Nord, Disney, Derrick Eric Johnson discussed on Smashing Security
I'm going to be talking about RESIDENTIAL PROXIES LA LA. Yeah that sounds riveting. I hear Nikki Pie all right so I asked on twitter. I as I often do. Hey what story should I talk about for the show today because I'm lazy and our listeners are very helpful so Some of our listeners sent in a blog post. That's been making the rounds. It went out about four days ago from recording. It's about Nord. VPN And does that name ring a bell for anyone Security headlines for yeah I wonder yes had at any snafus. Yeah well. I'll do a little backstory for folks who don't absolutely yes so about two months ago. Correct me if I'm wrong is they were in the news because they'd been compromised but they sort of sat on that news for a number of months so that our servers got compromised in two thousand eighteen there other data center rather and they found out about it in April twenty nineteen and they only only came clean about it in October of twenty nine thousand nine. After a lot of public pressure that is a very nutshell version of what happened. It was a bad look for. VPN given that Dalziel VPN's is that your they're supposed l. pure security so sitting on use of data breach for months and months is a really really bad luck. Weren't they doing this. Massive push because for a while they were all over television like terrestrial digital TV and I would see them in numerous read it feeds as well so felt to me like they had a lot of money to burn to get their name. They're they're big name. Yeah and they have a blotted their copybook. Around the same time. As the needs of this data breach they had been criticized some ads which they were running. which were basically saying you get all of your security problems if you're running a VPN at the bold claim which was rough abode claim? They didn't pull it back but they have had something of a checkered history. I'd suggest I mean they sponsored lots of podcasts and videos and things like that and sometimes the claims made by the people appearing on those podcasts and videos weren't completely legitimate species maybe good wet so so there's a blog post lie. Derrick Eric Johnson that Nord. VPN Is doing something that they shouldn't be able to do and that there's something really bad behind it. And I'm not saying this is true or not. I just like to dig into what's is behind this claim and and maybe we can draw conclusions there because I'm not really sure that this is the case but in any case let's dig in the question is this. How exactly is Nord word? VPN able to serve up Disney plus two countries. That shouldn't be able to access it. That is the question right and Disney pluses their version of netflix is a new new streaming services and and I think that some kind of Star Wars TV show or something on it. I can't get it from over here but that is correct. Is your point that Disney blocks most. VPN's I'm from attempting to do this and for some reason nor does not on their block list the e kind of yeah so basically to just back up half a second. Disney pluses only available available in a very small number of countries of Canada. US Australia and New Zealand Netherlands. And then everyone else has to wait at least a year if not longer right. So companies like Disney plus and Net flicks lakes are always doing whack a mole with VPN. So we're just establishing that so that that's a known problem so if you want to access Disney plus say in Europe like literally anywhere in Europe outside of the Netherlands What are you going to do? So you're gonNA try your VPN and you find out your blocked so this is work. It's a little weird users of Nord. VPN are still able to Asas Disney plus even though pretty much every other VPN apparently or a lot of other VPN's can't access it right his dizzy plus goes nope you're of UPN. I'm not letting you in. So how is that happening. And that is the question that Derek Johnson is asking his blog. Post this really shouldn't be able to be happening and yet it is so it's kind of impressive and maybe a competitive advantage voltage if Nord. VPN says well we can give you access to Disney plus alley. Yeah you know. I assumed perhaps incorrectly that some were just blocked locked in some. They just weren't on the hit list and it was that easy. This could be possible. And then there's another theory okay. So the theory is this thing called a residential proxy which is Sort of new to me. I haven't really heard this her much. But you'll probably be hearing more about it so a residential proxy is a real person's Ip address like a real like it's assigned assigned to them by their own ISP YUP so it's not an anonymous block VPN Ip's at the VPN's tend to get so they're they're newish and folks love him for going around these VPN people and also maybe doing some more dirty stuff on the Internet. I'll let you fill that in with your own imaginations so one. I did a little digging gang for the marketing Spiel at some of these. EPS using there's like this very breathless description of how great residential proxies are. Just listen to this. These proxies are the highest quality product on the proxy market for one simple reason which is that residential. Ip addresses are undetectable. They look exactly like real mobile and desktop devices. They are immune one to bulk bands and blocks because these proxies do not share any sub networks a residential proxy network is a pool of real residential. Ip addresses that are associated was was real Internet service providers which makes them unstoppable. So I salute. They look exactly like real mobile and desktop devices because they are car bottom. Yeah okay. I think I'm following cakes. Yep there's a lot of marketing hullaballoo there. Yeah it is and I was like that is a very list description and I was reading that I'm going. Sounds like a bought medal and but they're not. It's not the same thing but it made me think of that. So bringing it back to Nord and Disney plus Derrick Johnson is thinking that nor does using residential proxies now nor VPN's they they don't say anything about them their website. They say they use something. Called smart play technology analogy which is not a term I've ever heard and I'm guessing that could be their own branding on residential proxies I. It's not a term that I'm familiar with at all so in any case if Nord. VPN Or anyone else is using residential proxy. How does a VPN get their hands on these? Ip's 'cause how how do you get your hands on some Joe Schmos IP address dress. How does that happen right? So 'cause it's kind of odd so there's never possibilities. I was doing a little digging and learning on this one. So one theory is that the VPN's are kind of doing Tit for tat with their users so say the. US users are routing overseas traffic through their own IP's in exchange for being able to do the same. So if alright you if you route me kind of thing yeah so pro quo if you will go good. Is that what this is all about. He comes back to that every time I own so rudy Giuliani has VPN account. And he's letting some guy I haven't been following it to go to wikipedia. Yeah you're throwing those theories out there. Rapid Fire Trust so so the idea. Is You sign up for the VPN and they say hey we're going to use your IP address. Ask this allow you use somebody else's so this is sort of called colloquially a volunteer channel So the idea is that you're telling someone they sign up. Hey this is what's going to happen with and we're asking your permission explicitly but as long as you sign up for this everything's kosher okay. My question is like what goes by using my ip address. Does something a bit. Yuck oh right that's my watch effectively. That's awfully unfortunate isn't it. Yeah I don't have an answer for you but that is that is unfortunate is on the other side if if you are someone who does something naughty on the Internet if you are allowing other people overseas to use your Ip address then that's your get out of jail free potentially Benchley isn't it. Excuse you could maybe use that argument. Yeah I don't know how people would be able to distinguish between the two exam. Looks completely just legitimate. I P I I don't know enough about networking so quid. Pro Quo. One option. Second option is that providers. Yeah I'm just throwing providers with that already have residential proxy. Ip's Will Reese Kelvin others in big batches so we don't know how they're getting those Ip addresses but the horses out of the bar in there being resold BOP okay so there's a bunch of different options here another another option which is kind of a boring option but realistic Brian Grabs did a story on residential. Ip's and proxies a few months ago and according to his sources a bunch of the world's biggest ISP's for more than happy to just sell chunks of their Ip's to anyone who asks as long as you got the money to pay for them. They'll be like you want some residential appears here you go which is Kind have a boring answer but if that's the case then meeting that seems like a very easy way to do it and nor VPN for example their website says that they do purchase directly from my SP's so that's the thing You know I wouldn't have thought that ice peas would WANNA do that. But I guess you got a Zillion. Ip's the what's a few hundred thousand self self for some some money money so this is all pretty above board but these are all bona fide. Attached particular people have been assigned by SP'S SP's to be assigned to a resident. So this this all is the more above board stuff but there are a lot of theories that there are some more malicious things going on with residential essential Proxies as well so for example there is a security researcher who works at facebook named Shang. Hang me and he wrote a paper this year for I triple E. ON residential proxies. Yes and I'm in a really really. Boil down simplify massively And the link I provided for the show notes if People Wanna read his paper but one of his data points is that he he collected hundreds of thousands if not millions of residential. Ip's that are used by proxy services and he was able to identify that about half of the Ip's that he could identify if I clearly belonged to Iot devices web cameras. DVR's and printers. So I do wonder how device volunteers to share its IP. Where's that yeah interesting? Good Point yes And then in addition the researcher me also found that there is a correlation relation between the presence of potentially unwanted programs or straight up malware on a user's machine to that machine then serving self up as a residential proxy so it seemed about like ten percent end of the time at least that person who was a residential proxy had no idea that they were and they had lower that was making them into one. Right okay YEP so. That's a much more nefarious things. So this could be somebody downloaded malware on Zam time to lease. That's huge. Yeah Yeah and it could be much more than that and this is just in the one data data set so there are above board methods of getting these. Ip's and not so above board methods so back to nor- VPN Johnson's blog post. So he thinks there's something. I'm really nasty happening here. And he's drawing a connection between Nord. VPN And this other company called oxy labs which has a hefty residential proxy network and. Nobody really knows how they're getting it. But there's some allegations that it's shifty and there's also the rumor that the two companies are owned by the same guy so the thinking is that if they're if oxy labs is getting. Ip's through a nasty way. They're sharing them with Nord and it's all kind of behind the scenes. That's the assertion that's happening in that blog post or they might just be buying them deliberately. And there's this regulation that allows and we're all getting screwed. Yeah Gang because we have no way of knowing how they're getting these IP's or even if they're doing doing residential proxies but it's a good guess..