country VPN provider but even that comes with a caveat. Every VPN provider has servers installed through out the world including servers under jurisdiction of 14Eyes countries.

      2 users thanked author for this post.
      • #2392734

        OK, so since 14Eyes is an inevitable fact of life and I see as reasonable to expect that it is not going away any time soon, I’ll rather worry then about the rest of the world hackers, spies, thieves, money laundering rings diligently working for the benefit, among other beautiful people, of human traders, and more, much more. There is so much to do and so little time.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

        1 user thanked author for this post.
    • #2392737

      I’ll rather worry then about the rest of the world hackers, spies, thieves, money laundering rings diligently working for the benefit, among other beautiful people, of human traders, and more

      But these are inevitable fact of life too 🙂

      • #2392739

        Alex: “But these are inevitable fact of life too

        So is gonorrhea. But something can be done about it. On non-14Eyes cybersecurity matters, at least there are people employed to take care of those and paid to do it, both for governments and for private companies. And there are also White Hats, groups that do security research, look for bugs in the wild, etc., etc. For all I know, some of them might even know what to do. Maybe that’s the difference.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • #2392784

        Oh, I forgot: Alex, thanks for the link to the “Security Made Simple” article. Its author explains 14Eyes well, clearly and economically: what it is, why it is, what is (or could be) good and bad about it. And why getting VPN from a company not in countries that are part of the “Eyes” agreement maybe a good idea — if one is also a very lucky person, I am inclined to add

        And Snowden still in Russia, isn’t he? Still not keen on setting one foot outside its borders, because he will be grabbed, or even taken out immediately by all those waiting around for him to make a move.

        I suppose that, for the same historical reasons, Russia has its own “xxEyes.” So buying VPN from a company that is part of Russia’s, not so good. But I wonder if there is also a list of the participating countries in the Russian-led one. Otherwise, buying VPN from a country not part of, or working with 14Eyes might not be as good as it seems. Specially if there happened to be nations whose spooks’ agencies (paranoia drum roll here), if they are not part of both “Eyes” agreements (very unlikely), at least work with each (separately?) now and then, or even often.

        It’s an interconnected globalized funny old world, ain’t it?

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

        1 user thanked author for this post.
        • #2393114

          Russia, China.. other dictatorship countries have their own spying… tools.

          • #2393136

            Alex: “other dictatorship countries have their own spying… tools.

            No question in my mind about that.

            And the countries in the 14Eyes list, in that article where you put the link in an earlier comment, are all democracies … Go figure.

            Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

            MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
            Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
            macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

            1 user thanked author for this post.
    • #2393208

      I’ll rather worry then about the rest of the world hackers, spies, thieves, money laundering rings diligently working for the benefit, among other beautiful people, of human traders, and more

      But these are inevitable fact of life too 🙂

      so much for the so called democracies and general knowledge of some dangers,
      wakeup-call??
      https://www.msn.com/en-us/news/politics/pompeo-cia-officials-reportedly-had-discussions-about-kidnapping-or-assassinating-julian-assange/ar-AAOQqM8
      CIA assassinating for the greater good?
      This is even more worrisome
      https://www.securityweek.com/finspy-surveillance-spyware-fitted-uefi-bootkit

      My next phone willl be German of Finnish

      * _ being 20 in the 70's was fun _ *
      • #2393212

        Fred: Actually the last line quoted is Alex’s answering mine, and to which I did answer in turn beginning with another example of an inevitable fact of life that can be either prevented or fixed using the right approach, with some luck (antibiotics being now less effective, because of overuse by large cattle and fowl rising operations).

        Using VPN is probably not more of a danger to our privacy than making a phone call, or answering it — only more complicated and high tech — and maybe because of that, more people are now more inclined to trust it.

        As to the democracies, these are in so much trouble already, because of their internal political disarrays and the  mounting, both in severity and in numbers, of existential threats to us all, as the daily news inform as repeatedly with ever more frequent reports of catastrophic fires, droughts, huge storms, colossal floods, depletion of ice caps portending a drowned world, and more, that this one — of people being spied en-masse by their governments, or by other governments as proxies for their own — is not such a very big deal, when put in this overall ugly context.

        Or, put it in yet another way: no matter how fast we run, in whichever direction, we are likely to be caught, run over and flattened by one big existential threat or another. So let us just shrug off our shoulders, smile, and go out and jump and skip along our way singing “Hakuna Matata.”

        Not because we are OK with this, but because we also have lives to live. Throughout history, it has often come down to this. And we are still here. But there are no guarantees we’ll be here much longer. Because there never are and too many fools pretend there are.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #2393262

      In my line of work I am interacting with people in the intelligence community who work at agencies with three-letter acronyms.  When I meet with a client and discuss things in person rather than over a phone or by email, every single one is universal in their assertion that the biggest existential security threat, and the easiest device to gain access to confidential information from while hunting down ‘bad actors’ ……… are smartphones.  Very little resources, comparatively, are actually dedicated to snooping around PC and server networks. When the talk turns to VPN’s, it almost always elicits chuckles. “Child’s Play” one fellow says, alluding to the ease of which anyone with the right tools (including the bad actors) can weasel their way onto almost any computer on any VPN.

      Hence, 14Eyes.

      But the fact of the matter is that the United States (government) is spending more black budget dollars and dedicating most of it’s high tech resources to cracking into people’s telephones. In the past three years more domestic and international criminals have been located, surveilled and eventually apprehended because they used smartphones to communicate with other bad actors and subversives who pose a national security threat. And it doesn’t involve issuing subpoenas to wireless carriers to snatch location data or anything else.  Local law enforcement can do that. We (the U.S.A) have satellites that can zero-in on and monitor not only wi-fi routers (which is one reason wi-fi is banned at the White House and ‘smart’ TV’s and Displays are disabled — including Bluetooth — before being shipped to the Pentagon), but also individual cell towers —- anywhere on earth.

      We all take precautions to keep our data safe on our PC’s.  Yet there are millions of people who think nothing of conducting sensitive business (read; banking, buying and bill paying) on the most un-secure device ever built by man; the mobile telephone.

      "War is the remedy our enemies have chosen. And I say let us give them all they want" ----- William T. Sherman

      5 users thanked author for this post.
    • #2393297

      Clear Thunder:

      We (the U.S.A) have satellites that can zero-in on and monitor not only wi-fi routers (which is one reason wi-fi is banned at the White House and ‘smart’ TV’s and Displays are disabled — including Bluetooth — before being shipped to the Pentagon), but also individual cell towers —- anywhere on earth.

      And also cellphones, any kind, from visitors at the US State Department, other government departments and some agencies here, in the USA.

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

    • #2393304

      I think that the OP here was referring to corporate network access via VPN. I have used those for work, and they are usually mandatory requirements.

      So I’m not really worried about western government agencies spying on me personally, as I’m not a threat to them, or a target with deep pockets like a corporation. 14 eyes, ransomware gangs, or whatever…

       

       

      Windows 10 Pro 22H2

      1 user thanked author for this post.
      • #2393315

        JohnW: as I have explained earlier elsewhere in AskWoody, I also use a VPN to telecommute at NASA of the kind you have just descried. Now the discussion about 14Eyes and the rest was brought by Fred and Alex and I think it was interesting enough to discuss the more common form of VPN as well and its intrinsic vulnerability to criminals and spooks.

        By the way, I share your opinion on OUR spy agencies having no interest on spying on me particularly, so I do not expect that any time soon, at least enough to make a real difference to me for the better or for the worse. The future after that? As it is written, that is unknown to us — so I cannot comment. (*)

        (*) Proverbs 27:1 Do not boast about tomorrow, for you do not know what a day may bring.
        Eclesiastes 9:11 Again I saw that under the sun the race is not to the swift, nor the battle to the strong, nor bread to the wise, nor riches to the intelligent, nor favor to those with knowledge, but time and chance happen to them all.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

        1 user thanked author for this post.
    • #2393334

      Very interesting thread. If this has come up in it (I searched, and it does not seem to have) I apologize: Question:

      Has anyone considered that some VPN’s could be, in fact, “Honeypots”?

      Sometimes the best privacy practices are in the realm of being that one drop of water in Niagara Falls, so to speak. Camouflage.  The 1″ leaf on a 400 ft. tree in a forest, etc.

      Just a thought.

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Greenhorn
      --
      "The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

      • #2393337

        Hey Nibbled To Death: Here is someone who can answer that question for you:

        https://gist.github.com/joepie91/5a9909939e6ce7d09e29

        Excerpts: (If you just read through to the end of these …)

        Don’t use VPN services.

        No, seriously, don’t. You’re probably reading this because you’ve asked what VPN service to use, and this is the answer.

        Note: The content in this post does not apply to using VPN for their intended purpose; that is, as a virtual private (internal) network. It only applies to using it as a glorified proxy, which is what every third-party “VPN provider” does.”

        …..

        ” Why not?

        Because a VPN in this sense is just a glorified proxy. The VPN provider can see all your traffic, and do with it what they want – including logging.

        So why do VPN services exist? Surely they must serve some purpose?

        Because it’s easy money. You just set up OpenVPN on a few servers, and essentially start reselling bandwidth with a markup. You can make every promise in the world, because nobody can verify them. You don’t even have to know what you’re doing, because again, nobody can verify what you say. It is 100% snake-oil.

        So yes, VPN services do serve a purpose – it’s just one that benefits the provider, not you.

        And Nibbled: to satisfy your curiosity with an opinion:

        A VPN provider specifically seeks out those who are looking for privacy, and who may thus have interesting traffic. Statistically speaking, it is more likely that a VPN provider will be malicious or a honeypot, than that an arbitrary generic VPS provider will be.”

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

        2 users thanked author for this post.
    • #2393336

      Has anyone considered that some VPN’s could be, in fact, “Honeypots”?

      Makes you wonder how many commercial VPN services are just FBI honeypots?

      1 user thanked author for this post.
      • #2393339

        I, hhm, hhhmm, know. Just can’t comment. No comments, I said!

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • #2393356

        Even joepe91at Github is outdated, and more like a hoax-story.

        With the Blackphones and the PGPphones “hacked” by Interpol the croocked are crippled right now (really? I don’t believe that, see the private submarines still carrying death drugs throughout the world). But nevertheless a great lot of bad-guys have been caught. That’s good, IMHO.

        Prive VPN’s and private Socks are coming up, so the new quantum computing will give the croocked companies and croocked states new means to intervene. Microsoft is playing a role to oblige people to buy new pc’s with new chipsets. You do the math; ASML is said no to play this spying game, really?

        In our 80year freedom-war against the Spaniards (1568-1648) they used pigeons and skates.

        In the mean time: do the good thing, and let’s all donate C19-vaccins to the poor, please.

        * _ being 20 in the 70's was fun _ *
    • #2393347

      The FBI uses honeypots? Well … that is reassuring, knowing that our Men in Black know at least to do that, besides wear mirror glasses in the early hours of the morning, when they call at the door. Because I would guess that these days they are used by enforcement agencies in many of the countries that have finally progressed from vacuum tubes to transistors:

      https://usa.kaspersky.com/resource-center/threats/what-is-a-honeypot

      Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

      MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
      Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
      macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

      • #2393348

        The FBI uses honeypots?

        The FBI’s Fake Encrypted Honeypot Phones Are Showing Up Online

        About a month ago, it was revealed that an encrypted phone company was actually a front for a gargantuan FBI operation called “Trojan Shield.” The company, which was really a law enforcement honeypot, sold a product called “ANOM,” an encrypted chat application installed on specific, hardened phones that the bureau was secretly distributing to track and monitor organized crime groups.

        Criminals thought they were getting a secure, impenetrable communication platform but, in reality, their networks were owned by the FBI and other law enforcement agencies—the devices having been designed by the bureau in collaboration with a high-level criminal informant who had previously sold such hardened, encrypted devices to underworld networks.

        Now it’s being reported by Motherboard that those phones are weirdly being resold on the secondary market, popping up on Craigslist-like forums and online retailers….

        The FBI’s honeypot Pixel 4a gets detailed in new report

        800+ criminals arrested after FBI turned Anom app into honeypot

        2 users thanked author for this post.
        • #2393355

          Well … it was a rhetorical question, but OK.

          Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

        • #2393358

          Finally it has come through that full encrypted phone communications have been tackled some times, at least three times, but that shurely isn’t the end of that chapter. Snowden has written some stuff on this.

          * _ being 20 in the 70's was fun _ *
          1 user thanked author for this post.
    • #2393393

      I think that a good use case for using a personal VPN would be if you were visiting and/or living in a country with unfavorable human rights protections, that has disregard for the rule of law, and with an authoritarian government.

      Especially if you are a journalist or political activist who might be critical of that local government. In that case, you are probably better off with a VPN provider in one of the “14-eyes” countries, even if it is an FBI honeypot…

      Windows 10 Pro 22H2

    • #2393419

      I think that a good use case for using a personal VPN would be if you were visiting and/or living in a country with unfavorable human rights protections, that has disregard for the rule of law, and with an authoritarian government.

      In these countries the use of VPN is forbidden.

      • #2393452

        Alex, I think that illegal VPN in such countries is used illegally by people that do not like the government and might even be doing something about it, often called such names as “terrorists”, etc., by their governments that do not like them back.

        Ex-Windows user (Win. 98, XP, 7); since mid-2017 using also macOS. Presently on Monterey 12.15 & sometimes running also Linux (Mint).

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        macOS Monterey; browsers: Waterfox "Current", Vivaldi and (now and then) Chrome; security apps. Intego AV

        1 user thanked author for this post.
    Viewing 13 reply threads
    Reply To: The biggest spy agencies advise on choosing a VPN

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information: