Kiris Group Intelligence Security

Virtual Machines & Virtual Private Networks – Unlocking the mystery of why…

Staying secure online is more important than ever. As entire industries have migrated to remote working in order to continue operating throughout the ongoing COVID-19 crisis, this means more and more sensitive data and network traffic is at risk of being exposed. Whilst there are, of course, many other capabilities - including nascent hybrid cloud platforms - that have enabled secure remote working; the most widely used technical solutions to stay safe online are Virtual Private Networks (VPNs) and Virtual Machines (VMs). But, what are they, and how do we use them?

VPNs are one of the simplest yet most effective ways of staying secure online, and have a wide range of uses for both individuals and businesses. Essentially, a VPN masks your IP address by connecting your device to a server in a location of your choice, and changing it to the IP address of the location selected. The main benefit of this is that, especially when using public Wi-Fi access points such as those in airports or hotels, your network traffic cannot be attributed to you, and is encrypted by the VPN. While this still means that your traffic will appear in ISP logs (i.e. you are not ‘invisible’), it is not immediately apparent that you are viewing sites from your own public IP address.

From a physical security perspective, this also means you cannot be traced via your IP address. In November 2019, online investigators from Bellingcat were able to identify members of far-right forum Iron March using exposed IP addresses from across the US. There are also numerous cases of lower-level investigations that highlight how exposed IP addresses can be utilised by OSINT experts, which in turn reinforces the need to mask your public IP in order to enable better security. VPNs can (in locations where they are legal) also allow access to certain geo-blocked websites when the right IP address is selected, particularly media outlets.

From an investigations perspective, VPNs allow us to conduct research without risking network traffic and location being compromised – something that is hugely important in order to maintain confidentiality when working on sensitive projects. Being able to access geo-blocked content, from a relevant IP address can also be a real advantage when carrying out investigative work on a specific region, as it allows access to information not readily available from outside the relevant IP addresses. Essentially, VPNs allow us to disguise where we are in the world, and when used in conjunction with a virtual machine; allow us to carry out investigative work as securely and anonymously as a client demands.


VPNs, especially when used alongside VMs, make it easier for us to create and build up an online persona whilst conducting research that is aligned to the profile of any given region. Particularly when conducting investigations specific to certain geographical areas, this allows us to gather critical information with less chance of arousing suspicion.

VMs themselves are being used increasingly effectively in the world of OSINT, beyond simply being “sandboxes” for sensitive work or potentially harmful content – they are integral to conducting effective OSINT investigations. VMs allow multiple operating systems to be run at the same time on the same piece of hardware. VMs are conventionally used as a way of exploring software updates or using older versions of an operating system and provide operational flexibility in terms of being able to run multiple operating systems (and therefore compatible applications and software) centralised on the same device. Another key benefit to using VMs is that they mitigate the potential for loss of data due to hardware failure.

When applied to investigations and intelligence work, this makes VMs a highly useful tool. VMs allow us to access potentially harmful data, code and resources without risking damage to hardware and the primary software being used on a device. Avoiding malware is an integral part of any online investigative work, and using VMs is often one of the most effective ways to ensure we are able to do this.

If certain datasets, documents or applications that need accessing require a certain software version that is now out of date, VMs allow for us to download the relevant software while not risking compromising the devices we use. Ultimately, VMs allow us to access potentially harmful material that we feel is of vital importance to the work our clients require us to carry out. While they have a number of practical benefits like mitigating issues with software compatibility or hardware failures, their greatest benefit is that they allow us to conduct investigations as thoroughly and extensively as possible, without having to worry about what impact this will have.

If VPNs allow us to disguise ‘where’ we are, then VMs essentially allow us to disguise ‘who’ we are. Using the two alongside each other means we are able to appear from any location, using multiple operating systems, all from the same device.