Hola VPN Used User Bandwidth to Carry Out DDoS Attacks

VPN provider Hola is among the most popular extensions for web users, with over 47 million people being a part of its peer-to-peer network for its free and easy-to-use service.

According to a group of researchers, however, the company has been using bandwidth from users for illegal DDoS attacks. In addition, the client software’s insecure design gives way for remote code execution as well as the tracking of client enabled features. What’s more, the company is also selling access to its network through an affiliate business known as Luminati. The business is involved in selling bandwidth through a large number of real IPs.

Hola VPN was using bandwidth from users for illegal DDoS attacks

Multiple DDoS attacks were first reported by image board 8chan, which claimed that huge traffic spikes were sent its way by Luminati. As per Hola, stealing bandwidth from users to sell to others is perfectly legal. Users of the service become part of a larger network, and VPN traffic is routed through this network, using the connections of Hola users themselves.

It’s a predicament that certainly favors Hola, but one that presents a huge risk to the end users. Other VPN services like Hotspot Shield typically set up dedicated servers worldwide, which users jump on in order to avoid geo-location blocks.

The researchers, who go by the name Adios, advise that users should halt the use of Hola immediately, as it could put them under the radar of law enforcement agencies. For example, if someone uses Hola to distribute illegal content on the web, and you happen to be one of the Hola users whose internet connection is used in the process, investigation could lead to you getting in serious trouble.

Advertisement

We suggest immediately moving to VPNs which own their servers and don’t deal with third parties

Instead, they recommend that web users looking for anonymity and bypassing of geo-location blocks should turn towards one of the several server-based VPN services.

Since the initial reports, Hola has disabled one method of remote code execution, although the researchers claim that several other methods still exist.

Meanwhile, the tracking issue has been completely resolved. However, the primary concern still remains as Hola’s core network infrastructure is peer-to-peer-based. Eliminating it would mean that Hola would need to rethink its VPN business and rebuild its service from the ground up.


  • Atif

    last year bough a cheap tp-link router, put vpn on it and since than, my house is enjoying youtube, netflix, pandora on chromecast. :P

    • monis

      can you please share the details of vpn you put in router. what vpn mehtod and settings

      • Atif

        change router’s wan connection type to l2tp/pptp use any vpn servce.

        • monis

          my internet connection connects on vpn pptp Russia that means i cant use it :/

          • Atif

            :) if you mean your local internet connects using a username password and server, than no, you are still using local pakistan internet.
            you need a vpn service, and another router to use that service.

    • EffEff

      Please share some details as I also have chromecast and want to do the same…..

      • Atif

        for youtube you need vpn service, i replied above on how.
        chromecast works just fine.

    • KMQ

      Atif bhai, shed some light on how exactly you did this?

      • $had0w

        just install router software any open source like tomato whatever

        • Atif

          lol no, you dont need any third party firmware or router that supports it.

          • monis

            phir bata do na how did you apply vpn on router ?

            • Atif

              bata to diya bhai, change wan connection type to l2tp / pptp and use vpn service

      • Atif

        i use privateinternetaccess vpn, but you can use any other if you want.
        in router settings i use pptp/l2tp whichever connects, my vpn and tp-link works on l2tp without issues.
        you get this settings in wan connection, just enter username password and server address.

  • Eli Ehsan

    issi liye to kehte hain k “ULTRASURF” khappay… :)

  • Uzair Farooqi

    What about USIPVPN? Is it secure?

  • rashid

    Your line height and vertical margins are identical, difficult to read. fix this please.