Armaan Mahbod, Dtex Insider Threat Analyst Team Manager
February 8, 2018
Yesterday, US Senators Ron Wyden and Marco Rubio issued a letter expressing their concern over national security issues that Virtual Private Network (VPN) usage could create. The letter is addressed to Christopher C. Krebs, Director of the Department of Homeland Security’s (DHS) Cybersecurity and Infrastructure Security Agency (CISA).
The senators are concerned that foreign-owned VPNs could be used by the governments in the nations where they are operated in to spy on the United States. The senators wrote:
In light of these concerns (foreign owned and operated VPNs), we urge you to conduct a threat assessment on the national security risk associated with the continued use by U.S. government employees of VPNs, mobile data proxies, and other similar apps that are vulnerable to foreign government surveillance. If you determine that these services pose a threat to U.S. national security, we further request that you issue a Binding Operational Directive prohibiting their use on federal government smartphones and computers.
The concerns expressed by the senators are well founded. VPNs are double-edged swords. They do provide security. They also allow people to sidestep security controls and create pathways for cybercriminals to take advantage of vulnerable humans. Our insider threat research reveals that unauthorized VPN usage increased in the public and private sectors between 2018 and 2019, possibly as much as 25 percent. Our research also shows that unauthorized VPN use is frequently a sign that malicious and negligent activities are taking place. Organizations that can’t detect when users are working through VPNs are setting themselves up for disaster.
This week, it was further proven that unsanctioned VPN use is absolutely a sign that criminal insider threat activity is taking place. In Australia, authorities arrested Chinese National Yi “Paulsson” Zheng and charged him with an attempt to steal confidential customer information from AMP, a major financial services institution based in Australia. His arrest was triggered after the Dtex Advanced Enterprise DMAP Intelligence Platform detected that he was using an unsanctioned VPN on his work-issued laptop.
Read about how Dtex identified Zheng’s criminal activities: Breaking Insider Threat News: Dtex Detects Chinese National Yi Zheng’s Attempt to Steal Data From Major Financial Services Provider
Read about how Dtex helps detect unauthorized VPN use: The Dtex Enterprise DMAP Intelligence Platform Overview