US Senators seek investigation into VPN use among government workers

[Bubbajim]

In context: Recent months have been filled with news of international cybersecurity concerns and foreign meddling, and now two US Senators are going after a new target – virtual private networks (VPNs) used by governmental employees.

With ongoing investigations into Russian meddling during the 2016 presidential campaign, and the recent rumors of an executive order to ban Chinese hardware from new communications infrastructure, it’s clear that the United States is taking its cybersecurity seriously. Alongside these wide-ranging efforts to tighten security, Senators Marco Rubio (Republican) and Ron Wyden (Democrat) have asked the Department of Homeland Security to investigate governmental employees’ use of VPNs.

The Senators’ concern is that many VPNs make use of foreign servers to redirect traffic, and they are worried that two countries in particular may be on the receiving end of US data – China and Russia.

It’s perhaps no surprise that China and Russia are the two countries being singled out by Rubio and Wyden, given the current uneasy relationship the US has with each nation.

Writing to Christopher Krebs, Director of DHS’s Cybersecurity and Infrastructure Security Agency, the Senators noted, “If U.S. intelligence experts believe Beijing and Moscow are leveraging Chinese and Russian-made technology to surveil Americans, surely DHS should also be concerned about Americans sending their web browsing data directly to China and Russia.”

The ‘if’ at the start of the quote is important as the Senators aren’t singling out any specific products. Instead, they are asking DHS to ‘conduct a threat assessment on the national security risks’, and if appropriate, issue a Binding Operational Directive to prohibit the use of any software deemed a threat.

These Directives have been used before, such as in 2017 when DHS issued one to ban the use of Kaspersky-branded products from federal IT systems.

Permalink to story.

https://www.techspot.com/news/78671-us-senators-seek-investigation-vpn-use-among-government.html

 

[Evernessince]

The only reason some Americans decide to use VPNs is due to the fact that their ISP can legally gather and sell their information, the government can gag order and secure the release of private information, and private companies track and sell their information.

The Chinese and the Russians don't need to go such lengths to get private citizen information. They can likely buy it directly from your ISP or equifax. Not like it's illegal to sell that information to them so why not. If of course it hasn't been leaked already...

 

[captaincranky]

@Bubbajim said: "The Senators’ concern is that many VPNs make use of foreign servers to redirect traffic, and they are worried that two countries in particular may be on the receiving end of US data – China and Russia".

AFAIK, PIA has shut down any servers within those two countries borders. (Or had then shut down for them).

https://arstechnica.com/tech-policy...-internet-access-exits-russia-due-to-spy-law/

Other than that, I can picture an a**hole like Ted Cruz, might try and leverage this to outlaw VPNs altogether.

But the overarching issue here is, the US needs to attack cyber vulnerabilities worldwide with its allies, while not having Cruz meddling too deeply into Internet affairs, wedging this issue into stumping for votes in his next bid for president.

And trust me, there's a lot of tinder here to ignite right wing Republican nationalism. I say turn the issue over to where it belongs, the FBI, CIA and NSA. They can likely do something about it, instead of politicians running their yaps about it.

 

[seeprime]

Why would people believe the story that government employee use of VPN's might allow foreign countries to see the data? VPN's are encrypted. The odds are that our own government currently can't see what the employees are doing when they check. I suspect the real reason is that the US can't spy on its VPN using employees right now, not that other countries might do so later. https://computer.howstuffworks.com/vpn7.htm

 

[QuantumPhysics]

I never believed in VPN or encryption.

I REFUSE to believe that "the almighty government" is going to be upstaged by a bad guy who uses encryption or a "private server".

I bet it's really a way to lure people into a false sense of security.

Let's consider Jeff Bezos. I absolutely believe that the government itself hacked Bezos at Trump's behest. How many references in history do we have of the NSA, CIA or FBI doing illegal wire taps with all types of ridiculous pretexts???

And they really think I'm stupid enough to buy a $25 Google home speaker and put those things throughout my house?

I might as well just let the CIA plant a voice recorder on my person.

 

[Evernessince]

I never believed in VPN or encryption.

I REFUSE to believe that "the almighty government" is going to be upstaged by a bad guy who uses encryption or a "private server".

I bet it's really a way to lure people into a false sense of security.

Let's consider Jeff Bezos. I absolutely believe that the government itself hacked Bezos at Trump's behest. How many references in history do we have of the NSA, CIA or FBI doing illegal wire taps with all types of ridiculous pretexts???

And they really think I'm stupid enough to buy a $25 Google home speaker and put those things throughout my house?

I might as well just let the CIA plant a voice recorder on my person.

This is true for the most part. Any large organization like the US government will most likely crack or find ways around VPNs. The snowden revelations made that clear. At the very least though, VPNs should be able to protect against snooping ISPs and wanabe hackers.

And yeah, completely agree on the smart speakers.

 

[captaincranky]

@QuantumPhysics @Evernessince C'mon guys, at the very least VPNs can make your data more trouble than it's worth to hack. While your conspiracy theory about Trump authorizing a hack on Bezos is plausible, what in all reality do any of us commoners have, that would make it worthwhile for Trump to have us hacked? IMO next to nothing.

What really baffles me in all of this, is how incredibly stupid a bit of fluff can make a man. And in this day and age of massive data breeches, why would anybody in the world be dumb enough to keep compromising private photos of themselves on a cell phone?

My feeling is, that while the new girlfriend might be looking at sharing only half of Bezos' wealth, a hundred grand or so is plenty for anybody close to them, or in their family, to sell them out

As far as "Smart speakers" go, I've been railing about and against that sh!t literally since the 70's.

I used to pose the question, (under circumstances conducive to group paranoia), "if you don't know how the electronics work, how can you be certain the TV isn't watching you, while you're watching it"?

Well guess what, here we are 50 years later, and just about every electronic communication device you own, most likely is. Smart speakers in particular, since that's exactly what they're designed to do.

 

[QuantumPhysics]

This is true for the most part. Any large organization like the US government will most likely crack or find ways around VPNs. The snowden revelations made that clear. At the very least though, VPNs should be able to protect against snooping ISPs and wanabe hackers.

And yeah, completely agree on the smart speakers.

My premise is that the US government - as well as Russia or China, would NEVER let the public have a device they didn't have the keys too - and to believe any less is to be lured into a false sense of security.

They wouldn't even let us have PS2 when it first launched because it was technologically superior to some military computers.

 

[JaredTheDragon]

I might as well just let the CIA plant a voice recorder on my person.

Do you have a smartphone?

Guess what, you already PAID to let Langley plant a voice recorder on your person. Wake up.

 

[Reachable]

Those nasty Russians and Chinese are out to get us!

But, gee, whatever happened to the Iron Curtain, the Bamboo Curtain? Everything I own was made in China. And friendly Russians dance the foxtrot for us on television and they didn't even have to defect.

I hate to be sarcastic, but this is all nonsense. And it's getting out of hand. And I don't know where it's going but it's incredibly dangerous.

As somebody said lately: The first Cold War was a tragedy; the second Cold War is a farce.

 

[Knot Schure]

I never believed in VPN or encryption.

I REFUSE to believe that "the almighty government" is going to be upstaged by a bad guy who uses encryption or a "private server".

I bet it's really a way to lure people into a false sense of security.

Let's consider Jeff Bezos. I absolutely believe that the government itself hacked Bezos at Trump's behest. How many references in history do we have of the NSA, CIA or FBI doing illegal wire taps with all types of ridiculous pretexts???

And they really think I'm stupid enough to buy a $25 Google home speaker and put those things throughout my house?

I might as well just let the CIA plant a voice recorder on my person.

There are many types of VPN-types. Not just the commercial offerings any layman knows about, you can setup VPNs privately, with your own equipment, and dial-in, bridge, etc, as you please.

Should you make good choices with your ciphers, hashing, authentication etc, you have a connection that you can absolutely trust (assuming said equipment is not already compromised).

As somebody said above - maybe it is the fact they can't see what their employees are doing, that is the real issue here.

 

[treetops]

I believe it would be more accurate to say. They are more worried about government officials who use VPNS and select China or Russia as their server. Not that they are using VPN's to communicate or exchange data with China or Russia.

 

[captaincranky]

Those nasty Russians and Chinese are out to get us!

That may be the case with the Russian and Chinese people, but their respective governments are likely a far different story.

Putin has gone on record as saying it was a tragedy that the Soviet Union had broken up, and is on a quest to reassemble it. His actions in The Ukraine should make that blatantly evident, even to someone who in my day and age, would have been labeled a "peacenik".

But, gee, whatever happened to the Iron Curtain, the Bamboo Curtain? Everything I own was made in China. And friendly Russians dance the foxtrot for us on television and they didn't even have to defect.

You're confusing cultural exchange with government intent. Dance, theater, and student exchange programs have always been in force, even during the cold war. Their missions have always been to take overarching governmental policies out of direct individual and group contact with peoples of different cultures.

I hate to be sarcastic, but this is all nonsense. And it's getting out of hand. And I don't know where it's going but it's incredibly dangerous.

Bear in mind ("Russian bear pun intended"), that the US didn't build the Berlin Wall, the Russians did. (*) Also keep in mind, the Chinese have constantly been stealing our intellectual property, along with building their own nuclear arsenal uncontested. As recently as a few months ago, China wanted to launch a "killer satellite", under the auspices of "clearing space junk". It should be patently obvious that such an alleged "space trash truck", could easily be redirected to downing military satellites as well.

As somebody said lately: The first Cold War was a tragedy; the second Cold War is a farce.

Nuclear chicken is always a dangerous and possibly world ending game. Despite that fact, it really needs to be played. Did the first cold war end? I think not, it just wasn't publicized as widely.

There's something you have overlooked which could lead to "your" downfall, simply because someone shakes your hand, you'll never know what they're thinking.

I might add, sometimes an extra firm grip could indicate aspirations to control you, to intimidate you, and let you know how much resolve they have, and how much power they believe they possess.

Keep in mind, I'm from the "love, peace, and understanding generation", and looking back, I realize how naive we really were..

(*) As a matter of potential interest, they (the Russians), also introduced or enhanced a special breed of dog to patrol it.

Known as the "Caucasian Shepard", or, "Ovcharka", it's a long haired breed similar to a German Shepard, but twice the size, ranging up to 200 pounds for the males

And if you're curious, that surely ain't no cuddly, face licking St. Bernard.

 

[ferrellsl]

I think many of you are missing the other reasons why US senators would be investigating the use of VPN's on government systems. There are many government employees who use VPN's to surf porn, shop online, and conduct other unauthorized activities while at the office.