As bomb threats continue to target major corporations and institutions, some virtual private network (VPN) firms are reportedly using "evading police tracking" as a marketing hook.

According to police and others on the 23rd, a series of threatening posts and emails saying they would blow up the headquarters of Kakao, NAVER, Samsung Electronics, KT, and Hyundai Motor have been received.

Illustration = ChatGPT DALL·E

In each case, the internet protocol (IP) addresses used to connect appeared to be in different countries, leading police to focus on the likelihood that a VPN was used.

In fact, at about 9:51 p.m. on the 21st, the IP address of a threatening post on Kakao's CS Center (customer center) board that said, "I installed a high-powered bomb at Kakao's Pangyo Agit," was confirmed to be in Italy.

A VPN routes a user's internet traffic to a VPN server through an encrypted "secure tunnel" before connecting to a website. Unlike direct connections through domestic internet service providers (ISPs) such as KT, SK Broadband, and LG Uplus, using a VPN prevents exposure of the actual IP address.

VPNs have legitimate uses, such as protecting access to a corporation's internal network (intranet) or preventing hacker attacks when using public Wi-Fi, but cases of abuse keep recurring.

Screenshot of VPN corporations' website

In particular, it is problematic that some VPN companies are leveraging the ability to evade government or police tracking as a promotional element.

One VPN company said in a notice, "Unless the VPN company cooperates, authorities cannot track the activities of VPN users." It also said, "If the VPN provider is based in a country with strict data protection rules, such as Switzerland or Panama, police may have difficulty accessing user data."

A VPN company with more than 100 million downloads on the Google Play Store wrote in its frequently asked questions (FAQ) that "police cannot monitor encrypted VPN traffic." A VPN provider with more than 10 million downloads also said, "Simply put, with a VPN, police cannot track real-time traffic."

Some emphasize a so-called "no log" policy to induce paid VPN subscriptions. No log means recording nothing, such as visited websites, connection time, or the actual IP address.

On the 15th, police and military begin a search after a report from the company that there is a bomb threat at Kakao Pangyo Agit in Bundang-gu, Seongnam, Gyeonggi, and Kakao switches all employees to remote work as a precaution. The photo shows Kakao Pangyo Agit as the search is underway. /Courtesy of Yonhap News

One paid VPN posted guidance to the effect that "free VPN companies may sell records to third parties to cover operating costs, but our corporations that follow a no log policy can be trusted."

However, police stress that investigations do not hinge solely on whether a VPN company cooperates, and that international cooperation is also active. A police official said, "It is a mistake to think that simply rerouting an IP address can erase all traces and evidence." Another police official said, "Not only domestic VPNs but also overseas VPN companies are cooperating with investigations."

Bomb threats are punishable under the newly established crime of public intimidation this year. Regardless of actual damage, a person who openly threatens the public with content that could harm the lives or bodies of many can face up to five years in prison or a fine of up to 20 million won. For habitual offenders, the penalty is aggravated to up to 7 years and 6 months in prison or a fine of up to 30 million won.

※ This article has been translated by AI. Share your feedback here.