Results 1 to 2 of 2

Thread: CyberGhost no longer a safe VPN

  1. #1
    Unobtanium crimethink's Avatar
    Join Date
    Sep 2014
    Location
    Mystery Babylon
    Posts
    13,482
    Thanks
    9,400
    Thanked 6,806 Times in 4,311 Posts

    CyberGhost no longer a safe VPN

    I have recommended CyberGhost for years. It has served me well. But then I stumbled across a review tonight, that revealed the horrible news.


    https://blog.cyberghostvpn.com/cyber...ssrider-group/

    https://seenews.com/news/crossrider-...ln-euro-561459


    In short, CyberGhost was bought out in March by Israeli corporation, Crossrider. Might as well have sold themselves to the CIA or NSA.
    The night has come upon us, and we have but two choices: to fear it, or to face it bravely while looking to the Light that cannot be overcome. John 8:12

  2. #2
    Unobtanium crimethink's Avatar
    Join Date
    Sep 2014
    Location
    Mystery Babylon
    Posts
    13,482
    Thanks
    9,400
    Thanked 6,806 Times in 4,311 Posts

    Re: CyberGhost no longer a safe VPN

    These Ex-Israeli Surveillance Agents Hijack Your Browser To Profit From Ads

    https://www.forbes.com/sites/thomasb.../#244783f726e2

    Crossrider

    A vast number of companies are affiliated with ad injectors, either packaging their tools or funnelling ads down to them. One of the biggest is Crossrider, the majority stake of which is held by billionaire Teddy Sagi, a serial entrepreneur and ex-con who was jailed for insider trading in the 1990s. His biggest money maker to date is gambling software developer Playtech. Co-founder and CEO Koby Menachemi was part of Unit 8200, where he was a developer for three years.

    According to the Google report, Crossrider was doing plenty of work with Superfish whilst it was still swimming, amongst many others, using various kinds of ad injection techniques. It allows app developers to build those injection capabilities into their software, using the Crossrider platform, but it seems bad actors have used this for their own means. US antivirus giant Symantec ranks one service based on Crossrider’s software, Crossid, as adware with a “high” risk impact. It warns Crossid can inject content and collect information about the user, such as IP address, operating system and browser information.

    Is Google wrong?

    Crossrider’s VP for mobile Ran Goldi says his company is keen to clean up the ad injection industry to ensure that real criminal malware doesn’t land on people’s PCs. He admits too many bad actors find a way onto the ad chain to insert their malicious code onto the web, hence the firm’s participation in the Microsoft Clean Software Alliance.

    But he doesn’t believe the market is an inherently evil one, far from it. When Superfish intercepted people’s traffic from their Lenovo PCs, it was simply trying to provide a useful service, “to give better offers to people in terms of buying and shopping”. He and Idan Aharoni, a security-focused entrepreneur and former department head at RSA’s anti-fraud team in Tel-Aviv, believe Google has its own interests at heart when criticising ad injection, given its primary source of revenue comes from ads.

    “Naturally Google has something to lose from these ad injections, so obviously they are going to paint it as ‘dangerous’. Malvertising, the real danger, can happen in Google Adwords just as it is possible to appear in any other ad network,” says Aharoni.

    Scared of the ex-spies who sell you?

    As for the ad injection industry’s connection to Unit 8200, Goldi believes the skills used in signals intelligence are the same as those required in targeted ads. "It’s pretty much the same thing - catching the bad guy from the intelligence point of view and targeting a good guy to give them the right [content]," he says.

    Given Israel “dominates advertising, period”, adds Goldi, it should be no surprise the injection game is full of former intelligence officials. 8200 is also the biggest unit in the IDF and military service is compulsory in Israel. Many leave to go into various tech markets, not just security.

    But Brotherston says the involvement of ex-8200 personnel in the “very dangerous” injection business is “troubling”. “When Snowden released a cache of documents on what signals intelligence was doing within Five Eyes, people were outraged at what their governments were doing with this information. Now consider that Unit 8200 probably has very similar mandates, but is part of another country’s government. If they have access, via ex-members, then a signals intelligence unit potentially has direct access to view the contents of what someone is browsing and modify the content,” he added.

    Nicholas Weaver, computer security researcher at the International Computer Science Institute in Berkeley, doesn’t believe the Unit 8200 connection to add injection is of great concern and wouldn't be abused for malicious purposes. But he has different concerns around Unit 8200. He’s worried injectors may be transmitting user data from across the world to Israeli servers over unencrypted HTTP connections. “What worries me is whether any of these systems might cause users to fetch data from Israeli servers over HTTP. These companies may consider themselves benign, but the Israel government is notorious for hacking and industrial espionage, and the Israeli government can use any such traffic to hack individual targets,” Weaver adds.

    “Traffic visible to an adversary is not just an information leak, but a vector they can use to attack.”

    Even publishing information on ad injection can land users in legal trouble. Another Israeli firm, Flash Networks, appears to be injecting ad content over Airtel 3G at the network layer - a method described by Weaver as “objectionable”. According to a report from India, a local activist called Thejesh GN has been sent a cease and desist letter from the firm’s local lawyers, asking him to remove content from GitHub that showed how the injection worked. Again, some of the Flash Networks team, including its VP of research and development, spent their formative years in Unit 8200.

    Exposing former spies, it seems, can prove troublesome.
    The night has come upon us, and we have but two choices: to fear it, or to face it bravely while looking to the Light that cannot be overcome. John 8:12

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •