ExpressVPN Knew 'Key Facts' of Executive Who Worked For UAE Spy Unit (vice.com) 11
An anonymous reader quotes a report from Motherboard: ExpressVPN, a popular VPN company, said it was aware of the "key facts" of its chief information officer Daniel Gericke's previous employment before hiring him. On Wednesday, the Department of Justice disclosed in court records that Gericke worked on Project Raven, a surveillance operation for the United Arab Emirates government that involved hacking of Americans, activists, and heads of state. "We've known the key facts relating to Daniel's employment history since before we hired him, as he disclosed them proactively and transparently with us from the start. In fact, it was his history and expertise that made him an invaluable hire for our mission to protect users' privacy and security," ExpressVPN told Motherboard in a statement. "Daniel has a deep understanding of the tools and techniques used by the adversaries we aim to protect users against, and as such is a uniquely qualified expert to advise on defense against such threats. Our product and infrastructure have already benefited from that understanding in better securing user data," the statement continued.
On Tuesday, unsealed court filings described how Gericke as well as Marc Baier and Ryan Adams faced charges for their part in working on Project Raven. The court records say that the three violated the International Traffic in Arms Regulations and conspired to commit access device fraud and computer hacking offenses. The court records say that the three took a zero-click exploit, which allows takeover of a device without any user interaction, and implemented that into Karma, the hacking system used by the UAE's Project Raven. Project Raven involved the hiring of former U.S. intelligence hackers who then worked on behalf of the UAE government, Reuters reported in 2019. The court records also describe other uses and purchases of exploits by the group. The court filings detailed that prosecutors will drop the charges if the three men cooperate with U.S. authorities, pay a financial penalty, and agree to a list of unspecified restrictions on their employment. Earlier this week, ExpressVPN was sold to Kape Technologies in a deal worth $936 million.
On Tuesday, unsealed court filings described how Gericke as well as Marc Baier and Ryan Adams faced charges for their part in working on Project Raven. The court records say that the three violated the International Traffic in Arms Regulations and conspired to commit access device fraud and computer hacking offenses. The court records say that the three took a zero-click exploit, which allows takeover of a device without any user interaction, and implemented that into Karma, the hacking system used by the UAE's Project Raven. Project Raven involved the hiring of former U.S. intelligence hackers who then worked on behalf of the UAE government, Reuters reported in 2019. The court records also describe other uses and purchases of exploits by the group. The court filings detailed that prosecutors will drop the charges if the three men cooperate with U.S. authorities, pay a financial penalty, and agree to a list of unspecified restrictions on their employment. Earlier this week, ExpressVPN was sold to Kape Technologies in a deal worth $936 million.
At this point I can only say (Score:4, Interesting)
Expect every VPN service that claims to shield your privacy compromised. I mean, let's be honest here, if you were some governmental agency, what kind of service would you either infiltrate or just create yourself if you planned to catch people trying to escape your scrutiny?
Re: (Score:2)
This method of compromising VPN systems totally removes the need for Room 641A.
In Soviet Russia: YOU are Room 641A
Re: (Score:2)
As ever, it depends who your adversary is.
If you just want to stop your ISP from spying on you, or avoid getting spammed with copyright infringement claims, you don't need to worry about this kind of issue.
If your adversary is the government then better use Tor, ideally disguised as a normal HTTPS connection.
Re: (Score:2)
If your adversary is a government, find a VPN service in a country that doesn't like that government.
Re: (Score:3)
"Expect every VPN service that claims to shield your privacy compromised. "
At least don't use it from home if you're committing crimes.
Re: (Score:2)
> Rarely do the Deep State apparatchiks actually suffer real punishments
Right. DoJ went out of their way to only fine them monetarily and stipulate that nobody could reimburse their fines 'without permission' from DoJ.
Which is silly because money is fungible. That they got a slap on the wrist for what they did tells you who is working at that VPN provider.
Re: (Score:2)
It certainly raises my suspicions. It would not be the first time the DOJ has said "We will suspend punishing you for this bad thing, if you instead do that bad thing for us".
The compromised "secure" phone the FBI and Australian Federal Police (our version of the FBI, kind of) used to track drug kingpins is a pretty solid example of that.
Re: (Score:2)
They are also prohibited from employment that involves computer network exploitation or hacking.