ExpressVPN CIO helped UAE hack phones and computers
ExpressVPN’s chief information officer has previously helped the UAE orchestrate a massive cyber espionage campaign on computers around the world.
According to at the Justice Department, ExpressVPN CIO Daniel Gericke and two others worked as hackers on behalf of the UAE to develop zero-click attacks capable of penetrating Internet accounts and devices, including those in the United States.
All three previously worked for the US intelligence community. However, by offering their hacking expertise to a foreign country from 2016 to 2019, the trio violated U.S. export controls, which required them to obtain a license from the State Department to provide such services. Reuters originally reported on the rental-versus-piracy program with the United Arab Emirates, and said espionage tricked iPhones and Internet accounts owned by activists, political rivals and even Americans.
Cyber espionage naturally raises questions about the security around ExpressVPN. However, the VPN service remains with Gericke, who ceased his work with the UAE once he joined ExpressVPN in December 2019.
“We have known the key facts about Daniel’s work history since before he hired him because he proactively and transparently disclosed them with us from the start,” ExpressVPN wrote in a blog postt on Wednesday. “In fact, it is his history and expertise that has made him an invaluable hire for our mission of protecting user privacy and security.
Despite violating US laws with hacking, the Justice Department refrains from accusing Gericke of a crime. Instead, he struck a deal that never again prohibits him from conducting “computer network operations” on behalf of an employer. He also agreed to pay a fine of $ 335,000.
ExpressVPN adds that it constantly checks its VPN service for security. “Of course, we don’t just rely on the trust of our employees to protect our users,” he wrote in Wednesday’s blog post. “We have robust security systems and controls in place in all of our systems or products. We also engage and provide extensive access to numerous independent third parties to perform audits, security assessments, and penetration tests on our systems and products.
Recommended by our editors
ExpressVPN’s VPN service can encrypt your internet connection to prevent snooping, but that assumes that its employees aren’t doing any fun deals on the backend. By routing your internet through a VPN, you are also transferring your browsing history to a server under someone else’s control. This may allow them to log in and collect your data.
However, ExpressVPN claims that Gericke used her expertise to improve the VPN service. “Daniel has a deep understanding of the tools and techniques used by the adversaries we aim to protect users from and, as such, is an expert uniquely qualified to advise on defense against such threats. Our product and infrastructure have already benefited from this understanding to better secure user data, ”adds the company.
The news comes after ExpressVPN this week sold to Anglo-Israeli digital security software provider Kape Technologies for a reported $ 936 million. “With their support and resources, we’ll be able to innovate faster and protect you against a wider range of threats,” says ExpressVPN.
Do you like what you read ?
Sign up for Security watch newsletter for our best privacy and security stories delivered straight to your inbox.