VPNs, by virtue of the way they work, do not protect you from hackers. That being said, there’s a lot you can do to protect yourself from hackers. But should you even care?
Hi, my name’s Aaron. I’m a lawyer and information security expert. I’ve been in the industry for over a decade. I have a passion for helping people stay safe online and want to share that with you.
Let’s dive in and figure out what a hacker is, why VPN doesn’t protect you from hackers, and what you can do to protect yourself.
Table of Contents
- A hacker is someone who wants to steal your data or money.
- By and large attacks aren’t IP-dependent.
- VPN, which only changes your IP address, does little to mitigate against most attacks.
- There are some attacks that VPN does mitigate, but doesn’t “protect” you.
What’s a Hacker?
The Oxford English Dictionary defines hacker as a person who uses computers to gain unauthorized access to data. Unauthorized access to data, then, means access to your personally identifiable information (like your social security number), account username and password, or access to your money.
How do they accomplish that?
According to KnowBe4, they almost entirely leverage phishing emails, remote desktop, or software vulnerabilities. So they use email that you have to interact with or open ports that they can scan to access your computer.
What don’t you see in that list?
Finding your public Internet Protocol (IP) address and accessing your computer somehow through that.
Why does that matter?
VPN Doesn’t Protect You from Hackers
VPN only needs to accomplish one goal: hide your browsing from the internet. How does it accomplish that? It first encrypts the connection from your computer to the VPN server. It then uses the VPN server’s public IP address instead of yours to conduct your internet activity.
Some VPN providers add other services, but typically VPN providers focus on providing the fastest connection they can for you to browse the internet privately.
By and large, hackers won’t target you specifically. There are some exceptions to that. But hackers are predominately doing what they do for financial reasons (e.g. they want to steal as much money as quickly as possible) or as activists to achieve change.
If you believe you’re being targeted by hacktivists, don’t use VPN to avoid them. Use a full suite of end-to-end information security infrastructure products to protect yourself. Or accept that you’re going to be the victim of a cyberattack.
Hackers who commit cybercrime for financial purposes don’t usually target people, though they may target large corporations. In almost all cases, hackers who commit cybercrimes are committing crimes of opportunity.
They send out hundreds or thousands of phishing lures or will scan for open ports by the millions. If they find an open port, someone responds to a phishing lure, or someone downloads a virus or malware, the hacker will use that to conduct an attack.
Here’s a great YouTube video about port-based network vulnerabilities. You’ll notice that to complete the attack, you will need an IP address. So why won’t VPN help you there? Because a hacker is using the connection to infiltrate your computer, not your specific IP address. They can conduct the attack even if you’re using a VPN.
However, if you turn VPN off, your IP address changes. If you do this before a hacker can use your open ports to attack, then you’ve staved off the attack. You still have the open vulnerabilities and can still be attacked in the future, but the hacker’s effectively lost you. For now.
But I Read that VPN Protects You from Hackers?
There are a couple of hacks that VPN can protect you from. The likelihood that you will ever encounter these attacks is so low that I, personally, feel that it instills a false sense of safety saying that VPN protects you from hackers because it thwarts two types of attacks.
Those attacks are:
Man in the Middle Attacks
This is typically where your internet browsing session is diverted so that all of your content passes through a collector set up by a hacker. The typical purported use case is where you go to a cafe to use public wifi and a hacker has set up an access point through which all data passes. If you transmit personally identifiable information or financial account information over that connection, then the hacker has it.
That’s true. It’s why I always say: never do private business on public wi-fi. Don’t rely on a tool to make you safe, just act safely.
I’d also highlight anecdotal evidence: in my almost two decades career I’ve never seen or encountered someone who’s seen an example of that attack in the wild. It doesn’t mean that it doesn’t happen, but unless the hacker works at the cafe and can manage the wi-fi connection, the attack is very noticeable since someone will see multiple access points.
The likelihood the nefarious access point is identified to staff because of sheer confusion and will eventually be investigated, is significant.
Also, hackers work by volume. They can implement thousands of attacks with little effort from the comfort of their home. Collecting and parsing through all internet usage data over the course of days, even with tools to assist, is a substantial effort.
DoS or DDoS Attacks
A Denial of Service (DoS) or Distributed Denial of Service (DDoS) attack is where thousands or millions of connections are opened with an IP address to overwhelm the internet connection and stop internet connectivity.
If you’re an individual using a consumer ISP, the chances you can succumb to this kind of attack without a VPN is small. Most ISPs have implemented safeguards against this. That being said, if you run afoul of someone with a botnet at their disposal (for more on what a botnet is, see this YouTube video), or are willing to rent time on a botnet for sale, then you may be the target of a DDoS attack.
DoS and DDoS attacks aren’t permanent. They can be circumvented with VPN if your computer and not your router is being targeted. VPN doesn’t make you safe from this kind of attack, it just provides a workaround in some cases.
Let’s address some other questions you might have related to whether a VPN can protect you from hackers or not.
What Does a VPN Not Protect You from?
Almost everything. Remember, a VPN only usually does two things: 1) it provides an encrypted connection between your computer and the VPN server and 2) it hides your IP address from the internet.
A reputable service does those two things exceptionally well and is very worthwhile to promote your privacy on the internet. It is not a magic bullet for all information security needs. If it was, you’d never hear about major high-profile corporate breaches, which are very much on the rise.
How Do I Know If My VPN Was Hacked?
You don’t. Not until your VPN provider reports the hack.
Does VPN Protect You from the Government?
Probably not. There are a couple lines of thought about this. One is that the NSA worked with Intel and AMD to create processor backdoors that eventually became the Specter and Meltdown vulnerabilities impacting Intel, AMD and Arm microprocessors. If that’s the case (and that’s a very big and conspiratorial if) then no, VPN won’t protect you from the government.
The other line of thought is more down to earth: if you do something illegal in your jurisdiction, the government can use subpoena or warrant powers (or their analog in your jurisdiction) to get your VPN provider’s server logs and see what you’ve done. But it will protect your privacy online generally and that’s valuable!
VPNs don’t protect you from hackers. They make certain attacks harder to implement, but the likelihood that you’re going to experience one of those attacks in your day-to-day life is miniscule.
VPNs are very important to protect your privacy online. They do so very well and are an important tool for your online privacy and security. If you combine a VPN with other security tools and safe internet use behavior, then you’ll be very well protected against hackers.
Have you seen a Man In The Middle Attack in the wild? Do you use a VPN? What security tools do you include in your toolkit? Please share in the comments!