A Virtual Private Network (VPN) is not as private, safe, or secure as you may think. If you utilize a VPN for geo-blocking, obfuscating your internet address or investigating the dark web, read on.
Simplistically, a VPN creates an encrypted tunnel between two environments. This makes it more difficult for third parties to access your internet traffic, identity, and personal data. If the VPN happens to be unreliable, this tunnel could directly connect you to a hostile environment. VPNs can provide an express route for attackers to gain access to your computer, exposing your entire network to infiltration and compromise.
A VPN can give users a false sense of security. While VPNs will protect your IP address and encrypt your internet history, they cannot keep you safe from phishing attacks, malware or from downloading compromised files. As the use of VPNs has risen with the increasing popularity of remote work, so has the number of VPN vulnerabilities which have been targeted and exploited by attackers.
Free or cheap VPNs are popular for streaming TV shows or movies, safe browsing, or conducting research in a less-attributable manner. However, free or cheap VPNs are typically less safe. If the VPN service is free, that usually means that the company providing the VPN will need to make its money off you. You become the product.
Many of these VPNs are like using a public washroom; shared with hackers, child predators, criminals, pirates, and hostile intelligence services. Your privacy is not always guaranteed, nor will you have complete anonymity with cheaper services. These cheaper services are advertised as VPNs; however, they often fail to circumvent censorship, surveillance, or streaming blocks. In some countries, using a VPN can result in being arrested. Many organizations use foreign VPN services to conduct their sensitive online operations, without any assurance that those operations are not being monitored. Therefore, many free or cheap public VPNs are dangerous, instead of advantageous.
For security research or open-source intelligence investigations, you need a trust-worthy managed attribution system that can cloak and protect your identity and the nature of your investigation, all while securing the session against sophisticated threats. Managed attribution is the safest service to choose.
A managed attribution service helps individuals and organizations protect their online identities by changing IP addresses, employing virtual machines, and routing internet traffic through multiple servers.
The three principal features of a trustworthy managed attribution service are protection, privacy, and performance.
1. Protection
A trust-worthy managed attribution service is built upon a sovereign and secure supply chain that clearly identifies who has designed, built, deployed, and manages the service - free of Foreign Ownership Control and Influence (FOCI). The service provider should be located in a country that is bound by domestic laws ensuring privacy interests are fully protected. There should be technical and procedural security controls in place to provide this assurance or the system ought to have undergone some form of Security Assessment and Authorization (SA&A) certification and accreditation. The facilities, operations and personnel should be security vetted/cleared to at least the level-of-operations that they are supporting. The company should be able to protect your identity, protect your interests, and safeguard your activities throughout the entire service engagement. The software for the managed attribution service should not be intrusive, deeply impeded system software, or potentially introduce security exposures.
The system needs to be backstopped against infiltration by a sophisticated adversary. A full suite of security safeguards should be integrated within the system. This could include extended detection and response (XDR) technology, domain name services (DNS), and malware protection. It should be supported by Active Cyber Defence and Threat Hunting tied to Security Orchestration, Automation and Response (SOAR). In addition to cloaking the session, the system should offer a secure containerized space to download content from dangerous sites. An overwatch capability supported by Cyber Threat Intelligence (CTI) would monitor the whole managed attribution network and watch your back for the first signs of trouble.
The system egress nodes and assigned address space should be clean and unique per user. Similarly, the network cannot be identified as a VPN or managed attribution service.
2. Privacy
The managed attribution service needs to have been engineered with privacy by design. This will cloak the identity and activities of the users from detection and counter surveillance using multiple hops, ingress, and egress nodes – making it untraceable even by a the most sophisticated adversary. Such a system needs to support persona management, persistent, and ephemeral connections.
Domestic laws cover your individual privacy only if the service provider is located in-country and all the components and operations are fully within their control. The provider should be able to demonstrably assure that your activities are invisible to them, and any personal identifiable information (PII) is protected according to law.
3. Performance
The system needs to be easily deployable at an affordable cost - ideally launched right from a web browser. The solution needs to be simple, safe, and transparent for users.
When a managed attribution service slows down your internet speed, it’s counterproductive. Therefore, it shouldn’t adversely affect the efficacy of your internet services. This includes high-bandwidth applications such as gaming, streaming, or circumventing denied environments.
In summary, the service should provide optional on-demand, secure, private, anonymized ephemeral networks, global ingress, and egress nodes (fixed, dynamic, and mobile) to the workspace integrated with an investigative desktop - at the push of a button.