Windscribe VPN servers seized by authorities were not encrypted

representational image of a cloud firewall
(Image credit: Pixabay)

Following last month’s seizure of a couple of its VPN servers in Ukraine, security tools provider WindScribe shockingly revealed that the seized servers weren’t encrypted.

While WindScribe contends that no user data is at risk since it doesn’t log any activities, the unencrypted server had an OpenVPN server certificate along with its private key.

In a blog post Windscribe’s founder Yegor Sak admits that anyone with the private keys could have impersonated the Windscribe servers to capture and decrypt traffic passing through them.

TechRadar needs yo...

We're looking at how our readers use VPNs with streaming sites like Netflix so we can improve our content and offer better advice. This survey won't take more than 60 seconds of your time, and we'd hugely appreciate if you'd share your experiences with us.

>> <a href="https://project.tolunastart.com/tqsruntime/main?surveyData=LFFFsT0HpgsyUe0tTFumBJohXK8Sedt0ARpsCF4DRGR+oCoVbvd+2+d8+UNIIx4L" data-link-merchant="project.tolunastart.com"" target="_blank">Click here to start the survey in a new window <<

“Although we have encrypted servers in high sensitivity regions, the servers in question were running a legacy stack and were not encrypted. We are currently enacting our plan to address this,” wrote Sak.

Misconfigured servers

According to Sak, the seized servers were part of an old investigation into an activity that occurred over a year ago.

While sharing the plans to address the incident and improve Windscribe’s OpenVPN infrastructure, Sak revealed that their OpenVPN server and client configuration used the compress parameter. 

By Sak's own admission, the compress parameter was deprecated in 2018 after security researchers revealed that it could be exploited to allow adversaries to decrypt data.

For its part though, Windscribe has assured that it has “no reason to believe” that the servers were compromised or that any unauthorized access took place before the seizure.

Furthermore, Sak has promised to get their replacement server stack audited by a third-party to ensure it is completely sound.

Mayank Sharma

With almost two decades of writing and reporting on Linux, Mayank Sharma would like everyone to think he’s TechRadar Pro’s expert on the topic. Of course, he’s just as interested in other computing topics, particularly cybersecurity, cloud, containers, and coding.