Chinese VPN Provider Increases Its Server Network By Hacking Aliens

Terracota VPN Server Coverage An

unusual business scheme has been chosen by the Chinese VPN service provider, which advertises them under several different brands in China. The provider was able to provide a very low price for the services of providing encrypted Internet access, $ 3 per month, using other people's computers on his network that were hacked and quietly worked under his control.

Researchers at RSA Security came across this system, examining a recent massive leak of information about US government officials blamed on Chinese hackers. RSA called this Terracota VPN VPN, alluding to the Terracotta Army", which, according to their submission, is played by users of this network. In China, VPN services are very popular due to the government’s thorough approach to Internet censorship .


Network diagram

According to RSA , Terracota VPN constantly finds vulnerable to expand its server pool computers that run Windows and breaks them in, turns on a VPN service and connects them to their network.Among the controlled servers, researchers found servers belonging to libraries, universities, hotels and various state US institutions.

Apparently, computers running Windows are chosen both because of their susceptibility to hacking, and because setting up such a computer as a VPN host is much easier than for computers running other operating systems. Using the brute force method, hackers select an administrator password and then turn off computer protection to turn it into a working VPN host. To do this, a separate user account is created on the computer and the Gh0st RAT computer remote control system is installed.

In addition, the researchers found other vicious practices that the provider uses - for example, assigning several dozens of IP addresses to one physical device to give the impression of a much larger network than it actually is.


Server hacking scheme The

RSA report claims that Terracota VPN was able to connect with the hacker group Deep Panda , which is suspected of organizing a massive leak of personal information. There is no evidence of the company's direct cooperation with hackers - perhaps the hackers simply used the services of this network, in which it was easy to cover up traces due to the system of its organization.

RSA Security was established in 1982 as an independent company, and was acquired in 2006 by EMC Corporation, one of the largest corporations in the world in the market of products, services and solutions for storing and managing information. EMC is headquartered in Hopkinton, Massachusetts (USA).