Outrunning NSA’s Bullrun

Following the latest rumors about NSA and its connected Intelligence Services, many of you Ghosties are concerned about the decryption program called ‘Bullrun’ which is said to be able to hack SSL and VPNs – along with the equal alarming news that a lot of US companies have been forced to implement backdoors to their services.

But, and it’s a big ‘BUT’ here, we need to differentiate between an eligible concern and unfounded fears. The encryption line of battle has not been broken yet. It’s under heavy attack, no doubt about that, but good encryption still works the way it should: Protecting your data!
It’s true, that an encryption program called ‘Bullrun’ exists, and it really seems it’s able to compromise security barriers like SSL (as you use with your online banking) – but it doesn’t work as good as the NSA hoped it would. That’s why they force companies to implement backdoors and influence the programming of encryption standards (so they can easily break it). In a way that bad news is a good news, because it shows that despite all the money and the man power that goes in there, less than expected came out.

wickinger

Regarding CyberGhost we’d like to ensure you that CyberGhost VPN is still a good friend:
1. We don’t use any of the maybe hacked or unsafe technologies, instead we began even before ‘Bullrun’ became public, to provide the VPN tunnel to and on ALL our servers (Free and Premium) with AES with 256 bit key length. There are no hints that AES-256 is even near to be hacked. In fact, at present it’s much more likely the earth will fall into the sun than the NSA will be able to decrypt 256 bit AES secured data. (This goes also for TrueCrypt, so don’t fall for any propaganda claiming TrueCrypt is a threat and guiding you to real unsafe technologies like Psyop.)
2. Our Windows client as well as the announced Mac OS X and Android client are based on OpenVPN. This protocol is Open Source and controlled by a worldwide community of programmers and therefore backdoor free.
3. We run our business under the Romanian legislation and can’t be forced by the NSA to take part in their goal for worldwide espionage. No backdoors included!
4. Some still in use SSL components will steadily be exchanged and updated – even though they are commonly not yet be seen as unsafe.

Like said above, good cryptography is still effective and the only option against spying eyes. If you have any other questions, please write us a comment and we will be happy to answer.

5 thoughts on “Outrunning NSA’s Bullrun

  1. A nice text, thanks. A question:
    Do you mean that even Free and Premium servers use AES 256 encryption now? I’m asking because you used to provide only Premium Plus servers with AES 256.

    • Hey!

      Thanks for the feedback :) Yes, we already use AES 256 encryption on all our servers, Free & Premium. We consider that security online is the most important thing for our users and that’s why we decided to offer high encryption on all our servers.

  2. “we need to differentiate between an eligible concern and unfounded fears”. No backdoors included!

    I like the feeling that using CG is my insurance to the privacy online we all deserve.

    But then I think about the bad guy factions using CG to their evil.

    My question to CG is this that I feel an eligible concern or an unfounded fear that the bad guys do and can use CG too. Then does CG combat and police itself in some way.

    Another question I have is about the CyberGhost VPN Debuglog, can this be used in anyway against the user. It’s information is stored on one’s own computer – should it itself only be accessible by a password.
    If that would offer any insurance against spys. I would like to be able to turn it off so no log is kept.

    Thanks CG

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>