The FBI Issues a Warning about Criminals Selling College VPN Access

Jamie Kavanagh
Jamie Kavanagh
June 10th, 2022

The FBI has issued a warning about criminals offering VPN login details for college and university VPN networks.

These login details allow access onto educational networks, which could potentially enable bad actors access to student databases or other platforms within that network.

The FBI cautioned:

If attackers are successful in compromising a victim account, they may attempt to drain the account of stored value, leverage or re-sell credit card numbers and other personally identifiable information, submit fraudulent transactions, exploit for other criminal activity against the account holder, or use for subsequent attacks against affiliated organizations.

The entire point of a private network is to keep networks and data safe. If that network is compromised, all data and systems within that network can also be compromised.

Once a bad guy has access to that network, it’s no longer private and no longer secure. They have the time and space to operate freely to try to hack systems connected to that network.

Not the end of the game

That said, having access to a network does not mean hackers will automatically have access to those systems.

If the network has been built correctly, each system will have its own gatekeeper and security. Data within those systems should also be encrypted to help protect the contents.

So, while this is definitely cause for concern, it’s immediately game over.

How to protect VPN networks

If you find your own VPN network compromised, what can you do about it?

You have a couple of options.

1. Change the login credentials across the entire network

This is a lot of effort for a network the size of a college or university, but it’s also necessary.

A change of username style and length and change of every single password is just the beginning, but should slow down the rate at which hackers can access the network.

2. Audit all user accounts for the network

You would then need to perform a full audit of all active user accounts with current access to the network.

Revoke any accounts you don’t recognize without fail. If you revoke an active account you don’t recognize, you can always reinstate it when you get the call.

It’s much better to have to do this a few times while removing hacked accounts than to leave potentially vulnerable accounts active.

3. Perform a security audit all systems connected to that network

Accessing a VPN network is one thing, being able to then hack the systems connected to it is something else.

As long as those systems have been set up properly with their own logins, two-factor authentication and encryption, it should be a tough ask to hack them.

© 2023 Redact - All rights reserved