A ROGUE employee has been caught by his VPN logs in what’s thought to be the first case of its kind.
A report by Sophos tells of a woman named Suzette Kegler who during her 29-year career at regional airline PenAir, had used her security clearances to hack into the ticketing systems for personal gain.
She pleaded guilty in January to fraud after it was discovered that during her final week, she had created dummy employee accounts so that she could “pop back” after her own credentials were terminated.
She then reentered the systems, blocked employees from accessing it from eight airports and blocked three entire flights worth of seats to prevent them being bookable.
It was only because her handiwork had been discovered in time that chaos didn’t descend at PenAir.
PenAir estimates that it lost between $5000 and $6500 as a result of fixing the mess.
But what’s interesting is that she was rumbled because she used a VPN. The fact that your connection is protected isn’t actually protecting you.
Say, for example, you are looking at some questionable websites. You’ve set the VPN. You’ve turned on Private Browsing.
It’s that which betrays you. Depending on the VPN, some, as in this case, keep logs of who logged in and when and where their VPN is masking them to.
Which – let’s face it, somewhat defeats the point.
Then, remember that while you are doing a spot of manual labour, your device is still doing stuff in the background – checking your emails, running the non-private tabs and so on.
As a result, that traffic disappears from your IP address and then reappears at the location of your new VPN IP. That means, combined with logs, it’s not hard to join some rather worrying dots.
The moral of the story is – VPNs are not anonymous and not all are created equal. Ask yourself – does mine keep logs?
“No”, you reassure yourself. “I’m fine”.
‘Wrong’ says Sophos.
“There is no such thing as VPN that doesn’t keep logs. If they can limit your connections or track bandwidth usage, they keep logs.”
It that the sound of shrinking starfish we hear?
The news comes a day after Opera announced it would retire its VPN app. µ
Source : Inquirer