Wednesday 13 July 2016

VPN provider claims Russia seized its servers

Road Closed sign

VPN provider Private Internet Access (PIA) says its servers have been seized by the Russian government, so has quit the country in protest at its privacy laws.
The company has sent an e-mail to users claiming some of its servers have been seized, even though the enforcement regime – in which all Internet traffic has to be logged for a year – doesn't come into effect until September 2016.
A paying user has forwarded the company's e-mail to The Register, which was reproduce at the bottom of this story. The customer also told The Register the Russian gateways disappeared automatically from “older versions of the PIA client” in the last week.
Russia has been progressively cracking down on Internet services with a particular focus on encryption, and in June laws landed in the Duma that would also outlaw apps like Messenger and WhatsApp.
The crackdown already demands registration of any blog, publisher or social network site with more than 3,000 readers, and requires them to store data on Russian soil.
The e-mail, which is available in 'View as Web Page' mode, says:
“The Russian Government has passed a new law that mandates that every provider must log all Russian internet traffic for up to a year. We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process. We think it’s because we are the most outspoken and only verified no-log VPN provider.
“Luckily, since we do not log any traffic or session data, period, no data has been compromised. Our users are, and will always be, private and secure.
“Upon learning of the above, we immediately discontinued our Russian gateways and will no longer be doing business in the region.
“To make it clear, the privacy and security of our users is our number one priority. For preventative reasons, we are rotating all of our certificates. Furthermore, we’re updating our client applications with improved security measures to mitigate circumstances like this in the future, on top of what is already in place. In addition, our manual configurations now support the strongest new encryption algorithms including AES-256, SHA-256, and RSA-4096.
“All Private Internet Access users must update their desktop clients at https://www.privateinternetaccess.com/pages/client-support/ and our Android App at Google Play. Manual openvpn configurations users must also download the new config files from the client download page.
“We have decided not to do business within the Russian territory. We’re going to be further evaluating other countries and their policies.
“In any event, we are aware that there may be times that notice and due process are forgone. However, we do not log and are default secure against seizure. “If you have any questions, please contact us at helpdesk@privateinternetaccess.com.
“Thank you for your continued support and helping us fight the good fight.”

Twitter CEO Jack Dorsey's Account Hacked By 'OurMine' Hackers


Hacker group ‘OurMine’ is in news again. The professional group has now hacked the account of Twitter CEO Jack Dorsey, after previously hijacking the social media accounts of Google CEO Sundar Pichai and Facebook CEO Mark Zuckerberg and former Twitter CEO Dick Costolo.

The group shared a few videos and then sent a tweet that read, “Hey, its OurMine, we are testing our security”, along with a Vine clip that has since been deleted. The tweets were reportedly scrubbed by 3:25 a.m. Eastern, but tech website Engadget grabbed screenshots.

"All of the OurMine messages posted to Dorsey's account (which, as of 3:25 am or so appears to have been scrubbed of the hacker's tweets), came through from Vine”, Endgadget reported.

A warning pops up from Twitter if one tries to access the OurMine website, advising that it is probably not safe, according to the report.

"The link you are trying to access has been identified by Twitter or our partners as being potentially harmful," it said.

In the Zuckerberg and Costolo hack, OurMine accessed Twitter accounts through connected third-party applications or through old or recycled passwords. But in Dorsey’s case, it is suspected that OurMine had access if Dorsey had an old/shared password on his Vine account or somehow connected it to another service that was compromised.

The motivation for compromising Dorsey’s account remains unclear. Though OurMine has laid claim to large thefts, the group’s main goal seems to be harassment