If the world really needed more proof to realise the scale on which the NSA machinery operates, a new and irrefutable proof was released today.
On January 17 2015, Spiegel.de published an article based on documents obtained from Edward Snowden and provided a copy of a malicious program named “QWERTY” ), supposedly used by several governments in their Computer Network Exploitation (CNE)operations.
Today, the same news publication released an article, demonstating the same code provenience and indentical functionality of “QWERTY” malware to the Regin 50251 plugin.
Given the fact that the QWERTY keylogger doesn’t function as a stand-alone module, only in tandem with kernel hooking functions provided by the Regin module 50225, it was concluded that the QWERTY malware developers and the Regin developers are the same or working together.
You can read here all the mind-binding conclusions of this ground breaking analysis that states once again that mass-surveillance is more than a fact, it’s a threat.
Contrary to the claims of an unknown hacker group, initially issuing themselves as Anonymous hacker, no credit card information has been stolen from CyberGhost’s servers and published. The reason is obvious: CyberGhost itself handles no payments and therefore has no access to credentials or has any infrastructure to save it. Accordingly, the published list only contains a rather lame collection of expired serial numbers from past promotions …
At Christmas, a group of anonymous hackers filled the headlines, presenting a Sony hack and, later on, asserted via Twitter, to have hacked various companies and stolen their customer data, including UbiSoft, VCC, Brazzers, UFC TV, XBL Gamers, Twitch TV, Amazon, Hulu Plus, Dell, Walmart , EA Games, and, ultimately, CyberGhostVPN. Initially known as ‘Anonymous’, then as ‘Lizard Squad’, the group seemed to have access to different companies and collected a list of over 13,000 accounts on Amazon, Playstation, Xbox Live, Hulu Plus, Walmart and other retailers as well as entertainment and adult platforms. The list includes credit card numbers, security codes and expiration dates. As a little extra, the hacker also published a copy of the controversial Kim de Jong lampoon movie ’The Interview’.
Of course we can’t say anything about the truth of the allegations regarding the other affected companies, this is still to be reviewed, but as far as CyberGhost is concerned, we can give the all clear. CyberGhost itself does not accept payments and therefore has no data collection of credentials or else. In fact CyberGhost relies for payment processing on the e-commerce company cleverbridge – whose name is not on the list.
So what exactly has being published then, if not credit card data? Well, a series of expired serial numbers for CyberGhost subscriptions, grabbed at earlier campaigns and other promotions, plus some occasional license keys from recent actions (which were disabled during the last few days). So the purpose of the publication is rather unknown; it neither proves the existence of a vulnerability nor does it benefit someone.
Right now, most of you are probably making plans to escape the concrete jungle and head on to a city break somewhere quieter or to go see your family and friends.
However, there are a few important measures you should take in order to fully enjoy your holidays without getting your bank details stolen, accounts hacked, or house ravaged.
Don’t Show And Tell
No matter how tempting it is to brag about your perfectly planned vacation in an exotic destination, it’s never a good idea.
There are a lot of people out there, who can’t wait to break into an empty house and won’t leave empty handed either, while they’re at it.
So keep that in mind next time you’re traveling! Those awesome Instagram photos can wait a few days.
Speaking of which…
Check Your Privacy Settings Before Uploading Photos
Don’t even think to share that photo with you holding three shots in one hand, before checking who can actually see it.
Sure, your friends will think it’s funny, your exes will turn grey with envy and your mom might get slightly worried.
Your current and future employers, work colleagues or people who don’t know you so well yet, will never see you with the same eyes again.
Secure Payment Methods Are Your Friend
No matter how much you’re trying to escape your daily duties, it’s inevitable that at some point you might need to pay those bills that keep piling up.
In that case, make sure you always use a secure payment method, like bitcoin (if it’s accepted), or Secure Pay.
But even that is not helpful if you don’t…
Use Strong Passwords For Everything
You might be tempted to use 1234 or your dog’s name as a password, but that is a huge mistake pretty much everyone comes to regret at some point. The only way you can make it worse is by having one password for all your accounts.
Regardless of the time and energy you think you’re saving, all you do is preparing yourself for sharing with the world a tad more than you’re willing and ready to.
Strong passwords should have at least 8 characters, contain big and small letters, special characters and numbers.
And if you think you won’t remember them all, you’re probably right. That’s why a password manager like KeePass always comes in handy.
Beware of WiFi Networks And Encrypt Your Connection
Last, but not least, it’s important you remember to encrypt your internet connection whenever you use public HotSpots, which you will be doing a lot.
The simplest and most efficient way to do this, is by using a VPN.
CyberGhost VPN encrypts your traffic and changes your IP so you can surf anonymously and safe.
Did you know that even the great Caesar used a cipher to hide his military
correspondence between 100 – 44 B.C? The key in this case was simply
to shift to the right by three.
Encryption is not a new concept but it keeps getting more and more complex and useful. We thought that a guide to encryption accessible to everyone would be more than welcomed, either to understand it better or to share it with people who would need it.
Just a short intro: encryption is the process through which information or data is transformed (encoded) in such a way that is unreadable to anyone who does not have the knowledge of the way it was transformed.
The information thus becomes available only to the authorized parties. This authorization works based on keys. Encoding the information is made by using an encryption key while decoding the information is made by using a decryption key.
Along with the new account management we also prepared other simplifications for our subscribers – and for future ghosties. But first things first:
Updated account management – a new subscription model
The first idea was the restructuring of your account management that brought the question, whether prepaid and subscription models with subsequent activation and management of keys were still in trend.
After all: along with changing the account management, arouse the desire to invest more time in the development of our subscription model and have a closer look to our past customer’s demands.
And so the work began. Wwe realized that a sacrifice was needed: the prepaid plans in versus the activation keys, and a preference for a cheaper and more user-friendly monthly and yearly subscription systems with the main goal to transfer all activation and payment processes into the background.
For the first time CyberGhost allowes promotions, actions such as ‘money back guarantee’, ‘sample months at a special price’, and also consider customer requests for various trial subscriptions. Now it’s the time to get curious!
Major changes first: Are you logged into your account, the CyberGhost is now missing the button ‘Enter Activation Code’. You also need to create an account before you can purchase a subscription or an update, while the res of the process has been completely moved to the background. After paying your subscription or update, your account will be automatically activated or renewed, depending when you subscribed.
And the activation keys?
They officially no longer exist in regular sales – but are still used for advertising campaigns and promotions. They also have a deadline activation time frame.
Users with active valid keys, from our campaigns or from the Indiegogo crowdfunding campaign, can enter their keys in the online account management and activate it there if they need too. Expiration dates do not apply for keys from regular sales campaigns (so, no hurry there). Only the promotion keys have an activation deadline.
What will change for current subscribers?
Subscribers, who had been receiving reminder mails and invoices, and had to regularly enter a new activation code, can breathe easy now. Any renewals will be processed automatically. The updates from Free/Special/Premium to Special/Premium/Premium Plus will be handled more easily: Click, pay, done. Any activation, subscription modification and upgrade will be done automatically for you.
What should I consider?
For all the other subscriptions you shouldn’t miss the end date, if you don’t want to use CyberGhost any longer. Monthly subscriptions need to be cancelled monthly, yearly subscriptions, annually. In most cases an email to the seller, usually cleverbridge, is enough, but please consult any current order terms, just to make sure.
Will unused keys be rendered invalid? No. Users, who in the past have purchased a key without expiration date (e. g. on the latest CyberGhost Indiegogo campaign or other official events), can keep on storing and activate their keys at the appropriate time in their account management.
Will unused promotion keys be rendered invalid? Only if you exceed the specified latest time of activation.
Will prepaid subscriptions automatically be converted? No. After the expiration of your current subscription it is up to you, whether you want to continue to use Cyber Ghost in the new convenient subscription system or not.
How do I reactivate an account without key? You can re-activate an account with either your password or, if lost, your PUK. There are no other possibilities!
Will you ever re-install a pre-paid system with activation keys? No, the entire system was converted to the user-friendly subscription system.
For any further questions please consult our extensive support documentation.
The current update improves CyberGhost’s Android compatibility with more smart phones and tablet PCs. For that the ensemble acting of app and the new Crosswalk engine had been refined, while small bug fixes also got implemented.
Improvement: small changes on the CyberGhost dialog engine
Improvement: care of Crosswalk engine
Fixed: crash when writing debug log
New: added possibility to choose between engines: web kit engine (Android) or Crosswalk engine (Intel).
Improvement: extended Wi-Fi protection
New: Possibility to change between TCP and UDP
Improved: small design changes
Improved: better GUI performance by new render engine
Changed: Auto connect now works in unsecure networks also
Fixed: crash when changing network with Android 4.4; no reboot necessary to reconnect
Fixed: small bug fixes
We’re always interested in what you have to say about CyberGhost so feel free to send us your feedback in the comments below or at [email protected]