 NordVPN was compromised at some point and their expired private keys were leaked, expired now in 2019 because this occurred, the actual breach occurred in March of 2018. So it's an interesting story here. So this has been really popular lately because everyone's excited about VPNs and if you haven't heard or watched YouTube at all, you'll notice that Nord is at a massive advertising campaign. Leaping Computer, who I'm going to cite for the articles, they have a good write-up on it, has a great three-year subscription offer for NordVPN service. Get NordVPN for $3.49 a month, which comes out to a 70% discount, blah, blah, blah. Not my ad, click it if you want to help out the folks over here at Leaping Computer. But yeah, I think the overstatement of Nord and their advertising has made people highly aware of them and also get a misconception of what VPNs really do. Right here is a little thing that Nord had done. They did this whole thing that said, and we'll actually scroll to the very first article or first advertisement out of the article, this was posted by NordVPN and they took it down. So ain't no hacker going to steal your data online if you use VPNs, stay safe. That isn't, that's a really false equivalency of security. So while VPNs can protect the data in flight and hide them from the MSP or the coffee shop that you're sitting at and connecting in, that does not necessarily make you safe online as a whole. That protects against a layer of attack that may come against you. That layer being someone trying to sniff your data in flight. So if it's your ISP, they may want to sell it because it's legal now here in the US, they can grab your data, they can collect it, they can monetize your data. So they go, hey, we have your address because your ISP obviously knows where you live and they can then sell that as marketing data. That's definitely a potential thing and a VPN will hide that. It gets you around geo restrictions. So if you're going, hey, I'd like to see a thing, but it's not available in my country. This is a frequent time that people use a VPN and pop up in another country. So now you have moved where it appears you're from. Therefore you can get around some type of geo fencing or if you're in a overly restrictive country, but not so restricted that it doesn't allow VPN. Maybe they block certain things and doing a VPN gets you around there. But it does not necessarily suddenly create a layer of massive protection around you and their ads kind of imply that. But they did take that ad down and I, this is another Twitter friend and no self. And he pretty much said, yeah, they owned it at least where they said yesterday, our marketing department got ahead of themselves, published an ad on Twitter that triggered an info set community. Yes, we pointed out that you're a little bit overstating it. And I'll point out as well, if you go to Nord VPN and listen to the ad in the copy read by many large YouTubers who necessarily aren't technical. So I'm not blaming them. They're reading ad copy and putting their own little spin on it to, you know, attract their audience. They've run a massive ad campaign over at Nord and that of course means people are assuming, oh, how does it do to be protected as use of VPN? There's really no other layers and security involved, right? Which of course is what triggered the info set community going, look, you guys are just pushing this too far back to how the breach happened. So Nord VPN, then someone proved it here. So apparently Nord VPN was compromised at some point. This is a hex defined on Twitter. They have a link to the tweet here, but they lost their certificate. So people could impersonate being Nord VPN. Now it is expired cert, but it wasn't expired at the time, like I said. And it looks like there may be some other VPN companies were hacked. And this is one of the problems I have in general VPNs is the VPNs will only protect so much and you're only pushing who you, who you trust down the road. So I can say we're here at Lawrence Systems. We use Comcast and I can say, don't trust Comcast. I don't want them seeing my data. That means I have moved trust to, I am fine with Nord VPN. Torgard or any of these companies that claim the key that may even claim to have no logs, that's a good claim. And I don't have reason to believe they are logging all their data, but you can kind of see you have to trust them and you have to trust that they weren't compromised. So if they're compromised, well, now you, you are now sharing it with Nord VPN and whoever compromised them and whoever had copies of the keys and potentially get on there. Now, how did they get hacked? How they got hacked on this? Well, it sounds like because, and I've seen people say, well, I can't believe a company the size of Nord VPN doesn't run their own data center. The challenge is you have to move or your VPN servers are occasionally and you have to spread them out. So building a data center in every country would be difficult. So they do lease servers from other data centers. Therefore leaking servers from other data centers means you can run down the checklist and confirm a data center is secure, but someone might miss something on the checklist. And it sounds like they had what we referred to as lights out management. So obviously when you're a data center, it's not convenient to get to the council directly and physically do something on the server. And I've talked about this before with like the iDRAC system on Dell or any of these lights out secondary management systems. Basically, they allow you to have like direct accesses. If you're plugged directly in the computer to, you know, reload the operating system, diagnose a problem with a RAID array, et cetera, et cetera. Someone was able to get in the back door, so to speak, through that. So that was exposed and Nord said they didn't know that was a feature. And that was overlooked. It should have been disabled is what they had said. And this is any challenge when you have things in the cloud, which is somebody else's big closet full of computers and how secure is your closet? We hope it's really, really secure, but sometimes, well, apparently this particular closet over in Finland was not secure. And someone was able to attack remotely on this. So it's a really interesting story. I, you know, leave links to all this here. It's it's one of those things that I kind of am happy. There's some awareness. I hope people think again before they see these stupid ads, these VPN companies and tour tour guard and all these other companies that potentially get hacked. They all have the same problem. Too many times I see the advertising push too far and Nord right here with this ain't no hacker can see your online. If I went through any of the other VPN companies, a lot of them have this whole like this is all you need to do implied, not stated implied. This is all you need to do to protect yourself. No security comes in layers. This is one layer. But think about what it mitigates and decide whether or not you need a VPN. I do have a link in offer code to PIA internet if you are interested in a VPN, but you notice I'm not pushing it. And I've been reached out to by Nord and I've decided not. I just don't like their ad copy for me to even want them. So we just have a basic affiliate link to the folks over PIA enters. Of course, if you dig into Nord, there's all kinds of other controversies, whether or not you buy into or not of whether or not they're actually run by three letter agencies, even those are registered in Panama. This is one of those difficulties with any of these VPN companies is I've always thought that if I were a agency looking to collect data on people, I would offer really inexpensive VPN service because it's really popular. So let's say the CIA or NSA, what's the best way to collect data? Instead of paying and spying, why not charge us a really low rate on VPNs that will come to you because you have the best rate and some crappy ads that seems like a great way to do it. And I don't know that Nord is run by the NSA. I'm not implying that. I'm just saying it seems like a very logical way to do it. So it makes it very difficult to trust any of these VPN companies and say, they are my savior of privacy because the big bad Comcast is just slurping up my data and selling it to someone. It is what it is. It's it's one of those things that it's really hard to be certain. Do they help when you're doing something like in a coffee shop? Yeah, I've always been a bigger fan of running a VPN at home because I'm really I don't VPN from home to get somewhere else to hide things from Comcast because I don't care if they know. Not really my big concern of Comcast knows what websites I visit. You can always do things like DOH. I've done a video on this, which offers encrypted DNS. So that is upsetting greatly to the Comcasts of the world and the other ISPs because they do lose visibility of your DNS and DNS is their frequent way. They only know what IP address you went to by watching the stream. But having the DNS gives them the website you went to, not just the IP, because many one IP can have many websites, so they rather have the DNS information, but, you know, weigh the risk of whether or not that is important to you, whether or not that's the thing you're trying to mitigate. And that's how you decide when I need to VPN. I also have a video and I'll link to it of how to set up your own VPN in somewhere like Digital Ocean or anywhere else that you can find a computer that you trust that you have, you know, somewhere else where you can set up a standard open VPN connection. Or, you know, I've got plenty of videos on PF Sense and it's easy enough to set it up so you can, while you're not, you know, at home or at work, you can VPN back and tunnel everything back through your PF Sense box, back at your office or back at home. That's definitely a possibility as well. That way, when you're out and about traveling or staying at hotel, you don't have to rely on whatever the lowest bidder put in for Wi-Fi at that location. All right, I'll leave links to all this so you can do some further reading and draw your own conclusions or study this a little bit further. And thanks. And thank you for making it to the end of the video. If you liked this video, please give it a thumbs up. If you'd like to see more content from the channel, hit the subscribe button and hit the bell icon. If you'd like YouTube to notify you when new videos come out. If you'd like to hire us, head over to laurancesystems.com, fill out our contact page and let us know what we can help you with and what projects you'd like us to work together on. If you want to carry on the discussion, head over to forums.laurancesystems.com where we can carry on the discussion about this video, other videos or other tech topics in general, even suggestions for new videos that are accepted right there on our forums, which are free. Also, if you'd like to help the channel in other ways, head over to our affiliate page. We have a lot of great tech offers for you. And once again, thanks for watching and see you next time.