2024-12-19 11:00:00
According to the Kela analysis, cybercrime forum users have recommended Big Mama in other posts over the past year or shared tips on what configurations people should use. In April this year, security company Cisco launched Talos said it had seen traffic from the Big Mama Proxy, along with other proxies, being used by attackers trying to brute force their way into various corporate systems.
Mixed messages
Big Mama has few details on its website about its ownership or leadership. The company’s terms of service state that a company called BigMama SRL is registered in Romania, although an earlier version of the company website from 2022And now at least one live pagelists a legal address for BigMama LLC in Wyoming. The US-based company was dissolved in April and is now listed as inactive on the Wyoming Secretary of State’s website.
A person using the name Alex A responded to an email from WIRED about how Big Mama operates. In the email, they say that information about free user connections sold to third parties through the Big Mama Network is “duplicated multiple times in the app marketplace and in the application itself,” and that people must accept the terms and conditions to use to be able to use the VPN. They say that the Big Mama VPN is officially only available through the Google Play Store.
“We do not and have never advertised our services on the forums you mentioned,” the email states. They say they were not aware of Talos’ findings in April about the use of their network as part of a cyberattack. “We block spam, DDOS, SSH, as well as local network, etc. We record user activities to cooperate with law enforcement authorities,” the email said.
The Alex A persona asked WIRED to send him more details about the ads on cybercrime forums, details about Talos’ findings and information about teens using Big Mama on Oculus devices, and said they would be “happy” to answer further questions. However, they did not respond to further emails asking additional details about the investigation results and questions about their security measures, whether they believed someone was posing as Big Mama to post on cybercrime forums, the identity of Alex A, or who runs the company.
During the analysis, Trend Micro’s Hilt says the company also found a security vulnerability within the Big Mama VPN, which could have allowed a proxy user to gain access to someone’s local network if exploited. The company says it reported the error to Big Mama, who fixed it within a week, a detail Alex A confirmed.
Ultimately, Hilt says, there are potential risks when someone downloads and uses a free VPN. “With all free VPNs there is a trade-off between privacy or security concerns,” he says. That goes for people loading them onto their VR headsets. “When you download applications from the Internet that are not from the official stores, there is always the risk that it is not what you think it is. And that even applies to Oculus devices.”