VPN as a mode of secure communication, and enhancing security was invented in the mid 1990’s (1996 precisely), and since then has been adopted as one of the most secure ways to traverse between a network and the public internet, or to establish Remote Access to Servers (RAS), in a secure manner.

The concept of VPN’s has been one described by so many experts and researchers in the IT industry, and with no doubt has given a bit understanding of what the VPN (Virtual Private Network), is all about.

Now comes the question, what is the idea behind the use of VPNs on the public internet?

Behind the scenes during the early days of the internet users are open to the internet with just a PC, and not an additional security layer. So, for instance, if someone from Arkansas visits google page, google would be able to geolocate the user’s network, actual IP address, and of course track down the user easily.

Now google is a multinational company, and by virtue of reputation, trust, and standards google will be assumed to have no negative intention when they gain access to coordinates of the user passing through various pages on the public internet.  However, that would not be said of a random hacker who has ulterior motives and goals to ruin or cause harm to the public internet users.

In addition, during the early days of the internet, most searches, information, and data move from one point to another without being encrypted (unreadable data). Hence, data confidentiality and integrity the two arms of the cybersecurity TRIAD could not be guaranteed; and to make it worse, protocols such as HTTP (Hypertext Transfer Protocol) a less secure protocol were used as a form of communication.

The vision to improve security gave birth to the creation of the Virtual Private Network (VPN).  The dream was to provide a safe space to use the internet in communicating between resources, infrastructures, and users while ensuring data confidentiality, and data integrity.


To provide data confidentiality, the VPN encrypts the data being transferred over the public internet with what is known as encryption keys (Public and Private keys).


And data integrity is guaranteed using cryptography. The cryptographic mechanism does data integrity checks, by evaluating if the data originating between the communicating system, and the VPN server has been tampered with (modified or data corruption).


Moreso, providing confidentiality and Integrity checks, VPN also supports system authentication, whereby the user needs to provide credentials such as usernames, and password to get authenticated, and establish a secure VPN connection. 

Therefore, when a user purchases a paid software or VPN services, they are required to authenticate the VPN with credentials, and if it is an organization who uses VPN to communicate with its remote servers, then the organization staff are required to authenticate with their credentials (username & passwords), before gaining access to the organization’s internal resources.

Are VPNs Secure? How the Government Tracks VPN Users.

To understand the structure on how criminals are apprehended, or cyber-crimes are solved even thou the ransom gangs are behind a VPN service, let’s have an overview of the entire process involved in having internet access.


As an interested user of the internet, when you request a particular network carrier internet service installation, you are provided with an optical router, and mesh router all together. You might wonder, why these two devices are provided? During the application for internet services, your ISP asks you of sensitive information’s.

These information’s includes the number of rooms, the number of households, and the size of your home. The aim of these questions is to understand how they can provide seamless connectivity without signal interruptions or downtime.

Therefore, modern internet connectivity which provides 5G networks, requires a combination of both the optical router, and mesh router. By so doing, every user or inhabitant of the home would have the same signal strength irrespective of their location (i.e. in the bedroom, the garage, or the living room).


A network technician responsible for the installation of your internet service is handed over the necessary hardware (Router and cables) by your ISP after you have provided the necessary information. Before issuing out this hardware, the ISP provider recorded the necessary information’s of the hardware, and the home address that is assigned the router device. These information’s are situated behind the router devices and includes the following:


This is a unique identifier associated with the device. Whenever a situation or trouble occurs with the device, an experienced user can use this unique identifier, to track possible errors with that device online, and probably fix it. But this is not limited to users as well, as an experienced hacker could also use this number to track down possible ways to hack the network device, or crawl the internet to determine the default credentials, and if the home network user has these default credentials in use, the experienced hacker, could login and find a way to be a rogue on the network.


The product ID is a unique Identification to identify the product (i.e. the router). This allows the ISP to have reachability with your device. No two-network router has the same product ID, every user of the ISP has their product with a different product ID.  This information should be secured as well, because if a hacker gained access to the database or info leakage of an ISP, they could use this information to search for user’s PII (Personal Identifiable Information), and further conduct a perfected social engineering attack.

3. MAC:

The Media Access Control (MAC) address is also known as the PHYSICAL ADDRESS. It is a burnt hardware component (card) on your system, which serves as a unique identifier. No one system or network router in the entire world has the same mac address.

How these unique numbers are generated not to be the same across multiple organizations and devices, are out of this scope of this article. However, to understand who issues out MAC addresses, read more about the IEEE (Institute of Electrical Electronics) organization

Although users can alter their mac addresses temporarily using a technique called MAC SPOOFING, this technique is not a permanent one as after a certain period, the temporary mac address reverts back to the original mac address (Physical Address) of the user’s device. Hackers are known to use this technique (MAC SPOOFING), to bypass blocking of network access which may have been implemented by a network security expert using the technique known as MAC FILTERING.


Every router comes with a unique serial number, these numbers are usually alphanumerical (alphabets and numbers) and are unique to every router device. This number is what is known as DEVICE SERIAL NUMBER.

Now, you have understood this information, let’s now have an overview on they are tied down to your personal information.

The router provided by your ISP is linked to the information’s which you provided to the ISP, before they sent down the Network technician to install your internet connection. (see router image below).

  An Huawei EchoLife Gpon Router. Image-source: Fixitgearware Security

So, what are these information’s you provided? You may ask.



The residential address of the user who request for such service installation, are requested by the ISP. This is to register the information in the database, and also help as a means of identification when physical troubleshooting is required by the internet user.

So, when you contact your ISP due to a service down time, they always request for your home address, in other to identify the location, and possible send over the technician to come troubleshoot the issue reported.

  1. NAME:

The applicant’s full name is requested by the ISP customer service care, as a reference guide to know a person of contact for future identification, and of course as a means of security measures to prevent a suspicious person from pretending to be the legitimate user of the service and obtain sensitive information.


Your international passport, driver’s license, Social Security number etc. are requested, depending on the government approved means of identification issued to the ISP, and internal organization policies of the ISP, that are mandatory upon the request of a service.


The contact number serves four purposes:

  1. To Identify the caller when an issue is reported and create a ticket for reference and a possible call back.
  2. To identify the user and of course track them when they are required to be pay up for a service or be available for a routine update (data update).
  3. To be reachable by the technician on the possible day they can come over to install/troubleshoot the network connection.
  4. To setup the mobile application of the ISP mobile app. So, when users desire to change their password, reset their connection, and more they can login with their credentials and of course sent an OTP (One-Time-Pin), to verify that the actual user, is the one accessing the services. This is considered an enhanced security.

Providing the email address, serves as a means of the user (client of the ISP) to receive their electronic billing information, and additional products and services promotions the ISP has going on. With the invention of mobile apps, the email service isn’t that too necessary, as these apps are able to generate PDF’s billing in-app.

However, not everyone is tech savvy, so most ISP still request for email addresses and not to ignore the fact that it is also important for the registration of the ISP mobile application.

All these information’s are then keyed into the ISP user’s registration Database and registered in line with the router device information (see ROUTER INFORMATIONS AND SERIAL NUMBERS in this article).

Upon installation, and completion, when the network security installer hands over the customer’s copy of the billing receipt or invoice, to the homeowner or person who requested for the service, you would notice that all necessary information is written in the customer’s copy of the invoice and given to the customer to sign. These information’s consist a few of the information described in (see ROUTER INFORMATIONS AND SERIAL NUMBERS in this article), and (see USERS INFORMATION THE ISP REQUESTS, BEFORE INSTALLING A NETWORK ROUTER in this article).

Signing this document (invoice or receipt), is an attestation or a form of verification that indeed the user received the hardware, and the service has been successfully installed. (Billing of service installation, and more is out of the scope of this article).


Your ISP issues you a public IP address, and a private IP address. The private IP address is a form of default gateway, the IP address, is how a user can access the router administrator panel (see router image above to get an idea of what the default gateway IP address looks like).

The public IP address is how a user accesses the public internet. So, when you visit a website or the darkweb, your actual public IP address tied to your router, is what the website owner, content delivery network (CDN), or malicious hacker whose page you are visiting sees. Hence the need for a VPN (Virtual Private Network) Connection.

So, what does the term Virtual Private Network Mean?


The term virtual means the connection going on between two or more communicating devices are not real, rather they are virtual connection (not the real address) provided by the VPN Software application provider.


Private means all data, packets, and information requested/transmitted are encrypted from prying eyes, and only members connected by the VPN software can read the information being transferred across the network. The Fed’s, your ISP’s, the Hacker’s on the public internet and more, cannot be able to intercept or read your data. (See image below).


A group of two or more devices communicating with each other/one another.

Your ISP issues you a public IP address, and a private IP address. The private IP address is a form of default gateway, the IP address, is how a user can access the router administrator panel (see router image above to get an idea of what the default gateway IP address looks like).

                                                                          An overview on how the VPN sends data across the network. Image-source: Fixitgearware


Hackers both good and bad (ethical and non-ethical hackers), are known to conceal their true identity. For the good guys it is about internet safety and security, and for the bad guys well, it is for various reasons but let’s stick to the fact that they do not want to be tracked or geolocated.

Getting insight into what VPN is all about, so how do malicious hackers stay anonymous?

Malicious hackers are known to be obscuring their locations using dark web-services that provide anonymity. Most of you are familiar with what we call the Tor-Network, but hackers do not solely rely on such services because of their identity (website visited being uncovered via the exit-nodes of the tor network). So, the ISP can understand what website the user is visiting during the tor-network node exit.

To ensure complete anonymity, these hackers are known to use multi-layer security known as Multi Hop VPN.

Click Here to Read about Multi Hop VPN


Let’s consider you as an internet user, who uses a VPN service, to access the internet, even thou your connectivity and data transmissions are encrypted using what is known as (VPN TUNNELING), your ISP are still able to monitor, and identify a surge in traffic passing through their network communication, and the IP address (That of the VPN) sending such traffic.

If the said IP address, has been reported for a crime on a state level (by local authorities), all ISPs in that state are immediately requested to provide logs and information’s, the ISP in turn can do some online digital footprint using OSINT (Open-Source Intelligence) tools, identify the VPN hosting providers and subpoena them to provide logs and information pertinent to that specific IP address.

With the information provided, and of course payment information involved as well the ISP are able to reference that data with both the information in (see ROUTER INFORMATIONS AND SERIAL NUMBERS in this article), and (see USERS INFORMATION THE ISP REQUESTS, BEFORE INSTALLING A NETWORK ROUTER in this article), to then track down the culprit if the information provided by the VPN service provider matches the name they have in their database.


When it comes to forensic investigations, the priority of the government is to ensure the “RIGTH CRIMINALS” are apprehended, and the “THE GOVERNMENT IMAGE RETAINS ITS REPUTATION.”

As a cybersecurity professional, you should not limit yourself to technical or theoretical knowledge alone, infuse both to understand the dos and don’ts, and that includes the Law, and how vast majority of crimes are resolved.


There are lot of factors to consider before conducting a burst and arrest, but since we are talking about VPN, malicious hackers, and router connectivity, let’s explain this with Wi-Fi hacking.  A user of an ISP service might not know their Wi-Fi passwords have been compromised, and a random neighbor is behind the VPN causing such surge and of course committing the crime. Bursting the legitimate user of the ISP, could result into a litigation to not just the ISP but also the government; and to the public eye the administration (current government in power) responsible for such crackdown are seen as incompetent, leading to the citizens losing trust on the government.

Hence, a reason why due diligence is conducted before any crackdown is carried out, and of course apprehending the actual perpetrator of the crime.


Although VPN providers assure you that they do not retain logs and connections, this is farfetched from the truth as they also need certain information to render their billing and of course debit your monthly charges.

Assuming a malicious hacker is using a VPN IP address running on a dedicated server (to ensure speed and prevent latency), it is easy to track down the user who is using the dedicated server (as this service is expensive and only a few can afford it). If that IP associated with the VPN service has been on the radar of a list of blackl*sted IP addresses, that becomes a point of reference for Forensic Investigation, to commence.

The government is above all jurisdiction, except the jurisdiction outside its own country, and of course if the syndicates are globally wanted, then all countries are forced to bend their laws and comply, as criminal gangs wanted, could also be targeting their country.

So, what happens next?

The Feds, ISP, and other security agencies can obtain a warrant and subpoena services even if they are offshore, and these VPN services with no other way to uphold their agreement when selling their VPN service to users who trusted them, are forced to comply with the government or face the law, which may include losing the license to operate or pay a huge fine.

Therefore, against their will with the notion they are complying with the law, they release these logs, and possible data that are responsible for the connection. These data include names, payment information, and other personal information.


Upon obtaining these logs from the VPN providers, the ISP are contacted by the Feds, to provide additional information these information’s are all data belonging to the user (see ROUTER INFORMATIONS AND SERIAL NUMBERS in this article), and (see USERS INFORMATION THE ISP REQUESTS, BEFORE INSTALLING A NETWORK ROUTER in this article).

With this data’s provided, the Feds and investigation team then proceed to consider other aspects of uncovering the syndicate.


Forensic investigations are a part of the process carried out when trying to solve cybercrime cases. When cyber criminals conceal themselves using MULTI VPN HOP connectivity, then it implies that for each information revealed by a VPN service provider, it will lead to another VPN service provider, and if the cyber-criminal uses various identities (Fake Identities) to purchase the multiple VPN services, it then makes it difficult for the criminals to be tracked down, and possibly apprehended.

A reason, reports in the digital world regarding a group of cybercrime gangs, are seen to have been on the investigation list surpassing over a decade.  This is because for each identity uncovered, it leads to another ghost identity. Most times these crimes are eventually resolved either by luck or a silly mistake by the gang or a member of the gang e.g. Like using the same credit card information to pay for a legal service (food or item) in a legitimate store.


Although the VPN network services promise’s anonymity, you are not completely anonymous at least from the government. VPN services should be used if and only if you are into something good, support a good cause, or protecting yourself from hackers who might hack your device and possibly exploit your file system and data when using the public internet or the Darkweb.


With this entire article, you have come to appreciate router and network connectivity installation, A brief about VPN connectivity and services, VPN Hop a mechanism by which Hackers stay anonymous, and how you are tracked by your ISP, government, and the CIA or Bureau agency even thou you are behind a VPN service.

No matter how security is implemented, you are not completely anonymous, it is therefore advisable to stay away from crimes and situations that would lead to offending the law or government institutions.  Thanks for reading.




Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Her
5 1 vote
Article Rating
Notify of
Inline Feedbacks
View all comments