Update Windscribe VPN Security Breach

CyberTech

Level 36
Verified
Nov 10, 2017
2,490
I'll keep using it as I get 60 gb a month free, I only maybe use it once or twice a week anyways. I don't think we'll ever know the whole story here so unless something comes out that confirms that using Windscribe is a serious threat then I'm not going to worry about it.
It's not important for me i mean i don't hide something from the GOV lol i hide it from ISP because i don't trust ISP obv well its not like dark web or something, i mean i use something for personal reasons that's it i use 2-3 times a week. i wouldn't use that if it's personal..
 

blackice

Level 33
Verified
Apr 1, 2019
2,195
On June 24th 2021 our monitoring systems alerted us that two servers in Ukraine had gone offline. When engaging with our provider for those servers, we were informed that the two servers had been seized as part of an investigation of activity that occurred 12 months prior. Windscribe VPN Security Breach: Servers and Private Key Seized | RestorePrivacy
Maybe I understand it wrong but they found out after 12 month that 2 servers are offline? That wouldn't inspire my trust in the monitoring systems used.... :D
How this reads to me: The servers didn’t go down 12 months ago. The seizure that happened a couple days ago was part of an investigation of activity that occurred 12 months ago and they are looking for evidence of that activity now.
 

SearchLight

Level 12
Verified
Jul 3, 2017
593
Unfortunately there seems to be no way to be sure that any VPN delivers as promised.

Without an established independent testing organization similar to those for AV there is no way to be sure that minimum security standards are met. At best, the VPNs seem to pay for Third Party Audits to assure users that they are being truthful.

Again users caveat emptor!
 

blackice

Level 33
Verified
Apr 1, 2019
2,195
Unfortunately there seems to be no way to be sure that any VPN delivers as promised.

Without an established independent testing organization similar to those for AV there is no way to be sure that minimum security standards are met. At best, the VPNs seem to pay for Third Party Audits to assure users that they are being truthful.

Again users caveat emptor!
This is why I don’t bother with a vpn anymore unless on an untrusted network. Which is almost never.
 

Nightwalker

Level 22
Verified
Trusted
Content Creator
May 26, 2014
1,157
Windscribe from the beginning when they first came on here while I was lurking and started offering highly discounted lifetime lic I got suspicious. Then their whole happy-go-lucky demeanor when it comes to answering questions regarding security. They sounded more like a group of recent college graduates in CS and Marketing that just felt like jumping onto the VPN bandwagon due to the whole Snowden NSA spying and Russian/China events. It all seemed like: "Let's see if our VPN can go somewhere and see how many people buy it and then maybe we can think of security"

Sounds like the entire VPN market in a nutshell.

IVPN and Mullvald seems a little better than the others, but NordVPN, Surfshark and Express VPN?

I wouldn't touch those shill champions even with a ten foot pole.
 
Last edited:

SumTingWong

Level 26
Verified
Apr 2, 2018
1,564
how about using geek uninstaller ? it does a Clean Removal and Force Removal of software.
is it good and able to remove vpn driver and such?
Sounds like the entire VPN market in a nutshell.

IVPN and Mullvald seems a little better than the others, but NordVPN, Surfshark and Express VPN?

I wouldn't touch those shill champions even with a ten foot pole.
Anything in public and you dont own it, monitor it, and watch it then it is not completely privacy. vpn provider don't own these servers. we go by trust them by their words and policy, and users and reviewers. I also agree with one or two user comment on here that no vpn will give you complete privacy for $5-$10 usd/month.

Regarding to windscribe, I think i will use them for visiting shady website, watching prohibited stuff, you know, and testing app in vm with vpn on. But not 24/7 connection. Plus, I have windscribe lifetime sub. I am kinda broke atm to switch to another vpn provider.
 
Last edited:

windscribe

From Windscribe
Verified
Developer
Dec 28, 2016
91
Just saw this thread, allow me to retort.

Firstly, we make no excuses for this omission. Security measures that should have been in place were not. Going forward, the following is true:

1. All keys required for server function are no longer stored permanently on any of our servers and exist solely in memory after they are put into operation
2. All servers have unique short lived certificates and keys generated from our new CA which are rotated
3. Each server certificate has uniquely identifying Common Name + SANs
4. New OpenVPN client configurations enforce server certificate X509 name verification using the common name which is unique.

This beings me to my next point: transparency. Had we followed "standard" industry practices, you would have never known this happened. We could have just sunset the CA with no explanation, under the guise of "new better network", kinda like PIA did over 6 months after their servers were seized in Russia, which required people to download new OpenVPN configs. There is no reason to do that, unless your keys were compromised.

Secondly, providers like Nord and Torguard, who had their servers hacked back in 2019, only came clean when their keys hit the web. Otherwise you can bet you would never hear about it.

Thirdly, the above 2 providers, and pretty much every VPN we tested (except IVPN which is doing things correctly, same as we do now), are vulnerable to the exact same issue, right now. Which you can empirically test yourself, by fetching their OpenVPN certificates over the wire. Once you do, you will discover the following:

1. Pretty much everyone uses long lived certificates 1-50 years until expiry
2. Pretty much everyone is either deploying the exact same certificate + key to every server OR have unique certificates + keys, but without anything that's uniquely identifying in them. Which makes it useless.
3. Those who DO have unique common name or SANs on their certificates (nord and express for example), fail to actually make use of this data and perform X509 verification at the client (you should see verify-x509-name in the config). Express actually tried to do this, and simply copy/pasted the example from the OpenVPN manual, which is completely useless and has zero security benefits.

Effectively, a compromise of those certs and keys will yield the exact same situation, and considering how opaque the consumer VPN industry is, it likely happened and you just don't know about it.

We made a mistake, we researched the best possible way to mitigate it, and did so in under 3 weeks. It's in production, and you can verify that this is the case by looking at the OpenVPN certs + our configs. This guarantees that the same issue cannot happen, even if the server keys were to be compromised again for some reason. You can also verify that those providers that were previously affected did no research, and implemented an equally insecure "solution". Same goes for most other ones. Sure, some claim that their servers are all "RAM based", but can you truly prove that? The only thing you can prove is how their public facing OpenVPN infrastructure is setup, and that leaves no room for interpretation. If that's implemented incorrectly, what makes you think their RAM solution holds water?
 
Last edited:

w2phoenix

New Member
Jun 23, 2018
4
Just saw this thread, allow me to retort.

Firstly, we make no excuses for this omission. Security measures that should have been in place were not. Going forward, the following is true:

1. All keys required for server function are no longer stored permanently on any of our servers and exist solely in memory after they are put into operation
2. All servers have unique short lived certificates and keys generated from our new CA which are rotated
3. Each server certificate has uniquely identifying Common Name + SANs
4. New OpenVPN client configurations enforce server certificate X509 name verification using the common name which is unique.

This beings me to my next point: transparency. Had we followed "standard" industry practices, you would have never known this happened. We could have just sunset the CA with no explanation, under the guise of "new better network", kinda like PIA did over 6 months after their servers were seized in Russia, which required people to download new OpenVPN configs. There is no reason to do that, unless your keys were compromised.

Secondly, providers like Nord and Torguard, who had their servers hacked back in 2019, only came clean when their keys hit the web. Otherwise you can bet you would never hear about it.

Thirdly, the above 2 providers, and pretty much every VPN we tested (except IVPN which is doing things correctly, same as we do now), are vulnerable to the exact same issue, right now. Which you can empirically test yourself, by fetching their OpenVPN certificates over the wire. Once you do, you will discover the following:

1. Pretty much everyone uses long lived certificates 1-50 years until expiry
2. Pretty much everyone is either deploying the exact same certificate + key to every server OR have unique certificates + keys, but without anything that's uniquely identifying in them. Which makes it useless.
3. Those who DO have unique common name or SANs on their certificates (nord and express for example), fail to actually make use of this data and perform X509 verification at the client (you should see verify-x509-name in the config). Express actually tried to do this, and simply copy/pasted the example from the OpenVPN manual, which is completely useless and has zero security benefits.

Effectively, a compromise of those certs and keys will yield the exact same situation, and considering how opaque the consumer VPN industry is, it likely happened and you just don't know about it.

We made a mistake, we researched the best possible way to mitigate it, and did so in under 3 weeks. It's in production, and you can verify that this is the case by looking at the OpenVPN certs + our configs. This guarantees that the same issue cannot happen, even if the server keys were to be compromised again for some reason. You can also verify that those providers that were previously affected did no research, and implemented an equally insecure "solution". Same goes for most other ones. Sure, some claim that their servers are all "RAM based", but can you truly prove that? The only thing you can prove is how their public facing OpenVPN infrastructure is setup, and that leaves no room for interpretation. If that's implemented incorrectly, what makes you think their RAM solution holds water?
I have 2fa enabled for windscribe free account but a few days back I was able to login through windscribe Firefox extension without the 2fa codes. It's a freshly installed Firefox browser. If I try to login to windscribe from the browser, 2fa authentication codes are required. can u pls check whether the 2fa is working for the ff extension?
 

JasonUK

Level 2
Apr 14, 2020
97
I'll continue to use WIndscribe on the rare occasion I use a VPN not only because a loophole found is generally one closed but also the open manner that Windscribe has put their hands up. Windscribe's post above #74 helps too. I've got a lifetime licence with WIndscribe, the speeds I get through their UK servers are pretty decent and I'm an infrequent user anyway as I've already said so why bother changing when problem is being resolved?
 

windscribe

From Windscribe
Verified
Developer
Dec 28, 2016
91
I have 2fa enabled for windscribe free account but a few days back I was able to login through windscribe Firefox extension without the 2fa codes. It's a freshly installed Firefox browser. If I try to login to windscribe from the browser, 2fa authentication codes are required. can u pls check whether the 2fa is working for the ff extension?
2FA is soft rolled out until all clients support it. Linux GUI + FF are the last one before it becomes hard enforced (our update has been in review for 6 weeks). Should happen in a few weeks.
 
Last edited:

windscribe

From Windscribe
Verified
Developer
Dec 28, 2016
91
So reading the PIA article that you have just linked. It says that the reason why PIA pulled the server is because Russia passed a law that requires server operators in Russia to keep track of all traffic going through their servers for a year. However, I see that you have few servers in Russia. So does the law does not apply to your servers?

That's just marketing. See Major VPN firm pulls out of Russia, blames country’s new spy law

“We believe that due to the enforcement regime surrounding this new law, some of our Russian Servers (RU) were recently seized by Russian Authorities, without notice or any type of due process,” Private Internet Access said in a blog post on Monday. "Upon learning of the [seizure], we immediately discontinued our Russian gateways and will no longer be doing business in the region."​

Then it goes:

The move has nevertheless prompted a "preventative" security update, which will see Private Internet Access rotate its certificates. "Furthermore," it said, "we’re updating our client applications with improved security measures to mitigate circumstances like this in the future, on top of what is already in place.​

There is only 1 reason to rotate your certificates after your servers were seized in Russia - breach. They masked it as a "preventative security update".

We were never approached by Roskomnadzor, the Russian servers are encrypted, and have unique certs and keys. If they get taken, we don't really care. This should have been in place in Ukraine as well, but it was not, which is our mistake.
 

scot

Level 9
Verified
Dec 5, 2014
404
1627471099895.png
@windscribe Any update on how you planning to address this issue.
 
Last edited by a moderator:

jetman

Level 8
Verified
Jun 6, 2017
395
At least Windscribe have the honesty to admit this problem.

How many other VPNs have similar problems but keep quiet about it ?

All companies get hacked. The trustworthy businesses admit any security breaches and find ways to prevent it happening again. Its the companies that say nothing that you need to be most worried about.

If anything, this gives me more confidence that Windscribe can be trusted.
 
Last edited:

windscribe

From Windscribe
Verified
Developer
Dec 28, 2016
91
Police can just freeze ram modules and extract keys off them. Ram based servers do nothing against a state sponsored attack of that scale

Even a ram based server needs to have some persistent storage to boot its own OS. Disk just happens to be one kind of persistent storage. You will always need some kind of persistent storage to boot your OS, even if that isn't the disk. And the software on these servers can always be configured to send data to another server that has a disk. Diskless is just a marketing gimmick

Anyway good response to this issue and let's hope there aren't any more hiccups like these

> Even a ram based server needs to have some persistent storage

That is not true. You can perform a network boot by fetching initrd, kernel and the filesystem from a remote location. ControlD (our DNS service) operates exactly like that, and is a test-bed for the Windscribe RAM-only nodes. The process is simple:

1. Get a server with any installed OS on disk
2. Deploy the "Neuralyzer" tool, which modifies GRUB to perform a network boot
3. Reboot the machine
4. Machine boots into an in-memory image with no HD mounted into the OS (since it contains the original OS supplied by the hosting company)

In the even of a power cycle/reboot, the network boot would not be authorized (the endpoints that deliver intrd, kernel and fs are gated). Even if that were to fail and be exploited, the OS image contains no secrets or configs which are templated when a human presses a button.

If you're the leader of ISIS, and were traced to a VPN server, and the gov goes to extraordinary lengths by freezing the RAM and somehow getting all contents of it, perfectly intact, it still accomplishes nothing, now that servers don't share keys, have short lived certificates and client side mitigation that prevents server impersonation even with valid keys in possession by the attacker.

We're gonna do a technical writeup about this when the system is deployed to production, and probably open source the Neuralyzer tool we made. It's really neat.
 

windscribe

From Windscribe
Verified
Developer
Dec 28, 2016
91
@windscribe Any update on how you planning to address this issue.
This issue is addressed already in an update last week, mentioned in our blog.

TLDR; We implemented a stopgap measure until the RAM-only nodes are ready for production, by not storing any secrets or keys on disk. They are only available at process start time, for things that needs them, and then the secrets are securely wiped from the server. In the event of another seizure, there is nothing of value on the machine, regardless of it's encryption state. No logs were/are stored, and there now there are no keys to take. We feel this is an adequate solution for the time being, as it addresses all major security concerns.
 
Last edited:
Top