Category: Just Interesting

No Such Thing as a Free VPN – the Hola Price

First of all I’d like to ask, would anyone mind coming round to fix my back fence – it got wrecked in high winds and needs replacing? I won’t pay you or anything, you’ll just do it because you like helping people, reward enough right? I’m not expecting to get inundated with offers, but you never know saves paying someone to do it.

It’s why I get frustrated with everyone always asking me if I know of  free proxies and vpns as if there are thousands of companies across the world who are happy to spend considerable time and money providing a service which you can use for free to watch porn or stream movies. I mean ….why would they do it? What’s in it for them? Please, people is this the way the world works, I think not.

madeasign
There’s always a reason, these things cost money and if you want to see an example of the hidden costs of using something like the adware riddled monstrosity that is Hola then read on.

There are plenty of free services around, but none of them are really free. In lieu of using their servers you have to accept slow speeds, security risks and the fact that they are likely to try and make money out of you. The usual method is by filling your computer and browsing session with lots of adverts (which generate them income). It’s very annoying and personally I wouldn’t let it near any of my computers or devices, but you can at least argue it’s fairly straight forward. You use their connection for free and they make money by bombarding you with adverts – fair enough.

However using a proxy or VPN is more than that, you are in fact handing over your entire online world to these providers and they can do pretty much anything with it. Take for instance the free VPN mentioned – Hola, most of us just thought those adverts were the payback but it appears there’s much more. They are actually hijacking your internet connection and pimping it out for cash via a service called Luminati.

Your Price to Pay for the Free VPN

Luminati is a paid anonymity service which runs on the lines of TOR, that is it encrypts your connection then relays it through a network of exit nodes in order to hide your location. On it’s FAQ page, here’s the first two bullet points –

  • All countries – Luminati is the only network that provides you with IPs in ALL countries in the world! (except N. Korea)
  • Real anonymity – the Exit Nodes in the Luminati network are regular PCs, laptops and phones, and thus are not identified as proxies or as Tor network nodes

Which is all fine and dandy, until you learn that these ‘real pcs’ are ours. Well, that is the pcs of people who use Hola. You install Hola and you are potentially allowing your PC to be sold as an exit node, that is anybody can use your connection to route their traffic to keep themselves anonymous.

Can you imagine what’s being relayed through the connections of these hapless Hola users, your connection could be being used to relay all sorts of material.

That computer sitting in front of you could at this very minute be distributing porn around the planet, hacking in to government servers or perhaps participating in a DDOS attack on a company.

It’s kind of a big price to pay for a free VPN don’t you think.

So if you’ve made it down this far into the post, and you happen to be a Hola user I’d suggest removing that Hola plugin very quickly (I’d actually reformat my drive these things are notoriously difficult to remove!). Learn a lesson that stuff on the net, that costs people money to run/develop and support is never ever going to be free.

I’m still amazed by the sheer greed of some of these people – here’s a link to the cracking summary and a Hola Vulnerability checker and proof of concept code  if you want to read more.

http://adios-hola.org/

GTA V Mods Infected with Malware

I’ve always thought that if you wanted to target a particular group of people to infect their computers and steal their login details that teenage boys who play video games would be an ideal choice.   Of course there are drawbacks in that few will probably have paypal or online bank accounts however that’s changing. GTAV-malware Take my eldest son for example who fits quite neatly into this ‘game playing’ group and despite my protestations is always infecting his computer with something or other.   His world focuses around computer games so if something gives him the edge, he’ll install it in a heart beat without a second thought about what it is or where it comes from.   A stern lecture on computer security and why it’s sensible not to install unknown programs which throw up security warnings will be forgotten minutes later. malware-teenage

Well it seems they are being targeted and the route is through ‘mods’ to popular games like Grand Theft Auto.  These ‘mods’ are software which you can install onto a popular game to modify some aspect of it.  It might be a different scenario, change the look and feel of the game or install some sort of cheat or upgrade into the game itself.  There’s a whole community of  people developing this stuff mostly for free.

It was in two mods of the GTA V game that some users first noticed that malicious code has been inserted onto their computers through the patches. The ‘Angry Planes’ mod spawned planes which attacked enemy players, and the ‘Noclip’ mod allowed players to walk through walls and other objects.  One GTA player noticed that a C# compiler was running in the background when he played GTA V, it was running a program called FADE.exe which is actually a keylogger.  This is a program that sits and records all your keystrokes and then usually emails or uploads them to a remote server somewhere for someone to pick  up. The mods were completely functional and did exactly as described, which of course the best malware distribution systems always do.

People tend to believe if something works then it’s not infected with a virus where that’s not usually the case.  There’s loads of examples here especially in the field I cover most that of proxies and security. So it’s very likely that there are thousands of people running around GTA V whilst malware sits logging their every keystroke in the background.  Most of the Anti Virus software failed to pick up anything in these mods so most will be completely unaware of this situation.  So if you play or knows someone who plays modded versions of GTA then it might be worth letting them know to check out their computers and change their passwords (after removing the keylogger obviously!).

Global Internet War – Chinese Great Cannon

We’ve all seen those scaremongering stories on mainstream media, about cyber wars and the internet becoming a battlefield.  Usually these are rather over the top,  however a story is breaking now which is making these seem much more of a reality.

The story starts with a web site called greatfire.org which provides news and information around Chinese censorship in general and the Great Firewall of China specifically.  It contains lots of information and links to VPN and proxy tools like Identity Cloaker which can be used to circumvent the Chinese firewall and surf without restrictions.
Now obviously sites like these are not very popular with the Chinese authorities and generally can be difficult to access directly (although the site is mirrored across several locations).  It comes as no great surprise that sites like these are routinely blocked, but what has happened next is a significant escalation by the Chinese authorities.

Unleash the Great Cannon 
cannon-308996_640

On the 16th March the greatfire servers came under a huge DDoS attack, 10 days later an open source developer’s site called github came under a similar attack.  Basically the sites experienced a huge surge in traffic which their servers were unable to cope with and simply fell over.

The origin of these attacks were from thousands of computers mainly from across Asia (although outside China).   The source were thousands of clients and some injected JS scripts from traffic which appeared to be destined for Baidu (the Chinese search engine).

At first it was unclear who was responsible for coordinating these attacks, until Citizen Lab, a group based in the University of Toronto, investigated the attacks and released this report.  It is from their hard work that we can see the real culprit behind these attacks.

Basically the Chinese have developed a system which can intercepting foreign unencrypted traffic destined for any location in China, then insert malicious javascript to attack any target they specify.  This offensive system has been dubbed as the Great Cannon of China and in this instance  performed this man in the middle attack on the two sites greatfire and github.  A large proportion of unencrypted traffic was intercepted and diverted to these sites in order to overwhelm them.

So just to explain, if you had perhaps used Baidu on the 16th March, your browser may have been involved in the attack completely without your knowledge.  The Chinese have developed a system which is able to leverage internet traffic to basically destroy any web site they wish for a limited time.

Of course those worried about a one sided war where the Chinese obliterate sections of the internet, should be aware that the UK and USA intelligence services have already developed and tested similar technology.  However for free speech and internet neutrality it’s an extremely worrying development.

Summary 

It’s an extremely aggressive and high profile attack, the report seems fairly conclusive that it was conducted by the Chinese state, with parts of the code from libraries identified from the Great Firewall and several confirmed locations on the firewall injecting the scripts.

The worry is that the Chinese will so openly inject malware into any inbound traffic and redirect it at any target it likes.   This man in the middle attack could easily be redirected at any target they wish. Although larger sites may be able to cope in the short term, effectively it could finish any web site without significant resources.  The bandwidth bill of greatfire.org shot up by tens of thousands of dollars during the attack, costs that most web owners wouldn’t be able to cope with.  In fact small sites could easily be subverted quickly and efficiently using these methods – read this post which records the demise of Tomaar.net, a Saudi Arabian discussion forum.

Technically there is an even more worrying possibility, in that any computer can potentially be compromised by simply visiting any Chinese website without encryption.  The code could be altered to identify specific computers (perhaps IP addresses used by foreign Government computers)  and then infect them directly rather than launching an attack on a third party.

The possibilities and threats are endless, so unless you want to be involved in an attack it’s probably not a wise move  to visit any Chinese (Non-HTTPS) based website without using encryption.  Although this can be difficult to identify with adverts and analytics often embedded into websites which you can’t see.

Commercial pressure will hopefully cause some damage to stop the Chinese attacks, internal pressure stopped the attack on Github as it’s a powerful resource used by many Chinese programmers.  It’s not going to do a great deal for any Chinese based internet commerce or technology company either, who wants to risk being directly involved in the crazed attacks of the Chinese State on free speech websites?

Superfish Vulnerability – Free Gift from Lenovo

This week saw some staggering news, which even now a couple of days later I still find hard to believe. It’s something you might expect happening in North Korea or China, but not here!

The hardware manufacturer Lenovo, who sell millions of laptops and PC all over the world has been installing an adware program called Superfish on all their new machines. That’s right, no longer do you have to worry about getting malware installed from visiting dodgy porn or torrent sites, just buy a Lenovo laptop and they’ll pre-install them for you.

So let’s just state that again –

A computer manufacturer called Lenovo is pre-installing adware on new computers.

It’s that incredible, I think it’s worth repeating. It doesn’t matter that it has a cute cartoony name like Superfish, this is an incredible abuse of trust powered simply by greed.

superfishThe adware installs adverts into your browsing which make Lenovo money everytime you click on them.  You know adware, the stuff we all hate and go to great lengths to avoid installing.

Lenovo justified themselves in pretending that these ‘MONEY MAKING ADVERTS’ were actually for the customer’s benefit – describing Superfish as advanced technology which helps customers find different products at lower prices using image analysing techniques. I’m sure everyone capable of operating a laptop is able to see through that pathetic justification.

Unfortunately it get’s worse, not only Superfish is happily inserting damn annoying adverts into your browsing but the method it uses is actually making your computer even more vulnerable.

Superfish inserts a self-signed root certificate onto your computer giving it the capacity to intercept all your HTTPS encrypted traffic

It’s called a Man in the Middle attack and it’s something I have demonstrated on this blog previously. But basically they’re intercepting even your secure traffic so that they can insert their money making adverts. They’re apparently using the same default certificate on every single machine which effectively compromises security on each of these. Each Lenovo machine which is affected basically has a pre-installed vulnerability waiting to be used by anyone who wants to intercept your traffic.

It’s truly incredible and it’s been allegedly going on since mid-2014 so who knows how many millions of machines are riddled with this program.

Here’s a tool from the security company Last Pass which checks if you are at risk – Superfish Checker.

Hopefully Lenovo suffer a huge commercial loss due to this incredibly greedy and sneaky act – I for one will never consider buying anything from this company ever again.

Saving Money with Google

I unfortunately have a reputation of being a bit careful with money. It’s not something I’ve deliberately cultivated or crave, indeed it’s simply been thrust upon me out of necessity. Anyway, the last few years I’ve abandoned all sense of being a relaxed, free spending individual and embraced penny pinching. So here’s a short tale which has saved me money and might help someone else. It sounds quite obvious, but it wasn’t to me initially so perhaps someone else will feel the same.

thrifty

I have foolishly promised my family a trip out to the US next year, as they’re complaining that they’d never been. So I was planning a trip to include New York, the awful sounding Disney parks and a few highlights from the West Coast. It is while researching the West Coast tours that I had my epiphany, trying to organise seeing a few sites in a limited time, without spending a small fortune. Of course, I started online and began to look for tours across the West Coast of America – here’s my first search page. google-holiday

 

Seems ok, but have you noticed something ? Please click to enlarge if you can’t read it properly, there’s a point to be made here.  I noticed it a few minutes after checking out some of the links, every one of the results where UK based travel companies.  To be more precise they were UK travel companies reselling tours of the West coast of America.  The majority of these tours were run by US companies, all resold through companies based in the UK.

So what’s wrong with this, you may ask?  Well my investigations continued and I discovered that all these services were much more expensive when bought through UK companies.  Which of course makes sense, they’ve got to mark up the price to include their profit margins.  Then the penny dropped, slowly and painfully my brain came up with the idea – why can’t I just search and book these tours directly with the companies that are running them?   We all know that the more people involved in the transaction, the more fingers in the pie and the higher the costs will be – so why not book direct?  The first stumbling block is actually finding them – Google deliberately directs you to suppliers local to you.  This is of course fine when you’re searching for plumbers and local tradesmen, but why bother if you want to book a trip with a company across the globe?

After all –

  • All these companies are on the internet.
  • An email from me will arrive in California as quickly as it will in Liverpool
  • There’s no language barrier.
  • It must be cheaper!

Makes sense, doesn’t it ?  So first let’s get Google to show us local suppliers from the West Coast of the US rather than travel agents reselling me the same thing.   My first thought was to use Identity Cloaker to open up a US VPN, which of course would then make me look as though I was in the US and show me the same results.   This will work but it’s not actually necessary as all you need to do is to stop Google redirecting you when you ask for the US version of Google – here’s the url you need, just add NCR (no country redirection) like this –

http://www.google.com/ncr

Without adding the NCR switch , Google will decide that you’re a confused muppet and redirect you to your local version of the search engine instead of the US one.  But if you use it you can search on google.com with US based results – like this (again click to enlarge):

westcoasttours-google-ncr

 

This time I get local companies, that is US companies local to the West Coast not ten miles from me.  When investigated, they are all much cheaper, all are happy to accept booking direct and are just as easy to deal with as the British companies.  In fact they’re a whole lot nicer than the UK companies to be honest.

In reality using a VPN actually works a little better than using the NCR switch as you still seem to get better localised results.  But using the switch is perfectly adequate for initial research.  In my instance I booked the exact same tour for my family with a US company and save about $1600 from the UK based price.

Ok so it’s only a small personal example, but it’s indicative of how the internet giants and search engines are controlling how we access the internet.  We are being funneled down a computer generated personalized and commercialized version of the internet.  The internet does get bigger by the day, but do you often find yourself on the same old web sites every day?  I certainly do, the internet is expanding whilst I seem to be constantly railroaded into the same old sites.

Step back and think of what you want to achieve online, it does help and can greatly expand the possibilities that the search engines will offer.