This VPN Lets Anyone Use Your Internet Connection. What Could Go Wrong?

In other posts over the past year, cybercrime forum users have recommended Big Mama or shared tips on configurations people should use, according to Kela’s analysis. In April this year, security company Cisco Talos explain It found that traffic from Big Mama proxies, as well as other proxies, were used by attackers to try to brute force their way into various corporate systems.

Mixed messages

Big Mama reveals few details about its ownership or leadership on its website. The company’s terms of service say a business called BigMama SRL is registered in Romania, although a previous version Website from 2022and There is now at least one live pagelists the legal address of BigMama LLC in Wyoming. The U.S.-based business was dissolved in April and is currently listed as inactive, according to the Wyoming Secretary of State website.

A man named Alex A responded to Wired’s email about how Big Mama works. They said in the email that information about the sale of free user connections to third parties through the Big Mama Network was “repeated many times in the app market and in the app itself” and that people had to accept the terms of use VPN. They say that Big Mama VPN is only officially available from the Google Play Store.

“We do not advertise and have never done so on the forums you mentioned,” the email read. They said they were unaware of Talos’ findings in April that its network was used as part of a cyberattack. “We do block spam, DDOS, SSH, local networks, etc. We log user activity to cooperate with law enforcement agencies,” the email reads.

Alex A asked WIRED to send him more details about ads on internet crime forums, details about Talos’ findings and information about teenagers using Big Mama on Oculus devices, saying they would “be happy to do so” ” in response to further questions. However, they did not respond to any further emails with further details about the findings and questions about their security measures, whether they believed someone was impersonating Big Mama posting on cybercrime forums, the identity of Alex A or Who runs the company.

During its analysis, Trend Micro’s Hilt said the company also discovered a security flaw in Big Mama VPN that, if exploited, could allow proxy users to gain access to someone’s local network. Alex A confirmed the detail, and the company said it reported the flaw to Big Mama, who fixed it within a week.

Hilt said the bottom line is that whenever someone downloads and uses a free VPN, there is a potential risk. “All free VPNs need to weigh privacy or security concerns,” he said. This applies to people sideloading them onto VR headsets. “If you download an app from the web that’s not from an official store, there’s always an inherent risk that it’s not what you thought it was. This is true even with an Oculus device.