AXEL.org

cybersecurity

Recent Hacks Against Twitter, CWT, and Garmin

Anyone paying attention to the news lately likely knows about the large-scale hack of Twitter. It was the largest attack in the platform’s history and compromised over 130 prominent accounts[1].

It wasn’t the only recent high-profile hack, however. Two other large companies suffered major incidents as well. While they may not have been as headline-grabbing, the bandits in these cases made off with millions of dollars.

The day Bill Gates tried to scam you

No, that’s not a reference to Windows Phone. On July 15th, many public figures had their Twitter accounts hacked, including Gates, Joe Biden, Barack Obama, Warren Buffet, Kanye West, and others. These accounts were all made to tweet out a Bitcoin donation scam. By the time the attack was dealt with, the scammers got away with nearly $120,000 in BTC.

Since then, the alleged perpetrators have been identified. According to authorities, the “mastermind” behind the scheme was a 17-year old from Florida, Graham Ivan Clark. Whereas most 17-year old boys are concerned about who they’ll take to prom, Graham allegedly spent his time concocting an increasingly-complex list of digital scams. What started as trolling Minecraft players for small-time sums ended with Clark amassing over $3 million in Bitcoin[2], including the $118,000 Twitter heist.

While it has not been verified, the leading theory as to how the hackers carried out their plan is as follows:

  • They targeted employees with administrative privileges at Twitter with phone-based spear phishing attacks. Spear phishing is a social engineering method where the malicious agent attempts to convince an employee of the company to reveal sensitive information. In this case, Clark allegedly posed as a co-worker in the Twitter IT department.
  • This gave them access to powerful internal tools capable of managing high-profile accounts.
  • The agents then used these tools to change associated emails and reset passwords of the targeted accounts.
  • With full access, they were able to tweet out the Bitcoin scam.

You can imagine why this story has received much traction. It has potentially far-reaching implications beyond a moderate heist. If bad actors were able to gain access to such prominent accounts and use them for even more devious purposes, chaos could ensue. This is one reason why the FBI took a leading role in the investigation of the crime[3].

The CWT hack

The travel management firm CWT has also been in the news lately due to a cybercrime incident. Although the potential consequences of this attack are less sweeping than the Twitter incident, it is still an amazing case.

On July 27th, it was found the company paid $4.5 in Bitcoin to hackers who had infected up to 30,000 of their computers with the ransomware known as Ragnar Locker.

Ransomware is a common type of malware. The variety used in this attack encrypted data on the compromised computers. This encrypted data could not be accessed until ransom demands were met. Upon this, the hackers provided decryption keys.

Ragnar Locker is specific ransomware discovered in December 2019. Attackers employing this program have been known to use especially tricky methods to escape detection. They hide it within a virtual machine image. This image is installed in secret and then maps out all connected drives on the target’s network. Since the malware is running in a VM, it is concealed from security software. This makes it very difficult to prevent or quarantine.

The CWT case is interesting because the chat room logs of conversations between the hackers and CWT management leaked. Typically, companies faced with a hack discuss terms in private and the public is unaware of the specifics of the deal. Here, it is known that the attackers initially asked for over double the amount they ended up receiving in ransom. Still, it is amazing to think that a 49kB malware file hidden in a 282MB virtual image could net these attackers $4.5 million.

Garmin pays out

Garmin, most known for its GPS-related products and smartwatches, fell victim to ransomware on July 23rd. The attack has been tied to a notorious, Russian/Ukrainian-based hacker group known as Evil Corp.

What is there to know about this group? For one, they’re likely fans of the television show Mr. Robot. More than that, though, they are an extremely proficient group of cyber thieves. It is estimated their attacks have netted them well over $100 million in ill-gotten gains[4]. This gang is so prolific, it has received official sanctions from the United States government.

The ransomware used in the Garmin attack is called WastedLocker. Like Ragnar Locker, it also has a novel method of concealment.

Anti-ransomware programs monitor a computer’s file systems to see if a large number of files are being opened and modified sequentially. When security software detects this, it kills the process, limiting the damage done to a small number of files. WastedLocker bypasses this by opening a file into the Windows Cache Manager which is stored in the system’s RAM. It then closes the original file and encrypts it in the cache manager. Due to how Windows Cache Manager operates, the newly-encrypted file is then written back over the top of the original file in the file system.

Although it isn’t known exactly how much Garmin paid out to decrypt their files, we do know the company has retrieved their data. With an alleged demand of $10 million, it’s nearly guaranteed that Evil Corp received millions of dollars.

Leveraging the security of blockchain

At first glance, it may seem counterintuitive to use blockchain technology to stop cybercriminals. After all, the thieves typically receive their ransom payments in blockchain-powered cryptocurrency to remain as anonymous as possible. There are useful applications of the technology for cybersecurity, however.

Consider the underlying strengths of blockchain technology:

  • Data stored within the blockchain can’t be altered without being noticed immediately.
  • Data is not stored on a small number of centralized servers. The blockchain is distributed among all nodes within it, which often number in the thousands or more.

These strengths show why the tech is suited so well for data security. If a hacker were to infiltrate a node on the blockchain and alter information, it would conflict with the data on the other nodes in the blockchain, and subsequent blocks are rendered invalid. The infected nodes could be removed from the system and their data restored to a valid state before reintegration.

Databases built from blockchain technology are the future for cybersecurity. Malicious attacks of ransomware can be stopped in their tracks without significant downtime or data loss.

Securing data at rest and in motion

Axel is committed to this vision. That’s why blockchain encryption is the backbone of our Axel Go filesharing platform. Axel Go ensures your files are secure, private, and accessible from anywhere. In the age of multimillion-dollar hacker organizations, you can trust that your sensitive data is safe with us. Download it today and try it out for yourself. We’re securing data at rest and in motion.

 

[1] Michael Liedtke, “Biden, Gates, other Twitter accounts hacked in Bitcoin scam”, AP News, Jul. 15 2020, https://apnews.com/95f55c9846e880f23791845f5d0c3f38

[2] Josh Solomon, “Bail in Twitter hack: $725,000. Tampa tee’s assets: $3 million in Bitcoin”, Tampa Bay Times, Aug. 2 2020, https://www.tampabay.com/news/crime/2020/08/01/twitter-teen-makes-first-court-appearance-in-tampa/

[3] Robert McMillan, Dustin Volz, “FBI investigates Twitter Hack Amid Broader Concerns About Platform’s Security”, The Wall Street Journal, Jul. 17 2020, https://www.wsj.com/articles/fbi-investigates-twitter-hack-amid-broader-concerns-about-platforms-security-11594922537

[4] Andrew Roth, “US Charges Russian ‘Evil Corp’ hackers with $100m banking scheme”, The Guardian, Dec. 5 2019, https://www.theguardian.com/technology/2019/dec/05/evil-corp-hack-us-feds-charge-russian-hackers

How To Stay Safe Online When You’re Traveling

Travel can be a mind-opening and life-altering experience. Whether you’re traveling for business, for pleasure, or to visit your family in your hometown, it’s always great to get away from the drudgery of your daily routine to see new things and meet new people.
However, unfamiliar places can bring unfamiliar dangers. And while you’ve likely been told to not keep your valuables on your person in case you get mugged or to lock yourself in a small cabinet when visiting family so they can never find you again, the rules for safely using technology while you travel are a bit nebulous at times.
Never fear: we’ve got you covered. Here’s how to keep your personal information safe when visiting an unfamiliar — or all too familiar — locale.

Business travel

Wow — you’re important enough that it’s actually necessary for you go to a whole different city or country for work. Because you’re needed there. Ok. Are you Beyonce or something?!
Anyway business travel has its own set of risks and challenges, so here are some things to keep in mind.

  • Bring only what you need. Increasingly, security personnel at airports will look through devices to determine if their owner poses a security threat. And the risk of having something stolen is greater in unfamiliar environments. Bring the tools you need to safely work, but don’t bring anything you don’t absolutely need.
  • Keep your devices on you at all times. Yes, the danger of security going through your phone is real, but don’t check your work laptop that has all your company’s trade secrets. If one of your devices gets lost, then anyone who finds it will be able to hack into it and figure out when your next secret album is dropping. (You are Beyonce, aren’t you?!)
  • Don’t trust the Wi-Fi. This is always a solid tip, but especially important when you’re traveling for business. Never use unfamiliar public Wi-Fi to do official company business or any sensitive personal browsing. Doing so leaves you open to hacking, government surveillance, and increased risk of malware being installed on your device.
  • Use a VPN. If you’re traveling for business, all of your internet browsing should happen while connected to a VPN. Many companies require you to use a VPN to log into their networks while working, but if your company doesn’t, invest in one.
  • Consult your company’s IT department before you leave. Ask your IT department if there are any special considerations for working remotely in the country you’re visiting, unless your IT department is just three people sitting in a basement. Then just follow the tips above and also begin looking for a new job.

Personal travel

Wow — you’d rather explore the world than sit at home in your sad studio apartment with your cat. Because you want to. Ok.
When traveling for pleasure, you should bring only what you need, be wary of Wi-Fi, and keep all devices on your at all times, as mentioned above. Here are some additional tips for world explorers.

  • Wait until you get home to post pictures. It’s tempting to post all your sexy beach pics immediately to make others jealous, but it’s best to wait so you’re not advertising that your home is empty or giving away your location.
  • Don’t do any crimes online. If you do venture on the Wi-Fi, make sure you know that laws in the country you’re in. For instance, don’t go on adult sites in Cuba and don’t trash the government on social media in China — it won’t turn out well for you!
  • Password protect all your mobile devices. You should always have strong passwords in place for all your hardware and online accounts, but it’s particularly important when you’re traveling. Have strong passwords for hardware and two-factor authentication for all accounts.
  • Don’t swim with your phone in your pocket. This has nothing to do with online safety, it’s just better if you don’t.

Visiting your family in your hometown

Oh man — how’d you get tricked into visiting your hometown? Whether you’re home for the holidays or visiting your beloved family dog Sparky, your hometown is full of dangers

  • Stay in a hotel on the dark side of town. Do not reveal the location of this hotel to anyone. Pay in cash and use “Jon Bon Jovi” as a pseudonym.
  • Do not complain about your mom’s meatloaf on social media. Similar to complaining about the government in China, this will get you into big trouble.
  • Turn off all location-sharing capabilities on your phone, and make sure your phone isn’t set to automatically connect to Wi-Fi. Government agencies and your mom can use this information to track your location.
  • Whoops — your mom found you at your sketchy hotel because Jon Bon Jovi is a pretty obvious pseudonym. Grab Sparky and leave in the night.

Traveling can be a minefield of digital dangers, but as long as you exercise reasonable caution and refrain from using the pseudonym “Jon Bon Jovi,” you should have a safe trip. Bon Voyage, Beyonce!

How To Sound Like A Cybersecurity Expert

Cybersecurity is a buzzy topic these days. Everyone seems to be clamoring for tips on how to stay safe online, and you read in a listicle somewhere that cybersecurity is currently one of the fastest growing fields. So how can you get a piece of the respect and professional prestige that a cybersecurity expert might have? Simply follow these tips.

Warn people about social media

Inform people that by posting photos of their brunch on social media, they are giving hackers and state actors the tools necessary to take you down.

But actually, that’s too specific and information-y to remember, and it’s kind of a downer. Make your warnings vague, as in, “that Facebook is up to no good!” or “be careful about Twitter!” This way, when the next terrible Facebook or Twitter thing happens, people will recognize your prescience.

Bring encryption up often

Now, you may not know what encryption is, and I certainly don’t, but what we do know is that it’s somehow important to cybersecurity experts. Talk about it a lot, and if you encounter someone whose knowledge on encryption is more advanced than yours, simply run away.

Make a big deal out of the dark web

Studies have shown that people love hearing about the dark web. Take advantage of this fact to improve your social standing by making a huge honkin’ deal out of the dark web whenever you can.

If you see someone holding a credit card, mention that there’s lots of stolen credit card information on the dark web. This will confuse them into thinking you can help them keep their credit card information off the dark web.

Extra points if you can explain to people what TOR stands for. But if someone actually asks you how it works, this is again the moment to simply run away.

Loudly proclaim that quantum computing is the future of cybersecurity

This is certainly true. Don’t ask me why.

If someone asks you to elaborate on your claims, run away.

Chant “identity, not perimeter” to anyone in your general vicinity

The idea here is that perimeter security, or the mighty firewall as some call it, will be overtaken by identity and access management security, which allows for more granular permissions to be set, and ensures that even if someone does breach the firewall, they won’t have access to everything.

But that’s sort of a long thing to remember, so just remember the chant. If anyone asks questions about the chant, tell them to stop interrupting the chant.

Start a group chat to share cybersecurity articles you don’t understand

You’re not legit until you’re sharing articles saying common facts that we all know about like “phishing is a thing,” and “hackers have our data.”

To solidify your standing as a thought leader, however, you need to take it one step further. Sharing articles about concepts you don’t understand will allow you to rise to the top of the cybersecurity fake expert field. Look for a title like “why you NEED quantum encryption TOR identity blockchain security NOW.” If someone asks you what that means, tell them it’s too late for them if they don’t know.

Do Your Apps Know Too Much About You?

Two years ago something incredible happened.

A simple computer game brought the world together and got gamers out and about into the big wide world. But after the immediate rush of excitement about “catching ‘em all”, users started to realize something a little more sinister about the Pokemon Go app.

As well as letting them throw imaginary Pokeballs in real-life locations, the iOS version of the app was caught accessing almost all of users’ Google account information – everything from emails down to photos.

Two years later, Mark Zuckerberg made a statement about the vague data collection techniques apps were using through Facebook. He was keen to iterate that Facebook does use sound clips from videos recorded directly onto Facebook to serve relevant ads after questions around this became louder and louder.

But his statement wasn’t exhaustive enough in covering what exactly our apps know about us.

This is because of the ambiguous nature of app permissions.

They tend to be oversimplified so as not to overwhelm the user, but below the simple sentences and soothing reassurances they can gather a huge amount of data with every single interaction.

Of course, some data collected is absolutely necessary for the apps to work in the first place. For example, a photo app won’t work if it can’t access your photos, and Uber needs your location information so it can pick you up in the right place – duh.

But once you give apps that need information access to your data, they can start to worm their way under the surface to dig out more and more information about you and your behavior.

Take location access as an example.

Once you give away your location, app makers are then able to use that information to figure out what floor of a high-rise you live on or the places you visit the most.

Why Apps Want Your Data

Data is gold for app makers. With information about their user base, apps can perform all sorts of other actions, like:

  • This is the key activity app makers do with the data they’ve gathered. Knowing everything about you means they can serve up relevant ads and charge advertisers more and more for being so highly targeted.
  • Curated content. This keeps users sticking around for more. If they’re seeing more of what they like, they’re more likely to engage with the content and keep coming back for more.
  • App development. Data can be really useful for knowing what users do and don’t like, which can be used in the future to improve the app or make another app altogether.

A whopping one-third of consumers don’t think advertisers collect data from them.

App Permissions: What Do Your Apps Know About You?

Now you know why your apps might want to scrape together the digital breadcrumbs of you, let’s take a look at what they actually know about you, because it can be easy to jump to conclusions and envision a Big Brother type scenario which often isn’t the case.

Your smartphone is actually packed full of sensors which can decipher your whereabouts, what speed you’re traveling at (including what form of transport you’re traveling on), and which way up you’re using your phone.

But you’re not completely powerless.

This is where app permissions come in, a.k.a. the “barrier” between app makers and the data stored in your phone. When a pop-up shows up on your phone with a permission request, it’s up to you to decide how much data you pour into the hands of the app maker.

However, this is easier said than done, and that’s because very few apps give detailed explanations about what information they’re going to collect and use.

Many app makers do this in the interest of their users; they don’t want to overwhelm them with technical drivel, so they keep it simple. But this means that a lot of users don’t actually know the full extent of what they’ve agreed to.

If you want to know exactly what an app can and can’t see about you, there’s a way.

On an Android device:

  • Open the settings app
  • Go to the Apps & Notifications center
  • Choose an app and click Permissions

On an iOS device:

  • Go to the Settings app
  • Choose an app
  • See the Permissions that are listed

On both kinds of devices, you can usually switch off permissions with a toggle button to pick and choose what data can and can’t be collected (though bear in mind that some apps need certain permissions in order to run).

And, though this is a good starting point to find out what your apps know about you, it doesn’t always give you the full story.

Take the incident with Uber recently, where it was discovered that the app was secretly recording screen activity on iPhones. The company hit back that this was to improve functionality with the Apple Watch app, but it just goes to show that even if you think you know what an app can find out about you, there might be something more sinister going on.

How Are Things Changing When It Comes to Apps and Data?

Phone providers are now cracking down on what app makers can and can’t do when it comes to permissions – particularly location permissions.

When requesting location access, app makers now have to adhere to the “only when using the app” rule, which means they can’t track users when they’re not inside the app.

But while control settings are getting tighter, they’re also getting more and more convoluted. App makers are starting to bundle permission choices together and still aren’t quite there with letting their users know exactly what they’ll be using data for.

Apps that require users to “unlock” a particular permission in order to use the app as it’s supposed to be used are doing so without giving away whether they might share it with marketers and advertisers too.

What it boils down to is this: people have every right to choose what they do and don’t want apps to access, but there’s not much they can do if the app in question needs their location or access to their photos to work as they’re supposed to.

In these instances, it’s up to the user to decide whether they want to continue to use the app or give it up entirely.

And, until app makers get clearer with what they use data for, many users will remain in the dark about what data app companies are collecting about them and what they’re doing with that information.

A Beginner’s Guide to Staying Safe Online

Every week it seems a new security breach is hitting the headlines so we can be forgiven for thinking the online world is a dangerous place.

Earlier this year, Facebook was lambasted for sharing user data with third party apps, while those with Androids were shocked to learn that their mobile was tracking their every move thanks to built-in location tracking tacked onto Maps and Photos.

And then there was the Amazon Echo incident, where customers realized their every interaction was being gathered together to build a case about who they are and their shopping habits.

So yes, we’d be forgiven for thinking the online world is a scary place.

Sure, the internet has impacted our lives in amazing ways, but there is a dark side just like with everything else.

But because we’ve been so eager to dip our toes into the countless benefits that the internet brings (being able to communicate with anyone, anywhere is pretty priceless), we’ve lost some of our personal privacy along the way. It’s kind of an exchange – we let you do this in exchange for this information about yourself.

This isn’t about to stop anytime soon.

We like the freedom to contact someone on the other side of the world with the click of a button. We like being able to next-day-deliver something we’ve coveted for all of five minutes. We like being able to read our favorite news stories without having to shell out for a hard copy.

Handing over our data for online freedom is the price we pay. Everything we do on the web leaves a digital trail that can be swept up and used by corporations and governments.

The problem is in the transparency of it all. Legalese in tiny fonts that are unreadable with the naked eye pull the wool over users’ eyes. We want to sign up to Twitter so we can see what everyone’s saying about the latest celebrity scandal, so we blindly tick the “yes” box without really agreeing to have our data scraped through and sold on for who knows what purpose.

Giving away even the tiniest snippets of data about yourself can leave you at risk from less-than-stellar companies, but there are steps you can take to limit how much data is siphoned from your internet activity.

If you’re not tech savvy and don’t know how to navigate the ins and outs of the World Wide Web, let us help you out.

Encrypt Your Email

Email is not going anywhere anytime soon. In 2017, more than 270 billion emails were sent, a number that’s set to increase to 320 billion by 2020.

We hear all the time about email accounts getting hacked, and this form of online communication has been hailed as the absolute worst for security. This is because a single email message gets passed around several different servers before it reaches its final destination.

You can keep the content of your messages private with encryption. Some email providers already offer this as standard, but for others you might need to download an add-on or a plugin. When it comes to the metadata that accompanies your emails though (the sender, receiver, time stamps etc), there’s nothing you can do as the internet routing system needs this information to do its job.

Hide Your History

We often get sucked into a wormhole on the internet and find ourselves knee deep in cute cat videos when all we wanted was to find a review for the new washing machine we’ve got our eye on.

It’s hard to believe that anyone would be interested in the meandering trail we took to get to the cat videos, but this information can be used by companies to know what sites we visit the most and how we get from one to the other.

This log of sites you visit is known as your “clickstream”, and you can take a look right now at the online journey you’ve taken over the past day by simply clicking “History” and then “Full Browsing History” when your browser is open.

This information isn’t private unless you always browse the web in Incognito mode so the sites don’t retain your Cookies (watch the video below to understand what Cookies are), or to download a free tool that obscures your clickstream.

Video:

Get Savvy with Your Social

It always seems to be social media sites hitting the headlines with privacy concerns (we’re looking at you, Facebook), and that’s because social channels are filled with a bounty of information about their users; from date of birth to restaurants you regularly check into and your closest friends, these sites literally have an incredible low-down on you.

But again, it’s the price we pay to stay in the loop and to share filtered pics with our nearest and dearest.

The best advice here for eliminating any chance of your data being scraped and used elsewhere is to delete all of your social media accounts.

If that seems too drastic, give yourself peace of mind by having your accounts on the highest security settings possible (here’s a great guide to help you do that) and leaving out any identifying information like your date of birth or your home town.

We can’t control what others post on social media (and sometimes they’ll post stuff about us that disappears into the ether), but we can control what we hand over to the grasping hands of big corporations.

Leave Your Location Out of It

There’s something thrilling about checking into a new place, whether we’re humblebragging about visiting the latest high-end restaurant or simply want people to know that we’re Out There Having Fun.

But location data can be incredibly valuable if it falls into the right hands.

Think about it: not only are you providing information about where you are and what you’re doing there, you’re handing over data like what time of day you like to do that activity, and you’re even giving nearby locations the chance to target you with ads while you’re in the vicinity.

The answer here is simple: turn off your location when you don’t need it and avoid using sites that require you to “check in” or need location information.

Other Things You Can Do

Encrypting your email, being elusive with your social media information, and avoiding the lure of “checking in” are good starting points for protecting your online data privacy.

But, taking it further, you can ensure that your password across everything is not something that can easily be guessed. Instead of having a password, go for a passphrase that is made up of multiple words, numbers, and symbols.

And, when it comes to your search engine habits, be ruthless.

Many of the big search engines make a note of your searches and build a profile of you to serve up relevant ads. If you want to avoid this, you need to avoid the big guys and instead use a search engine that doesn’t track your every search term (the oddly-named DuckDuckGo is good for this).

Protecting online data is a big concern for most internet users, but for the tech-phobic it can be truly terrifying, especially if you don’t even know how to start protecting yourself.

Hopefully these tips will point you in the right direction and help you get your privacy back under control, pronto.

The Growth of Privacy – VPNs and Beyond

We all expect to have our private matters kept away from the prying eyes of strangers. Recent years have seen a flurry of wild reports on the grapevine, from federal agencies spying on telephonic conversations to personal data being stolen from the cloud and used for unintended means. As far fetched as they may seem to the average personal internet user, many of them are true.

The gravity of the situation truly came to light in 2017 when the US Congress and Senate approved the decision to remove privacy protection for internet users. This was no doubt backed by corporate powerhouses looking to sell and buy data. USA, the land of dreams, fell prey to prying and spying, and was criticized by many for selling out the privacy of its own citizens.

In the thick of things: Telcos

Telecommunication companies, or telcos, are right at the center of the storm. Increasingly under scrutiny due to the rapid increase in cellular users, these companies actively trade-off between the multipolar attraction of user privacy, revenues off data sharing, and network exploitation.

Verizon is one of four cellular service providers who have agreed to halt the selling of user location to data brokers.  This is a direct result of increasing pressure from regulators to protect cell phone users.

However, regardless of the role that Telcos eventually adopt, users too are adopting safe measures for the protection of their data. The data security market is expected to be worth $22.85 billion by 2020. As for today, there are an array of commercial off-the-shelf (COTS) and personalised solutions to the classic problems of privacy.

With this in mind, we thought it would pertinent to give a 101 of the most popular option; one that helps create a virtual bubble to protect our privacy from prying eyes.

What are VPNs?

VPNs are rapidly gaining popularity with both corporations and individuals.

The term stands for Virtual Private Network and basically allows users:

  • to access private networks securely
  • remotely share data through public networks.

In other words, it allows an individual / firm to protect their identity, and data, from unauthorized users online.

What VPNs do

  • They secure sensitive data online and during transfer/use.
  • They encrypt data – even if data gets stolen, encryption makes it of little use to the average hacker.
  • Bypassing of content filters becomes possible; this can be godsend in countries such as China, where whole stratas of the internet are blocked due to stringent internet policies.
  • Data can be shared for an extended period.
  • You can browse the web in complete anonymity. Continuing from the Chinese example above, you would not want the government to go through your ‘How to launch an Arab Spring’ reading list.
  • Implementation of a VPN system increases bandwidth and efficiency.

Given all the benefits of VPNs, it does come to mind that the setting up and running of a VPN would be a complicated process. Surprisingly, with the help of COTS solutions, it is as simple as typing in a password and username. VPNs work on the basis of protocols that are constantly being upgraded and improved. The most common are:

  1. PPTP

PPTP stands for Point to Point Tunneling Protocol and has been around since the 1990s. PPTP works by encapsulating the data pocket rather than encrypting the information. This particular system owes its popularity to its adaptability towards almost every operating system. With the advent of stronger and more secure protocols, the credibility of PPTP has been called into question. It is still a strong VPN, just not the most secure option available.

  1. L2TP/IPsec

L2TP and IPsec are actually two different protocols that are often used in combination. This is because pairing the two adds their most coveted properties together to form a reinforced security. L2TP is unable to encrypt data so it generates a secure tunnel, while simultaneously IPsec takes charge of encryption channel security as well as data integrity to ensure that the channel of communication remains uncompromised.

  1. Open VPN

Open VPN has gained immense popularity. This is largely due to the fact that it is freely available and thus the cost factor, which might otherwise weigh heavily, is completely eradicated.

Treasuring your Privacy

Data protection can be expensive: most good data privacy services cost a good deal of money. Here are some tips to make sure you get the most bang for your buck.

  • KillSwitch works to ensure that the data remains safe in case the connection drops.
    There are two main types; one blocks internet traffic in case the VPN drops while the other shuts down applications.
  • Use P2P servers to download torrents.
  • Make sure the settings of the VPN are set to protect against any data leaks.
  • Use the VPN service diligently on your mobile phones, especially when visiting countries with strict data theft records, such as China and the UAE.

VPNs have multitudes of benefits that have been mentioned above. However, like every other thing, they also have disadvantages.

  • With rising awareness about the threats to  personal privacy comes a larger demand for VPNs. Wherever there will be an increased demand for a particular service, it gives corporations the incentive to step in and exploit that demand through commercialization.
  • Free VPNs are opted for by most – since they are free, of course. However, “free” VPNs that are used to access blocked sites and such often allow or fall prey to malicious third parties. Even more regrettable is the fact that many of these popular solutions may come with their own set of adware and spyware, thereby granting the developer access to sensitive information.

In the grand scheme of things, many individuals consider the loss of their data inconsequential: “what would anyone achieve by accessing our personal information?” Despite the growth of the privacy industry, this fatal error is not so uncommon. Businesses, on the other hand, with decades of lessons learned behind them, are unlikely to make the same mistake.

Reference Links

https://www.forbes.com/sites/forbestechcouncil/2018/07/10/the-future-of-the-vpn-market/#22a967602e4d

https://www.forbes.com/sites/enriquedans/2017/03/29/the-upcoming-spread-of-vpns/#423a6b4679a3

https://gizmodo.com/5990192/vpns-what-they-do-how-they-work-and-why-youre-dumb-for-not-using-one

https://www.ibvpn.com/2010/02/8-advantages-of-using-vpn/