On June 24, 2021, Windscribe reported that two of its VPN servers in Ukraine, which were running OpenVPN, were seized by Ukrainian authorities. The reasons for the confiscation of the servers are not yet known.

The main problem is that the servers in Ukraine were using a legacy stack instead of full-fledged encryption. As ArsTechnica notes, this could lead to the possibility that the Ukrainian intelligence services might be able (there is no proof of this yet) to access information from the servers or even intercept and decrypt the traffic used by the system.


Server seizure

Windscribe reported that two Ukrainian servers had gone offline on June 24. The company contacted its provider and found out that the servers had been seized by the the Ukrainian authorities investigating activity that occurred one year prior.

“The hosting provider failed to inform us of a preliminary hearing that took place earlier this year, during which a judgement was rendered to seize the two servers in question,” Windscribe says.

The company also noted that there was no reason to believe that the servers were compromised or that anyone was able to gain unauthorized access to them before the seizure. Moreover, Windscribe stressed in the first release that it does not log VPN traffic and that no customer data from these servers are at risk during operation.

The editorial office of AIN.UA has sent a request to the Cyber Police regarding the seizure of the servers. But, at the time of writing, it has not received any response.

Unencrypted VPN

But after the seizure, the company had to admit that those two servers had an OpenVPN server certificate and its private key on the disk and that the servers themselves were not properly encrypted.

“Although we have encrypted servers in high sensitivity regions, the servers in question were running a legacy stack and were not encrypted,” Windscribe confirmed.

Although the company said that the chance of user information falling into the hands of cybercriminals is virtually eliminated, despite the lack of encryption, ArsTechnica says that refusing to encrypt the servers goes against standard industry practice and practically means negating any security guarantees for users.

How the servers might have been used after the seizure

Although the company tried to minimize the impact by outlining the requirements that an attacker would have to satisfy to intercept user data, those conditions are precisely the ones VPNs are designed to protect against. Specifically, according to Windscribe, the conditions for intercepting traffic are as follows:

  • The attacker controls your network and can intercept all communications (privileged position for a MITM attack);
  • You are using a legacy DNS resolver (legacy DNS traffic is not encrypted and is vulnerable to MITM attacks);
  • The attacker can manipulate your unencrypted DNS requests (the DNS entries used to pick an IP address of one of our servers) and will be able to redirect it to a previously seized server;
  • You are NOT using Windscribe applications (the applications connect via IP, not DNS entries).

The potential risks to the user if all of the above conditions are met are as follows:

  • The attacker will be able to see unencrypted traffic inside your VPN tunnel;
  • Encrypted conversations like HTTPS web traffic or encrypted messaging services would not be affected;
  • The attacker would be able to see the source and destination of the traffic.

Actions and consequences

One of the steps taken was replacing the current OpenVPN certificate authority with a brand new one that Windscribe says “follows industry best practices” and includes the use of an intermediate certificate authority, not just server certification.

Moreover, the company said it has also decided to move its servers completely to RAM, which means it will no longer have a hard drive backup, and all data will be erased if the server is rebooted or shut down.

However, the company was still unable to encrypt the VPN servers seized in Ukraine, and changes to the certification, which should close the vulnerability that appeared after the loss of the servers, were not completed until July 20, 2021 (the servers had been seized almost a month earlier – June 24).

As ArsTechnica notes, this allowed the current “holders” of the servers to easily impersonate Windscribe servers and capture and decrypt traffic passing through them.