The Chief Information Officer for ExpressVPN, Daniel Gericke, has entered into a plea deal with the US government for his role in facilitating the United Arab Emirates in hacking and surveilling state dissidents. Gericke, who was formerly employed by the US military, is accused of violating US hacking laws and facilitating the UAE in a covert cyber espionage operation called Project Raven, which transpired before Gericke was employed by ExpressVPN.
Update: We have added more information and made corrections concerning the Deferred Prosecution Agreement, while also explaining the business case for hiring a former hacker (a practice we see with many other cybersecurity firms).
Earlier this week, we wrote an article about how ExpressVPN agreed to be purchased by Kape Technologies, a company with a growing presence in the VPN space. Today, we’re going to be covering another hot issue that just surfaced involving a high-level ExpressVPN executive, criminal charges, and international espionage.
According to Reuters, Daniel Gericke, the current Chief Information Officer at ExpressVPN, was one of three people who entered into a plea deal with the Department of Justice. These three individuals, all of whom are former military or intelligence officials, were ordered to pay a combined total of $1.69 million, cooperate with the U.S. government, and never seek a U.S. security clearance again.
What exactly did Daniel Gericke do?
Before joining ExpressVPN in December 2019, Gericke was part of a team that helped the UAE government hack and spy on its enemies. This was all revealed in court documents that were recently made public. Reuters further reports,
At the behest of the UAE’s monarchy, the Project Raven team hacked into the accounts of human rights activists, journalists and rival governments, Reuters reported.
The Reuters investigation found that Project Raven spied on numerous human rights activists, some of whom were later tortured by UAE security forces.
Baier, Adams and Gericke admitted to deploying a sophisticated cyberweapon called “Karma” that allowed the UAE to hack into Apple iPhones without requiring a target to click on malicious links, according to court papers.Karma allowed users to access tens of millions of devices and qualified as an intelligence gathering system under federal export control rules. But the operatives did not obtain the required U.S. government permission to sell the tool to the UAE, authorities said.
It’s important to note that Gericke, Baier, and Adams entered into a deferred prosecution agreement, or DPA for short. Within the DPA framework, there is no admission of guilt and the parties to the DPA will not be convicted of a crime.
Cooperation and Deferred Prosecution Agreement
The Department of Justice has released the deferred prosecution agreement for this specific case that provides us with more details. It contends that Gericke was notified on “several occasions” that his work with the UAE government was in violation of International Traffic in Arms Regulations (ITAR) and US law.
As part of the plea agreement, Gericke was fined $335,000. Additionally, he must fully cooperate with the FBI, as detailed in court documents:
The defendants shall cooperate fully with the Offices and meet with and provide full, complete, and truthful information to the FBI or any other U.S. government organization, upon request of the Federal Bureau of Investigation (FBI), including any follow-on meetings requested (the first meeting to occur within 90 days of signature of the agreement unless otherwise agreed to by the parties) at places and times to be determined by the FBI. This includes providing any documents, material, data, or information requested by the FBI that are in the possession or control of the defendants as of the time of the acceptance of this agreement.
Now let’s examine ExpressVPN’s response, as well as their reasoning for hiring Gericke in the first place.
ExpressVPN defends their CIO
ExpressVPN has chosen to stand by Gericke and continue his employment despite the controversy. They penned a blog post (as well as a follow-up post here) responding to the situation and explaining how Gericke has helped the VPN bolster security.
Since Daniel joined us, he has performed exactly the function that we hired him to do: He has consistently and continuously strengthened and reinforced the systems that allow us to deliver privacy and security to millions of people.
Since the scandal erupted, it seems that Gericke’s social media accounts are all but gone. However, we did find this account that details some of his previous work history.
The case for hiring a former hacker and defense expert
While many outlets have been quick to condemn ExpressVPN for defending and continuing to employ Gericke, there is certainly an argument to be made for this course of action. You can see in this ExpressVPN post how they list numerous ways and real-world examples where Gericke has helped to bolster the VPN’s security.
Looking beyond this specific case, we also find many examples of former hackers who have joined forces to use their talents for beneficial security endeavors. For example, HP’s Security Advisory Board consists of former criminal hackers, including Michael Calce (a.k.a. “Mafiaboy”) and Robert Masse. Both Calce and Masse pulled off major hacking exploits earlier in their lives, were eventually arrested, and then decided to use their talents for non-criminal endeavors.
There are also numerous cases where former defense and intelligence experts transition to the private sector to use their skills in a new venue. A few examples of this include:
- Kevin Manda, the CEO of Mandiant, who was a former Air Force officer.
- John Fokker, a former U.S. Marine, who is now Head of Cyber Investigations at McAfee.
- Eric Hipkins, a US military veteran and former intelligence analyst, who is now the CEO of R9B
There is clearly a case to be made for hiring a real-world hacking expert to improve security for a VPN service.
Gericke’s controversial activities transpired before he worked for ExpressVPN
It’s also important to note that all of this transpired before Gericke began working at ExpressVPN. ExpressVPN further clarified that they did not know about any of these activities involving Project Raven.
When we hired Daniel in December 2019, we knew his background: 20 years in cybersecurity, first with the U.S. military and various government contractors, then with a U.S. company providing counter-terrorism intelligence services to the U.S. and its ally, the U.A.E., and finally with a U.A.E. company doing the same work. We did not know the details of any classified activities, nor of any investigation prior to its resolution this month. But we did know what we had built here at ExpressVPN: a company where every system and process is hardened and designed to minimize risks of all kinds, both external and internal.
Can you trust ExpressVPN? Is it still safe?
While some may be alarmed with the news about Gericke, a close examination of the facts raises less cause for concern. For one, there is a clear precedent and business case to be made for hiring real-world hacking experts, especially those who may have experience in the defense industry.
Furthermore, we see numerous cases of former criminal hackers who now hold high-ranking security positions at major companies such as HP. Gericke is just one of many examples of this, and in our opinion, this is not cause for alarm.
Nonetheless, in an attempt to mitigate concerns and bolster trust, ExpressVPN has promised to undergo more third-party audits to verify privacy and security measures:
While we are confident that our commitment to this mission is unwavering, we understand that actions speak louder than words. To begin with, we’ll be increasing the cadence of our existing third-party audits to annually recertify our full compliance with our Privacy Policy, including our policy of not storing any activity or connection logs.
Ultimately, the question of trust is very subjective and there are many things to consider. From my own standpoint, the Gericke DPA situation does not raise any alarm bells after researching the case and the industry hiring practices with former hackers. Additionally, ExpressVPN’s announcement to conduct further third-party audits leaves me feeling even better.
While we do not consider this case to be overly alarming, there are still many other good VPN services to consider for those wanting to look at other options.
As always, we will continue to keep a close eye on the situation, including the upcoming audits, and update our recommendations based on all of the latest information and test results.
“There is clearly a case to be made for hiring a real-world hacking expert to improve security for a VPN service.”
While this may be true or not, the question is, what he was hacking and who was he helping in the so called real world. In this case it seems that he was helping a goverment to spy on its citizens, right? Well, that would be a very bad refference about any VPN service provider.
I’m more concerned that the “security” of this vpn company can be Leveraged by the gov. through the CIO from whatever plea agreement or charges that may have been “held back”.
Agree.
News. I found a hiring advert for ExpressVPN. “Talent Acquisition Lead – Full Time”.
Location? Dang, I smashed the top of my head on the sloping top floor wall when standing up. LOCATION Chinese controlled HONG KONG. So what is this all about British Virgin Islands then? It is a shell office, like most registered offices there (most addresses in TAX havens are in fact PostOffice addresses not offices). The company that owns them now in the above takeover also owns vpn review websites … that guess what REVIEW ExpressVPN. Anybody wish to refute me … TON OF EVIDENCE ON THE WEB YA!
Ditto that. Had I known I wouldn’t have engaged this vpn service.
Can you write a new article about the fact that the person in question/the executive seems to have hacked the phone of Loujain al-Hathloul (cf. https://en.wikipedia.org/wiki/Loujain_al-Hathloul for her person) who was then imprisoned. She has recently gone to the court btw…
Hi Sven, thanks for the info. I use Expressvpn(I switch soon) with a safe browser. When I visit the site tracefree.com, on that site you can check your privacy in 4 steps. The last step from the test opened a folder on my device and all files in my folder where visible? They say that Goolgle can trace you all the time, you can not hide for Google no matter what local installed browser or vpn you use, their solution is a cloud browser. Is that true? Is there anything to do about it? Thanks
Virtualization or cloud computing can be a good option for privacy.
Thank you for the information! Is there anything you recommend now? I pay for Express but my anxiety is worsening with it. This is so messed up and bizarre, I like none of the Israeli and UAE implications along with the original malware existence and the data manipulation for aggregate sites. I use tunnelblick for openvpn bc EV has sincerely become difficult on macs. Anyway, thank you for sharing and for the info.
You can find our current recommendations here.
https://www.vice.com/en/article/y3dawk/wickr-cia-funding-inqtel
Sven check at this please ,Wickr and CIA
Thanks for sharing, we’re researching the issue now.
what are currently the options to run a VPNclient on RDP?
ExpressVPN was good, because you didn’t loose connection. Most of VPN I tried, you couldn’t connect to the VPN after you started the VPN.
R.I.P. ExpressVPN. You have been a good friend ;-(
“According to sources close to the Russian law enforcement system, the partners “sold” Sagi’s debt to criminal elements – the Russian mafia. Sagi, who ran for 25 years in prison for bribery and fraud, has tried in recent months to reach an agreement with them. Despite this, the move was unsuccessful, and apparently led to the implementation of the assassination attempt”
Wow, the new owner of ExpressVPN sounds like a real upstanding guy! Certainly someone who I would trust my money and data with! Lmao
https://middleeast.in-24.com/News/amp/279013
Express should be a case study on how an industry leader was sold off by greedy management, to make it one of the companies with the lowest trust and goodwill in the market overnight.
HOT DAMN! That is insane news!
Don’t forget the other co owner who has links to Israeli spooks 😊 its not like they have a reputation of abusing there services and not survailing people 🙄
Assassination attempt? OMG I’m months behind!
This isn’t going to end well…
A CIO with a consent decree, or whatever the plea deal entailed, to cooperate with FBI being an officer of a VPN company is ludicrous! With any company it’s beyond stupid. Is Express secure, private and trustworthy with him there? Of course not!
This is the simplest no-brainer imaginable, get rid of him. The only possible out is if Express knew this guy was a criminal and hired him anyway, then he should be fired and given a severance payment. But if that’s true, the situation is even worse! CIO’s are a dime a dozen, get another one and let this clown work for CIA or whomever; he’s a good spy.
You’re right and that’s why I ditched Express. Moved to ProtonVPN and extremely satisfied.
Protonvpn have log and dns leaking never trust to proton company.
How do you KNOW that?
ExpressVPN employees are mega pissed off at their senior management. They’ve got a riot on their hands, and rightfully so, what with their reputation in tatters and all.
https://www.vice.com/en/article/jg87p4/expressvpn-employees-ask-questions-project-raven
Hello, Sven. I’m from South Korea. NordVPN, Surfshark’s Korean Server can’t bypass the Korean government’s internet censorship. ExpressVPN’s bypass that. So I wondered if it was a NordLynx or Wireguard problem, and I tried UDP and TCP, but it didn’t work. No matter how I connect, Nord and Surfshark don’t bypass it, and ExpressVPN bypasses it. So I’ve been using ExpressVPN, and this problem popped up. Which VPN should I use? Very confusing. Is it okay to continue using ExpressVPN in the future? If not, please recommend a VPN that has Korean servers and can bypass censorship. Except for Adguard VPN. Both conditions are met, but the speed is too slow. Thank you.
You can try to use the obfuscation method with Surfshark, which is called Camouflage Mode. With NordVPN, they have a lineup of Obfuscated servers you could try using for this situation. I think you should be fine either way and keep using Express if it is working for you in Korea, which is a tough situation.
I tried NordVPN’s obfuscated servers, but they didn’t have Korean servers. I didn’t know Surfshark had something similar! I’ll give it a try. Thank you so much for your kind and quick reply.
Hey PM, hope you’re doing well.
This is a common misconception that people have, that if they get a VPN, it will be their silver bullet to accessing prohibited content. The reality is, when a government bans a certain content from the Internet, all points of contact to it are severed, which means both ISPs and Servers/Datacenters have to comply with it. That’s the reason why your VPN’s Korean server is not able to access content prohibited in Korea. If a different Korean server/VPN operator is able to access it, its because they haven’t complied with the law, but they soon will. It’s only a matter of time.
Much love,
Riley
Jeez what a bunch of sniveling babies some of you are!
“Oh this company’s executive did this, this one is offering a service I don’t like, someone on reddit said this….I’ll never trust them again!” Wah wah waaah.
So expressvpn employed a bad Apple who is now in front of a judge & a company you don’t like bought them, and??? Until you’ve evidence that expressvpn is hovering up your data & handing it to the NSA, stop acting like the sky is falling. There are alternatives, use them. I doubt any of you whiner’s are dissidents in HK, Iran or North Korea & just want to be 100% anonymous for ” reasons”.
You could always live in the Canadian wilderness with no phone or internet, or otherwise, stop moaning & accept theres imperfect solutions & digital privacy evolution for you didn’t end yesterday.
No need to be snarky. When a company f***s up, people are bound to call them out, boycott their services and move to competing ones.
Isn’t that effectively what I wrote?
It’s good Sven has shown us this info, very. But some of the reactions are…immature, to say the least. Check the guy below talking about dumping a VPN service because they added an anti-virus option.
The fact is that, yes…Wickr & ExpressVPN, have in my opinion, made bad commercial decsions that may or may not impact their userbase. Ok nevermind, move on to other products when your subscription is up & move on.
Maybe some of the response here are hyperbole, hope so.
We found the Express vpn employee
Surfshark is moving to Netherlands. Big news! Bad news! Crazy news!
Yes we are investigating this situation and will report on it when we have more information.
Where did you find that? There is nothing about that on their website.
They updated their Terms of Service.
they made an announcement on reddit: https://www.reddit.com/r/surfshark/comments/ptyqzp/regarding_reorganization_surfshark_bv_and/
Hello guys, many month’s before i did warning to using expressvpn but many bodies did it ridicule !
But in here i say some of many servers of expressvpn still safe to use and most of theme are danger to use !
Good luck
Best cheers.
Hi,
I don’t like the service Surfshark is “pushing” to you when buying vpn service, it’s like anti virus/ melware protection, which asks access to all your data , files etc in your device, for extra 1.5$/month to be safe in real time…, think it’s called one/alert…
We know what worth all the the anti virus softwares….only to spy
It’s about time to check the option of setting your own vpn, if it’s possible
Yes, that’s a new Surfshark optional add-on. You don’t need to select this option at check out.
But they lost me, I canceled the subscription(less than 30 days) can’t trust them now, maybe they see that data mining is much more profitable.
Till now I use only NordVpn….
…
How can you not trust a VPN service, just because they include an optional anti-virus service?
I disagree, the VPN industry is becoming “bleak”. Think of the fall/winter of 2020 when Corona reared it’s ugly head in Asia. It’s only going to become worse. I believe.
VPN companies are being consolidated by unethical people. The latest casualty of course is Express VPN and PIA before them.
So what do you recommend?
I have moved from ExpressVPN to Ivpn.net. I can highly recommend them.
If nothing, this is a good test for the privacy websites that are working in public interest. If you see “privacy expert websites” that are still recommending Express, PIA etc. just skip it: they are probably working for some corporation. Sadly, there are only few places left when you can get the REAL news about these subjects. This website is one of them, thankfully. Keep up the good work, RP!
Thanks Bronco
As far as I can tell, installing a vpn on a router while using a different vpn on all devices is the only way to give surveillance the middle finger.
I have researched and used many VPNS and have settled on these: MULLVAD, IVPN, OVPN, VYPRVPN and PERFECT-PRIVACY
Sounds interesting. But speed must be very bad… it’s not the same like when you use double hop from one provider. It’s more something like tor network, I doubt you can download much stuff. 😊
But what’s the point of using a VPN? All of these “no logs”, “safe” vpns are showing up like this right now. Not to be offensive but every VPN DOES keep logs and i’m sure they could hand them out to any of the authorities.
Tor and I2P is probably the best option right now…
Correct me if i’m wrong tho 😀
No, there are definitely a few VPNs that have proven to be no logs through third-party audits and/or through real-world cases. The VPN world is not as bleak as you suggest, despite the recent bad news.
Expert comments:
– John Scott-Railton (163K followers), senior researcher at the University of Toronto’s Citizen Lab, said on Twitter that the ExpressVPN decision to hire and retain Gericke showed that “ExpressVPN knowingly hired a man that helped the UAE build its spy system……and help hack human rights defenders & target Americans. Time for a shakeup: the VPN industry is a toxic, dangerous mess”.
– David Maynor (14k followers), independent security researcher and former research scientist at Barracuda Networks, said on Twitter, “For safety reasons maybe skip ExpressVPN and Kape.”
– Liam Pomfret, pHD (2500 followers) privacy researcher and board member of the Australian Privacy Foundation, tweeted, “If you’re using VPNs to do more than just view overseas streaming services, you really want to move away from ExpressVPN.”
– Edward Snowden (4.8M followers), ex Central Intelligence Agency (CIA) employee tweeted: “If you’re an ExpressVPN customer, you shouldn’t be”.
Yes, we concur that there are serious concerns and are in the process of updating our main VPN recommendation page.
Hi Sven,
I don’t usually like to be cynical;
But wouldn’t it be nice if those bastards at Kape just blew a billion dollars?
Regards,
BoBeX
Here’s hoping Express burns itself to nothingness.
With the decision to defend Gericke, a guy whose work has been used to spy, track down and torture dissidents by the authoritarian UAE Govt, ExpressVPN can go get fudged.
This media outrage feels a little bit cancel culture-ish to be honest. Not defending the dude, but he was probably earning big bucks as a contractor working for some UAE company, not really thinking about the consequences. It’s not like Express as an org was helping the UAE spy on people. I dunno, this doesn’t really bother me.
The kape situation is a shitshow though. No recovering from that mess.
Wow! Two blows against Express, an a hard blow against ProtonMail (I know, not a VPN but still).
While I never used them or even considered them, or Nord, I always just assumed they would be a mainstay. Surprise, Surprise, Surprise.
Horrible infos, really. I wouldn’t be surprised if NordVPN would be next. Here they are, suggesting log-ins through Google credentials: https://nordvpn.com/blog/nord-account-third-party-logins/
This is becoming tragicomedy. 😊 I wouldn’t trust too much to so-called big players in this industry. For starters, don’t take long plans anyway. Explore, take extensive informations before you buy some service. So many websites are suggesting the same VPN companies as “the top ones”, like broken records…
Ok, did you read the Nord blog post? They are simply offering authentication through Google as an option, not a requirement. It’s a convenience thing for those who want it. Additionally, they warn,
“However, convenience does have a cost. By letting third parties authenticate your login, you become vulnerable to their data practices.”
I don’t see any problem with this.
And as to Nord, they are still sailing strong from everything I see, while ExpressVPN had been losing ground for the past year or so. But even still, all of this stuff with Gericke transpired years before he worked for ExpressVPN.
Yes, I read the article. The way I see the internet security and privacy company: less third parties (especially those you are preaching against!), and more open-source and transparency. Be meticulous with your own standards. Keep it simple and don’t confuse your customers. I didn’t say NordVPN has done much wrong, just noticed what I didn’t like. Time will tell, hopefully they will keep the good reputation.
First, I would like to THANK YOU for your efforts on this page! I follow every bit of info that you write!
So, I use PIA (Private Internet Access) and my subscription ends on 02.2022. I use this because I got a good price (32euro/year and one of the VPN servers is in my country) But with this whole situation with express VPN/pia- same owners I having big doubts about my privacy. Do I need to change to NordVpn? What are your recommendations? Thanks!
There are still lots of great options on the market, including NordVPN and others. We’ll be updating all of our VPN recommendations in the coming days based on the latest news, stay tuned…