Image Credit: Bethesda
Forgot password
Enter the email address you used when you joined and we'll send you instructions to reset your password.
If you used Apple or Google to create your account, this process will create a password for your existing account.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.
Reset password instructions sent. If you have an account with us, you will receive an email within a few minutes.
Something went wrong. Try again or contact support if the problem persists.

Should We Worry That Hola Is Being Used For DDOS Attacks?

This article is over 9 years old and may contain outdated information

The Hola VPN’s secure, anonymous browsing platform can be used for countless privacy breaches – but are peer-to-peer networks truly to blame?

Between all the web security breaches and NSA data-collecting happening these days, it’s no wonder some users have turned to services like Hola or Tor. These clients were designed around anonymity and security, redirecting web traffic to conceal the location and IP addresses of users while protecting confidential information. That didn’t sound bad for the privacy-minded, at least until Hola was confirmed as the source of a DDOS attack on 8chan. This was followed by a report by the research group Adios, which outlined several security flaws within Hola that allowed its users initiate DDOS attacks. The report – which was promoted across 8chan – called for its users to uninstall the service since it posed too great a risk.

Okay. Let’s break this down a bit.

First of all, we need to look at how Hola operates. The key issues revolve around Hola’s peer-to-peer network. Once you’re connected to Hola, the client routes all internet traffic through the IP addresses of other users before it reaches your local device. This process helps you maintain anonymity (since no one online sees your actual IP address) while accessing geographically region-locked websites (if there are IP addresses within the region).

From there, we can look at Hola’s security concerns – and in fairness there are several. Adios’ report correctly outlines that Hola’s code allows for remote code execution and client-enabled tracking, something a secure VPN shouldn’t allow. What’s more, Hola’s service was actually used to initiate a DDOS attack: The company sells network access through its Luminati offshoot, giving anyone access to an “almost unlimited number of real IPs” that can be used for DDOS and sending spam emails. These are issues that must be corrected – and in fact, Hola recently updated its client to address many of the stated problems.

But the report goes a step further by saying Hola’s entire peer-to-peer network poses a major security risk – and uses child pornography to make its point. In its most dramatic example of why Hola is terrible, Adios states that if someone downloads child pornography through the client, your unaffiliated IP address might be the one which routes it. So while you’re using Hola to support a “secure” internet, the police might instead show up at your door with some very telling questions about your browsing habits.

To be clear, these are all valid concerns – even the child pornography example, which could be cleared up easily with a standard computer search. (Nobody wants to be falsely accused of downloading child porn while police tear through their personal data.) But blame peer-to-peer networks on principle? Hola isn’t risky because it’s P2P; it’s risky because it’s not secure – and to be honest, that probably wasn’t intentional on Hola’s part.

It’s worth remembering that in 2015, we use P2P networks all the freaking time. Do you play World of Warcraft? That download client routes your update through public IP addresses. Do you make calls on Skype? It uses a similar system to manage your calls. These aren’t the days where questionable file-sharing applications like Kazaa come bundled with malware – everyone from Spotify to the US Department of Defense dabbles in peer-to-peer.

To be clear, there are absolutely legitimate concerns when securing P2P networks. But let’s not act like Hola is alone with that problem – it’s just the client that happens to have bigger security holes than most.

Source: Ars Technica

Recommended Videos

The Escapist is supported by our audience. When you purchase through links on our site, we may earn a small affiliate commission.Ā Learn more about our Affiliate Policy