It's obviously an unsubstantiated statement, but given all the concrete information on the MOs of alphabet agencies, it seems like a reasonable bet. If they haven't done one of those things, they probably just haven't gotten around to it yet.
Room 641A is located in the SBC Communications building at 611 Folsom
Street, San Francisco, three floors of which were occupied by AT&T before
SBC purchased AT&T. The room was referred to in internal AT&T documents as
the SG3 [Study Group 3] Secure Room.
The room measures about 24 by 48 feet (7.3 by 14.6 m) and contains several
racks of equipment [...].
The oddly detailed description along with the badly lit photo makes this read like an SCP entry.
Is it that wild? There are a few questions we have to ask
1. Do these agencies have the motivation to do the above? I think the answer here is an obvious yes to everyone
2. Do these agencies have the technical ability to hack the VPNs, the finances to pay them for access, or some other reasonable measure to coerce compliance?
If 1 and 2 are both true, then the OP claim is also certainly true.
Given that 1 is true, I don’t think it’s “wild” to claim that these agencies cannot satisfy 2. In fact I’d say given the historical record, the more wild claim is that the CIA/NSA etc is incapable of satisfying #2.
It's a crime. Maintaining continual access to every major vpn provider increases the probability of getting caught breaking the law towards one while continually risking the methods required to acquire such access each time your implant is discovered.
If you are using unknown exploits not passed on to relevant software projects each discovery further risks said exploit being discovered then used against us individuals and enterprise.
It is a potentially very high cost for mediocre gain as criminals can turn to more secure methods leaving you with a lot of data on whose hiding piracy from their ISP but little of actual value.
Meanwhile you can direct attack targets any other ways when they are likely to have actual intelligence instead of hoping they log into nord VPN.
In brief speculation is incredibly likely to be based on bad logic and should probably attend more to actual know.
Eg most people aren't important enough to directly target. Uncle Sam probably knows the entire contents of your Gmail but not what you do via nord VPN. At such time as you become an international drug lord your privacy is likely to fall apart when Sam starts serving providers who do business with you.
The Interpol literally took over a darknet market (Dream) using stolen admin credentials and continued to run the site for months to gather intelligence on vendors and buyers. Not the same thing but if LE is willing to operate a major illegal drug trafficking operation then surely hacking a few VPN companies doesn't seem impossible.
Great example however unlike constantly hacking all VPN providers this is potentially deemed legal kind of like under cover cops doing controlled buys to trace drug networks. Also unlike hacking all the VPNS. It's also pretty high benefit for a very finite and controllable risk.
What crime is it for the NSA/CIA, who are explicitly tasked by the government with gathering intelligence on foreign agencies, to hack say Mullwad, a Swedish entity? That’s like saying it’s a murder for the police to shoot someone who has hostages. I mean yes it’s the same action, but when it’s been deemed justified by the government, it’s not really a crime in the same way.
A crime in Sweden perhaps. Who will Sweden charge? Do they even have names for individual employees?
It’s also a “crime” to sell false and compromised products to customers yet CryptoAG existed for decades.
> At such time as you become an international drug lord your privacy is likely to fall apart when Sam starts serving providers who do business with you.
Then you’re simply agreeing under point 2, I.e they have they ability to coerce cooperation when desired
The (law enforcement) agencies can just go to the few biggest VPN suppliers. Just like they go to FAANG.