May 29, 2019

Top DHS cyber official says foreign VPNs are a threat to data security

Christopher Krebs. Photo: Tasos Katopodis/Getty Images

The head of the Department of Homeland Security's cybersecurity division described a popular class of anonymizing tools known as VPNs — particularly ones made in authoritarian countries — as a potential threat to data security and national security in a letter to Sen. Ron Wyden (D-Ore.) that was shared with Cyberscoop.

Why it matters: The services disguise the internet address and browsing habits of their clients from websites and eavesdroppers, but the VPNs themselves are potentially aware of every move a client makes online and every password they enter, making less-scrupulous VPNs an ideal espionage tool.

The backdrop: There have long been concerns about how difficult it is to identify fraudulent VPNs. A simple Google search turns up dozens of potential VPN services, and researchers have discovered several free VPN services that manipulate user traffic for advertising purposes or even sell user bandwidth.

  • There has not been similar research into the national security risks of VPNs.

Details: Christopher Krebs, director of the Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA), sent the letter to Wyden, on May 22.

  • Wyden had asked about the dangers of VPNs in February.
  • Krebs noted that India had recently accused a number of popular Chinese apps of all types of being used in surveillance operations — and that any VPN app made in Russia would be legally bound to share customer data with the Russian government.
  • He declared that the risk to government systems was low to moderate, noting that the number of federal employees using vulnerable networks are unknown and quite possibly very low.

Go deeper: The most important mobile app you've never heard of

Go deeper

Updated 2 hours ago - Politics & Policy

Coronavirus dashboard

Illustration: Sarah Grillo/Axios

  1. Global: Total confirmed cases as of 6 p.m. ET: 6,804,044 — Total deaths: 362,678 — Total recoveries — 2,788,806Map.
  2. U.S.: Total confirmed cases as of 6 p.m. ET: 1,909,077 — Total deaths: 109,497 — Total recoveries: 491,706 — Total tested: 19,231,444Map.
  3. Public health: Why the pandemic is hitting minorities harder — Coronavirus curve rises in FloridaHow racism threatens the response to the pandemic Some people are drinking and inhaling cleaning products in attempt to fight the virus.
  4. Tech: The pandemic is accelerating next-generation disease diagnostics — Robotics looks to copy software-as-a-service model.
  5. Business: Budgets busted by coronavirus make it harder for cities to address inequality Sports, film production in California to resume June 12 after 3-month hiatus.
  6. Education: Students and teachers flunked remote learning.

George Floyd updates

Protesters in Washington, D.C. on June 6. Photo: Samuel Corum/Getty Images

Thousands of demonstrators are gathering in cities across the U.S. and around the world to protest the killing of George Floyd. Huge crowds have assembled in Washington, D.C., Philadelphia and Chicago for full-day events.

Why it matters: Twelve days of nationwide protest in the U.S. has built pressure for states to make new changes on what kind of force law enforcement can use on civilians and prompted officials to review police conduct.

Why the coronavirus pandemic is hitting minorities harder

Illustration: Aïda Amer/Axios. Photo: Mark Makela/Getty Images

The coronavirus’ disproportionate impact on black and Latino communities has become a defining part of the pandemic.

The big picture: That's a result of myriad longstanding inequities within the health care system and the American economy.