One of the most popular VPN extensions for Google Chrome, Hola, has been caught out selling its users’ “idle resources”, like your bandwidth, via a separate company for botnet use. This means that users of Hola likely had their bandwidth sold for DDOS attacks.
Hola was often used as a way for people outside of the US to access video on demand content, such as geo-blocked YouTube videos or Netflix. The brand used to sell off bandwidth is known as the Luminati VPN network. The problem was first discovered over on the 8Chan forum boards, as the site was the target of a DDOS attack, that seemingly came from Hola’s network.
8Chan made a little post about Hola, stating: “Hola ‘Better Internet’ is an extremely popular free VPN. How it works is not very clear to all its users though, as I quickly became aware in the past week when 8chan was hit by multiple denial of service attacks from their network. When a user installs Hola, he becomes a VPN endpoint, and other users of the Hola network may exit through his internet connection and take on his IP. This is what makes it free: Hola does not pay for the bandwidth that its VPN uses at all, and there is no user opt out for this.”
“Hola was created by the Israeli corporation Hola Networks Limited at the end of 2012, and at first was just the VPN service. However, Hola has gotten greedy. They recently (late 2014) realized that they basically have a 9 million IP strong botnet on their hands, and they began selling access to this botnet. An attacker used the Luminati network to send thousands of legitimate-looking POST requests to 8chan’s post.php in 30 seconds, representing a 100x spike over peak traffic and crashing PHP-FPM.”
Hola’s founder, Ofer Vilenski, has claimed that the company has always been upfront about its business practices. However, the amount of outrage users have expressed tells a very different story. This Reddit thread for instance, is filled with people who had no idea what Hola was doing.
Discuss on our Facebook page, HERE.
KitGuru Says: It looks like Hola has been delving in to some questionable business practices. Have any of you used Hola before? Has this put you off?