Beware Botnet: Why You Should Avoid Using Hola VPN

obr2By Stephen Ayton — Last Updated: 30 May'17 2017-05-29T06:10:30+00:00

With our privacy under increasing attack by both governments and ISPs, many people are turning toward VPNs to secure their Internet connection and stay anonymous online. However, if you’re new to the whole VPN thing it’s easy to make a mistake and sign on to a service that does more harm than good; one such service is Hola VPN.

Here at Cloudwards.net we’ve already compiled a list of the worst free VPN providers, but Hola VPN is in a league all its own when it comes to sheer malice. In fact, it holds the singular honor of having a website, called Adios Hola, dedicated to convincing people to uninstall it right now.

But what exactly is the problem with Hola? What does it do that makes it so harmful? To answer that question, we first need to take an in-depth look at something you’ve read about in the news, but may not know exactly what it is: a botnet.

What Is a Botnet?

Unless you’ve been living under a rock the last few weeks, you’ll have heard of the WannaCry ransomware attack that paralyzed banks, governments and major corporations in May 2017. This rather nasty bit of programming did a lot of damage, but was only the latest in a string of cybercrimes which all have one thing in common: they were perpetrated through use of a botnet.

In short, a botnet is a network of private digital devices which has been infected with malware and is controlled by a third party, a criminal in this case, without the knowledge of the devices’ actual owners.

Anything that connects to the Internet can become a part of a botnet. Having many smart devices around your house, almost inevitable with the onward march of the Internet of Things, makes you more susceptible to cyberattacks (check out our article on cloud security for more information).

The creators of a botnet sneak controlling programs onto those often unsecured IoT devices, as well as infecting your computers and phones. These programs bide their time until given the go-ahead from the owner of the botnet. With one signal sent out from a central device, all of those computers and appliances in turn send out a message to a target computer.

The sheer volume of messages swamp the victim computer and it is unable to respond to genuine requests for connections, effectively blocking it from accessing the Internet. This is called a “distributed denial of service,” or DDoS, attack. A DDoS attack may only take five minutes or so, but wreak untold havoc.

Anyone that analyzes all this incoming traffic in an effort to find out where it’s coming from is confronted with thousands of addresses, with no way to tell which is the culprit. On top of that, criminals will often also change around from which part of the botnet they’re sending messages from, just to make life even harder for the people tracking them.

Botnets are the cybercriminal’s tool of choice simply because they are easy to set up and finding who is behind one is next to impossible.

Botnet Structure

Now that we know a little about what botnets do, let’s take a look at how they work. Cybersecurity experts have analyzed the methods botnet owners use to send out commands to their digital zombie army.

At first, criminals would rent space on a server somewhere. This would be just an ordinary web server, indistinguishable from the thousands of others like it. The criminals used this rented space to store a list of infected computers and also to relay attack commands.

When law enforcement caught on to this method of doing things and put measures in place to stop it, botnet operators quickly changed tack and adopted peer-to-peer botnet (P2P) architectures.

Instead of sending out a flood of attack commands, the P2P method apes procedures used by torrent download applications, where members of a botnet pass on instructions to each other through message boards or other means. A good example of this is the WannaCry attack, which used non-existent web addresses as command instructions.

Under this scenario, the infected computer sends out a request for a web page. If the criminal wants to start an attack, he registers that web address and places a target IP address in the response to the request. This way, the infected computer is only triggered into action once its request is answered; before that all it does is act like a perfectly normal computer.

The difference between primitive botnets and the P2P control system is that the latter is much harder to detect, for both law enforcement as well as the owner of the device. Since it does not require a large volume of instructions, but is just one computer sending out a single request over and over, finding it is almost impossible to do.

How a Botnet Makes Money

You may be wondering how a botnet actually makes the criminals behind it any money: after all, disabling a computer network may be fun, but where’s the profit? Botnets are not cheap to set up, but offer a great return on investment thanks to, of all things, ad revenue.

Many websites earn money by displaying advertising. Each advert on a site earns money when someone goes and looks at that page. Botnets can be used to bump up the number of visits to paying websites. These traffic generating services are are presented as legitimate businesses. The website owners do not realize that they are dealing with cybercriminals.

If that weren’t enough of an earner, there are plenty of companies around that help you stress test your company’s servers against a DDoS attack. That some of these companies are operated by the same people executing these attacks is just a bonus feature which goes unmentioned in the brochure.

“Stressers” don’t actually check with their paying clients whether they own the computer that they are being paid to attack. This basically means that botnet operators are not just in it for their own gain, but are now also digital mercenaries. A hit on a competitor’s system can now be had for as little as $5.

This is likely what happened with the Mirai attack in 2016, which until WannaCry came around was the biggest botnet attack in history: a company wanting to sell time on Minecraft servers decided to take out the competition by having someone execute a DDoS attack. Another industry that sees much of this mercenary behavior is online gambling, proving that “old” crime has no trouble putting on a new suit when needed.

Botnet Characteristics

So, to summarize, it can be said that modern botnets have the following characteristics:

  • The computers in the botnet are owned by unsuspecting members of the public
  • Botnets give cybercriminals substituted addresses
  • Botnet requests are difficult to block because they come from legitimate IPs
  • Botnets include hundreds of thousands or even millions of computers
  • Botnets are controlled through peer-to-peer networks
  • Botnets are used for ad fraud
  • Botnets are rented out to “stress test” systems
  • Stressers don’t check whether their employer owns the target computer
  • Stressers sell attacks charged by bandwidth capacity

Hola VPN and Botnets

Now, you may find yourself wondering why you just read through a class on what a botnet is and what all this has to do with this wonderful free VPN called Hola. Well, the tl;dr is that Hola is a botnet that suckers people with little knowledge of Internet security into their scheme and basically takes control of their computers away from them.

In fact, it is rather questionable if Hola isn’t also guilty of some false advertising on top of that, as it’s not even a VPN as such: as you can read in our article comparing the differences between VPNs and proxies, a VPN will route traffic through a secure tunnel, while a proxy merely redirects it. Hola does not provide such a tunnel for its users, making it a proxy.

With that detail out of the way, let’s see exactly how Hola does what it does.

How Hola VPN Works

You’ll likely first see Hola referenced as a Google ad when you look for free VPNs. The service costs nothing and is very easy to install. At it’s base, Hola uses a peer-to-peer architecture, so the service doesn’t have to spend money operating proxy servers — each member of the network channels the messages of others.

You do need to pay for Internet service in order to access Hola, and part of that bandwidth is shared with other members. In return, you are able to use the Internet services of other members, so that’s a fair exchange.

Being able to channel your communications through a different computer in a chosen country means that you can access geo-restricted content abroad. In the meantime, someone from overseas is able to watch content in your country by accessing sites with your IP address.

The ability to contact other like-minded people and share resources seems to be a great way to build a community. Hola has more or less created a global village. It seems mutually beneficial, equitable and gives the appearance of favoring the little guy in the fight against money-grabbing corporations.

Selling Bandwidth

Some, however, are more equal than others, according to Hola. For $5 per month people can sign up and use the network without having to accept traffic from other members. So, you pool your paid Internet service bandwidth with others and Hola makes money by selling that on. If this is an anti-corporation cooperative of like-minded people, where’s your cut of that $5 per month?

Hola is a free service, but once you understand that its bandwidth is available for sale, you start to realize that the people that are getting services for free are not the members. Hola is a private corporation and its owners are selling proxy services without paying anything for servers or Internet access. They are getting your Internet service for free and raking in huge profits.

Hola VPN and Luminati

Now that we have established that Hola is a for-profit company above anything else, it’s interesting to note that the people behind Hola also run a parallel company, called Luminati. This company offers proxy services to businesses rather than individual consumers.

Luminati makes use of Hola’s massive network, which includes up to 118 million members. That is a truly huge pool of IP addresses and thus a lot of broadband bandwidth available for rent.

Although the FAQ page of the Hola website mentions Luminati, it doesn’t fully explain the motivation that legitimate business would have for accessing all of those IP addresses, stating merely that businesses use the Hola network to check how their websites look in other countries or inspect the information of competitors without their own identities being revealed.

This explanation covers all the basis, though it does beg the question why Luminati sells access by the gigabyte, an odd option if all you’re doing is checking up on sites. In order to chew through bandwidth to the order offered by Luminati, you would need to access countless websites, or just one web page over and over again.

Background Checks

Luminati claims to thoroughly vet customers to ensure that no cyberattacks can be carried out using the IP addresses of Hola members. The organization Adios Hola, which we mentioned earlier but are happy to link to again since they are on the side of the angels, discovered that this thoroughness was somewhat exaggerated.

Adios Hola engaged in live chat with a member of the Luminati sales team, who explained that “we have no idea what you are doing on our platform.” When pushed to explain what activities are banned by Luminati, the sales rep added that “we simply offer you a proxy platform, what you do with it, is up to you.”

Not the words you expect when a site claims it is as secure as Hola does. It does, however, explain why Hola and Luminati sell bandwidth by the gigabyte: the network is likely being used for purposes far less innocuous than simply checking how the competition is faring.

Is Hola VPN a Botnet?

Take a look at the list of botnet characteristics again and see how Hola fits into those.

  • The computers in the Hola network are owned by unsuspecting members of the public
  • The Hola network gives “legitimate businesses” substituted addresses
  • Hola requests are difficult to block because they come from legitimate IP
  • The Hola network includes 118 million computers
  • Hola is controlled through a peer-to-peer network
  • Hola is used for “advert verification”
  • The Hola network is rented out to “stress test” systems
  • Luminati doesn’t check whether their employer owns the target computer
  • Luminati sells access to the Hola network charged by bandwidth

When you go down this list, Hola ends up looking a lot like a botnet, no matter what its CEO says.

Conclusion

Cybercriminals set up botnets by tricking people into downloading malware that takes over their computers. They can do so in several ways, each of them sneaky, but Hola has managed to think up a way in which they can get victims to do all the work for them, in some cases even paying Hola for the privilege to become an unwitting accomplice.

If you’re worried about your privacy and are looking to set up a VPN to protect yourself, please do not sign up for Hola as you have no idea what could happen once you’re signed up: you may end up finding out that free is far more expensive than signing up for a bonafide service, like one of our best VPN picks.

Have you had any experience with Hola? How did it work out for you? Please let us know in the comments below. Thank you for reading and stay safe out there.

Leave a Reply

Your email address will not be published. Required fields are marked *

More about

Most Visited News