News

Hola CEO Responds to Botnet Controversy

Hola, the peer-to-peer (P2P) VPN provider, was recently accused of allowing its customers’ network to be used to form botnets to launch malicious cyber-attacks. A group of researchers, under the banner Adios, discovered that up to 47 million people could have been inadvertently providing hackers with enough bandwidth to launch massive DDoS attacks. Now, Hola’s CEO Ofer Vilenski has spoken out about the controversy, insisting that accusations of negligence against the company are unfair, denying that its customers form part of a botnet, and that its policy for sharing user bandwidth through P2P was transparent from the start.

“There have been some terrible accusations against Hola which we feel are unjustified,” Vilenski said in a post on Hola’s website. He went on to explain what he calls the “three issues” regarding the allegations:

1. Hola is about sharing resources

We assumed that by stating that Hola is a P2P network, it was clear that people were sharing their bandwidth with the community network in return for their free service. After all, people have been doing that for years with services like Skype. It was not clear to all our users, and we want it to be completely clear.

We have changed our site and product installation flows to make it crystal clear that Hola is P2P, and that you are sharing your resources with others. This information is now “in your face” – and no longer appears only in the FAQ.

2. Does Hola make you part of a botnet?

No! Hola makes its money by selling its VPN service to businesses for legitimate commercial purposes, such as brand monitoring (checking the prices of their products in various stores), self test (checking how their corporate site looks from multiple countries), anti ad fraud (ensuring that the adverts are not inserted enroute to use), etc.

There was some concern that by selling our VPN services to enterprise customers, we were possibly exposing our users to cyber criminal traffic that could get them in trouble (Thus the ‘botnet’ accusation). The reality is that we have a record of the real identification and traffic of the Luminati [Hola’s commercial name] users, such that if a crime is committed, we can report this to the authorities, and thus the criminal is immediately identified. This makes the Hola/Luminati network unattractive to criminals – as opposed to Tor for example, which provides them complete anonymity for free.

Last week a spammer used Luminati by posing as a corporation. He passed through our filters and was able to take advantage of our network. We analyzed the incident, and built the necessary measures in our processes to ensure that such incidents do not occur, and deactivated his service. We will cooperate with any investigation of the incident to ensure that he will be punished to the fullest extent.

3. Vulnerability of the Hola client

Part of the growing pains of creating a new service can be vulnerability to attack. It has happened to everyone (Apple iCloud, Snapchat, Skype, Sony, Evernote, Microsoft…), and now, to Hola. Two vulnerabilities were found in our product this past week. This means that there was a risk of a hacker being able to operate remote code on some devices that Hola is installed on. The hackers who identified these issues did their job, and we did our job by fixing them. In fact, we fixed both vulnerabilities within a few hours of them being published and pushed an update to all our community. We are now undergoing an internal security review, as well as an external audit we have committed to with one of the big 4 auditing companies’ cyber auditing team.

It’s a strong defence, but is contradicted by the findings of numerous security firms that the VPN is still riddled with security holes that can be easily exploited by hackers.

Image courtesy of TechRadar.

Ashley Allen

Disqus Comments Loading...

Recent Posts

Nvidia’s GeForce RTX 5090 Possible Price Revealed

According to a new report, the GeForce RTX 5090 GPU will be very expensive. It…

5 hours ago

AMD Krackan Processor with 6 Zen 5 and Zen 5c Cores for Budget AI Laptops Leaked

A new AMD processor in the form of an engineering model has been leaked in…

5 hours ago

SK Hynix Begins Production of First 321-Layer NAND Chips

SK Hynix has claimed to be the first company to mass-produce 321-layer NAND memory chips.…

5 hours ago

Trust Gaming GXT 609 Zoxa 2.0 PC Speakers

SOUNDS GREAT – Full stereo sound (12W peak power) gives your setup a booming audio…

9 hours ago

PowerA Wired Controller for Nintendo Switch

Special Edition Yoshi design Ergonomic controller shape with Nintendo Switch button layout Detachable 10ft (3m)…

9 hours ago

Logitech G Saitek PRO Flight Rudder Pedals

Fluid Motion: These flight rudder pedals are smooth and accurate that enable precise control over…

9 hours ago