Craig explains why he knows that these commercial VPN companies are lying to you and what you can do about it.
For more tech tips, news, and updates visit – CraigPeterson.com
Automated Machine-Generated Transcript:
[00:00:00] If you’ve been using a VPN service. My gosh, I’ve got news for you. We’re going to talk about what happened this week.
Hey, it’s Craig Peterson here. Thanks for joining me. If you want to get my whole show, all of the segments, you’ll find them firstname.lastname@example.org. We’re starting to do a lot more videos, so make sure you check that out. We might even be doing some of these shows live Facebook and YouTube lives as well.
Let me know what you think. What’s the best. A way for you to maybe watch some of this video. Is it one of these lives is just going to the website. Do you prefer, you listened to me on the radio? you can find me podcast almost everywhere and I always ask them, so your question’s right here. You can just email email@example.com.
Let me know what
[00:01:00] works best for you guys. Okay. I know on the radio, it’s absolutely fantastic. And I have a lot of followers there and I love answering your questions. I always get back to you. It might take me a few days, depending on what’s going on. Sometimes we get hot on a project or we’re trying to secure a company.
That’s had a hack. We just had one. Where the company’s CFO’s laptop was having some problems. And so the MSP, the managed services provider that had them as a client called us up, knowing that we are experts in the cybersecurity front and said, Hey, what should I do? What can I do? this is it’s just weird.
And so we got involved and we found it, the CFO’s laptop. The chief financial officer, a company that I don’t know is I think it’s 30 million a year. Had been hacked and had, what’s known as an act of Chinese back door, which
[00:02:00] means that the Chinese or getting in and looking at anything they wanted to, whenever they wanted to, et cetera, go very bad stuff.
You don’t want that to happen to you? That’s for sure. So this is why I’m doing the training. I’m trying to help everybody understand this. We do it on the radio, but we also do it live in person on video. So we do webinars and things too, as well as our newsletter. you can get everything you want for free online and going to one place, one consistent place.
you can trust somebody like me. Who has been doing it information technology for more than 40 years and has been doing cybersecurity for more than 20 years. I think I’m a good place to go. The one-stop-shop for all this information. So thanks to the seem to me here. You can hear me every week.
Right here. You can go online to Craig peterson.com/subscribe bribe. And that’ll get you on my newsletter
[00:03:00] in the, in there, I’ll have some links to some of the videos and some of the pieces of training we’re doing, and I’m going to also be doing some things like the Facebook lives and other YouTube lives and things.
and so if you’re interested in that, make sure you let me know. I’ll probably send an email out, asking people if you’re interested and then I will, We’ll let you know when we’re going live and what the topic will be, and you can always ask questions and that’s the whole idea behind those lives, right?
A little bit. So, let’s get into our VPN problem. I did a big training on VPNs of few times. I did 22 webinars on some training in the March timeframe this year. And VPN hands are something that almost no one really understands to me. It’s been very disappointing. So let’s start about, let’s talk about what a VPN is.
Let’s start at the very beginning I had, for instance, going to my
[00:04:00] home office. Back in the day, this would 30 years ago now I don’t drink really? Yeah. Somewhere around 30 years ago. And I had two T-one data lines coming into my home and we were Watchers unheard of back in the day. So each of those T-one lines was about one and a half megabits.
So I had almost three megabits worth of data coming in. In and out of my house and I had some web servers and I use them for my business and stuff way back then. Oh, same business I have today, by the way. And it was just funny. What was the stamp gene? How expensive it was now? I also had my main office cause I owned a building and I had 50 employees.
In the building and I needed to be able to share data back and forth and have, get, have access to the file. Servers have one centralized phone system, All of that sort of stuff. And 30 years ago, the only way to do that was to have
[00:05:00] lease line, come into my house, and also have a leased line going from my house to the office building.
And then once it got to the building, of course, we owned the hall. Own the whole building. And back then it was all wires, little coaxial cables that ran around for ethernet and we’d got to the building and it got dispersed to the points that needed to be at and went into our data center that we have there and everything else.
Along came the VPN technology. And it was a godsend because I was spending $5,000 a month to connect to my office at my house, to my office in our building. Mine. Can’t in my building to my house $5,000 a month in 30, 30 years ago. Okay. So that was serious money. I don’t know what 5,000 is worth today with inflation, probably 25.
probably not that much, but, it’s worth a lot more. So when VPNs came in
[00:06:00] and internet connections got cheaper, I no longer had to pay, to have a least align, a dedicated, aligned, going from my office to my office building. Now, what I could do is just have an internet connection at both sides and then use a VPN and my networks, we’re all connected.
That’s what VPN stands for. It’s a virtual private network. It lets one point get to the other point. And the way we’re using them today is where the problem starts because what we’re doing now is you have a VPN then going from your home network or from your laptop to the office, you have now connected all of the devices in your home.
Okay. Or on your network. If your whole network is VPN, all of those devices are now connected. To the other side where the VPN server is.
[00:07:00] So if you have any malware, if you have any of these Chinese back doors, they can not only get on your computer. They can get on any computer, the VPN hooked up to if it’s not configured properly if it’s not monitored properly if you don’t have intrusion detection and prevention systems on both sides of that VPN.
And when you’re using one of these free VPN services or the commercial VPN services, you don’t have that at all. Now, many of us are looking at it saying, I’m using XYZ VPN. I heard it advertised here or there. My friends use it and it’s five bucks a month or 10 bucks a month or 20 bucks a month.
They cannot provide you with the service you need for that. And in my webinar on VPN, I actually. Break down the numbers and show you how it’s completely infeasible for
[00:08:00] them to provide it at those types of numbers. So what do they do? they track you. They sell your data and also the bad guys. If your VPN isn’t with a bad guy, cause some of these VPNs are actually hosted by Ben, add guys to purposely track you.
Okay. Purposely steal your data. Now, if you want to go where the money is, you Rob a bank, right? Isn’t that the whole idea? why did you Rob banks? Because that’s where the money was now. Sutton. Apparently never said that, but the concepts are a good ones. So if you want to steal people’s data that people want to keep secure because they’re doing banking or other things on it.
Where are you going to stake out? Where are you going to put down those tent posts? Where are you going to be watching everyone going in and out? You’re going to be watching the VPN server
[00:09:00] at the other side. So you’re paying for a VPN service or heaven forbid using a free one. And you’re going from your laptop.
Securely probably depends. We go into details on that in the VPN, webinar, and pieces of training, you go fairly securely from your laptop to the VPN server, which is hosted in a data center, probably a public day data center and is under attack. And if they’re not maintaining that properly and they get nailed with a zero-day attack, all kinds of stuff can get exposed including you.
So if you’re trying to go to your bank and you’re using a VPN, cause you’re sitting in a cafe, you’re going from the cafe. To the VPN service provider. And remember you are also now going from the VPM service provider through the internet, to your bank. These VPNs do not terminate at your bank. These VPNs
[00:10:00] terminate at the VP and servers though, whoever’s hosting it.
So VPN mentor revealed this week. That they found seven virtual private networks left 1.2 terabytes of private user data online. 1.2 terabyte. That’s a lot. Okay. A terabyte is 1,024 gigabytes. And in case you don’t know, so the impacted services were UFO, VPN fast VPN free VPN, super VPN flash, VPN, secure VPN, and rabbit VPN.
Now it had personally identifiable information for potentially over 20 million VPN users. Why would 20 million users email addresses home addresses passwords in plain text, by the way, IP addresses? Why would that take 1.2 terabytes? it wouldn’t however,
[00:11:00] they had full logs of everywhere. They went online.
And all of those services that I named are quote, no-log VPN services, meaning, Oh, we don’t track you. We don’t log you. We’re not selling your data. Guess what? This is absolute proof of that. They’re not no-log that they were logging. And that probably means that they were selling that data wide log it.
Why use up all of that space. If you’re not going to use it somehow. So be careful guys. Okay. yeah, it’s, there’s a lot of detail. I’ve got the article up on my firstname.lastname@example.org. Great article from security affairs, but, It’s that’s a lot of arms, one sentence. It’s a real problem. VPNs are a real problem.
So make sure you attend my VPN training, where we go into detail on this. I
[00:12:00] don’t sell a VPN. Okay. That you can use privately. We do commercial VPNs and we do them. All right. For employees. Connecting to the businesses and it has to be done, Or you are hyper exposed. Anyways, take care of everybody.
Make sure you visit me online. Sign up for my email list. Craig peterson.com/subscribe.
We’re going to lose some radio stations. Others are sticking with me.
So stick around through the news. Cause we’ll be right back.
More stories and tech updates at:
Don’t miss an episode from Craig. Subscribe and give us a rating:
Follow me on Twitter for the latest in tech at:
For questions, call or text: