Tag Archives: hola

Hola, Hola VPN users, you may have been part of a botnet!

VPN service Hola, which has millions of users, recently came under fire for not being as up front with their users as they should have been. In the past weeks it has been revealed that Hola does the following:

  • allows Hola users to use each others’ bandwidth
  • sells their users’ bandwidth to their sister company Luminati (which recently helped facilitate a botnet attack)
  • and, according to Vectra research, Hola can install and run code and additional software on their users’ devices without their users’ knowledge.

If you are an Hola user or if you know someone who uses Hola, please make sure you/they are aware of this.

The service, which can be downloaded either as an app or as a browser extension, is a peer-to-peer network that allows people to use other Hola users’ bandwidth to anonymize their browsing activities and to circumvent geo-restricted content.

Hola_logo_blackWhat many users did not realize is that they were essentially exit nodes and other Hola users could use their bandwidth to carry out illegal activity, like accessing child pornography.

Additionally, Hola sells its users’ bandwidth to its sister company, Luminati. Prior to the end of May, Hola did not mention Luminati on its website. Luminati’s premium service, which was originally advertised as being an anonymization network, uses Hola’s users as nodes to redirect traffic through. Hola’s connection to Luminati was exposed after a Luminati client launched a DDOS attack on 8chan, using Hola’s network (users) as a botnet.

Researchers at Vectra, a security company that identifies cyber attacks, dug a little deeper and discovered that Hola can also download and install additional software without the user’s knowledge and can install and run code without the user’s knowledge as well. Furthermore, Vectra found that Hola contains a built in console, “zconsole”. Zconsole allows direct human interaction with an Hola node even when Hola is not being actively used by a user. With access to the console an attacker could, as Vectra points out, “accomplish almost anything” and launch a large and targeted attack.

What we can learn from this

There is one main lesson people should learn from the Hola situation: research the products you download and use.

What many people may not have been aware of in this situation was how their  bandwidth could be abused by fellow Hola users and how much control Hola had. A VPN helps you to anonymize all of your browsing activities – and to access content in geo-restricted regions by redirecting it through other servers. This can, for example, be useful if you travel or live abroad and want to access content from your home country.

What you should research before choosing a VPN service

Before deciding which VPN service to use, research the VPN provider and make sure the provider you choose is trustworthy. Find out what methods they use. If they use servers to redirect traffic through, make sure you know who owns the servers, what they do with the data that flows through the servers and whether or not they keep your data or sell it to third parties.

Avast for example, offers free antivirus, but our Avast SecureLine VPN is a premium service. We charge for our VPN services, because we pay extra to own and maintain servers around the world to redirect traffic through. We do not log the data that flows via our VPN services.

Know how much control your VPN service really has Hola is available as an app and browser extension and as mentioned above, Vectra found that Hola is able to do a lot more than just redirect your traffic. Hola can download and run additional code through your browser, without your knowledge. Of course a VPN service is always going to have access to your personal data (otherwise it wouldn’t work). However, even if they don’t provide a VPN feature, browser extensions have immense control over your browser that most users may not be fully aware of.

 “Browser extensions can see everything you see in your browser, as well as everything you type in your browser, including passwords. Untrustworthy browser extension vendors can easily misuse this data and it is therefore extremely important that users be careful when choosing which browser extensions to install. On top of that, browser extensions can also manipulate search results and slow down your browser.”  Thomas Salomon, head of Browser Cleanup product development at Avast.

What you should do before downloading a browser extension

When deciding on whether or not you should download a browser extension, you should also first make sure the extension comes from a reliable and trusted source, read both professional and user reviews about the extension and read the extensions terms and conditions before downloading it.

What you should do if you have a bad extension installed on your browser If you are worried that you may have malicious extensions (they are often added when installing an otherwise legitimate program without you even noticing) installed on your browser or have an extension that is difficult to remove, you should run Avast Browser Cleanup. Avast Browser Cleanup is a tool that removes malicious and poorly rated add-ons and restores your browser to its initial and clean state. Avast Browser Cleanup is included in Avast and is now also available as a stand-alone product.

Keeping your browsing safe

Our browsing information is extremely valuable: we bank online, keep in touch with our loved ones via email and social media, search for everything under the sun on the Internet. Piece all this information together and you have someone’s complete identity, not something you want to hand over to just anyone.

VPNs and browser extensions, like Hola, become dangerous the minute they abuse their power, without openly informing their users of what they are doing. It is therefore vital that you are aware of what software you have installed on your computer and what extensions you have installed on your browser to keep your private information private.

Popular Free VPN Hola Sells Users Bandwidth for Botnets

Sounds good, right? Especially in times when you just want to access Netflix U.S. for this one show but can’t because of licensing restrictions; or when everyone might be spying on you. Yes, now is the perfect time for a VPN (Virtual Private Network). Normally you have to pay for the service though. And that’s where Hola comes into play. Hola is a free Chome browser plugin and according to the ratings left on its’ Chrome page VERY popular.

So how come a service like this can afford to stay free? It’s pretty simple really: they sell your bandwidth. “When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this,” says Fredrick Brennan, the operator of 8chan in a note on his site.  He continues:  “Hola has gotten greedy. They recently (late 2014) realized that they basically have a 9 million IP strong botnet on their hands, and they began selling access to this botnet (right now, for HTTP requests only) at https://luminati.io. […] An attacker used the Luminati network to send thousands of legitimate-looking POST requests to 8chan’s post.php in 30 seconds, representing a 100x spike over peak traffic and crashing PHP-FPM.”

This is definitely not cool, but what does it mean for you? Well, if you are using Hola your connection will be used by other users to access pages in your country that are blocked for their IP but are available with yours. This is perhaps annoying, but not all that bad. But what of you IP might be one of those that get abused by people to perform illegal acts online?

Now is probably the best time to rethink using this specific free service.

The post Popular Free VPN Hola Sells Users Bandwidth for Botnets appeared first on Avira Blog.