New Threat Research: Uncovering Adversarial LDAP Tradecraft

Read Threat Research


TorGuard VPN Agrees to Block BitTorrent in Settlement with Movie Studios

“No logs” VPN provider TorGuard has settled with a group of movie studios that have sued them for encouraging online piracy and copyright infringement. TorGuard will “use commercially reasonable efforts to block BitTorrent traffic on its servers in the United States using firewall technology,” according to the settlement documents filed in court. While the majority of TorGuard’s services interact only with encrypted VPN traffic, there is a SOCKS5 proxy service which uses an unencrypted hop through which BitTorrent traffic can be identified.
The lawsuit noted that TorGuard provides a knowledge base article with detailed instructions for configuring BitTorrent clients with its SOCKS5 proxy service. 

Analyst Notes

Numerous lawsuits against almost all VPN providers have been filed for copyright infringement and digital piracy. The majority have been unsuccessful and have legally established that the so called “no log” providers provide services as advertised and do not retain logs of unencrypted traffic. However, intermediary services, such as SOCKS5 proxy services, do allow for the examination or potential logging of activity, and therefore, are actionable in such lawsuits.

One side effect of this legal activity is that it drives the provision of such content further underground, where it is more likely that consumers will access infected content with embedded malware. Access via trojans is often sold as a packaged service to other threat groups, which can provide footholds for more serious threats. Organizations should monitor these potential avenues of attack carefully, particularly in work from home (WFH) and bring your own device (BYOD) scenarios. Access tokens and passwords to secure organizational VPN infrastructure can be stolen in a BYOD scenario if the device is compromised. Multifactor Authentication (MFA), geographical policies, lateral movement policies which alert or remove access if multiple impossible logins are observed, and a robust post-exploitation defense-in-depth strategy are all necessary mitigations in today’s threat environment.