Kape Technologies, a former malware distributor that operates in Israel, has now acquired four different VPN services and a collection of VPN “review” websites that rank Kape’s VPN holdings at the top of their recommendations. This report examines the controversial history of Kape Technologies and its rapid expansion into the VPN industry.
As is normal in the tech industry, the VPN world is undergoing some major changes and consolidation. The most recent example of this is with ExpressVPN, which announced plans this week to be acquired by Kape Technologies. While this may come as a surprise to many people, it is nothing new in the industry. In fact, Kape has been on a VPN buying spree since 2017.
Unfortunately, many VPN users remain oblivious about the real owners of the VPN they are using as well as the questionable history behind some of these entities. This in-depth report intends to reveal the details for all to see. Here’s what we’ll cover:
- Kape (formerly Crossrider) was a distributor of malware and adware
- The people behind Kape and Crossrider
- Crossrider begins purchasing VPN services, then changes name to Kape Technologies
- Kape purchases a collection of VPN “review” websites, then changes the rankings
- The future of Kape’s VPN ventures
To get a better understanding of the situation, we must first examine the history of Kape.
Kape (formerly Crossrider) was a distributor of malware and adware
Before 2018, Kape Technologies was called Crossrider and it was an infamous player in the malware industry. You can still find numerous articles about Crossrider’s malware and adware infecting various devices.
Below is an excerpt from a Malwarebytes article that discussed how Crossrider malware infected devices through software bundles:
Crossrider offers a highly configurable method for its clients to monetize their software. The common method to infect end-users is software bundlers. The installers usually resort to browser hijacking. Targeted browsers are Internet Explorer, Firefox, Chrome, and sometimes Opera. Crossrider not only targets Windows machines but Macs as well.
PUP.Optional.Crossrider installs are typically triggered by bundlers that offer software you might be interested in and combine them with adware or other monetizing methods.
In studying Crossrider’s business, it appears that Crossrider profited from infecting devices with malware, which would then use browser hijacking to direct traffic to partner advertisers. This pernicious line of work earned Crossrider a notorious reputation. This business model goes hand-in-hand with data collection, while also abusing the privacy and security of the end-user who suffered the misfortune of being infected with Crossrider malware.
Important note: Crossrider malware was still wreaking havoc as late as August 2019. This is a full two years after the purchase of CyberGhost VPN and the initial promise to refocus on user privacy. However, there is no evidence that Kape is still in this line of business today.
Now that we’ve examined the business operations of Kape/Crossrider, let’s look at the leadership.
The people behind Kape and Crossrider
The main person behind Kape is Teddy Sagi, an Israeli billionaire who previously spent time in jail for insider trading. Sagi earned much of his wealth from a gambling company called Playtech. Sagi acquired Kape Technologies in 2012 and led it to be a major player in the malware and adware industry.
Interestingly, Sagi is also named in the Panama Papers that detail a “rogue offshore financial industry.”
The other key figure behind Kape is Koby Menachemi. Forbes wrote a good article on Menachemi, detailing his ties to Israeli intelligence and cyber espionage.
Forbes noted the ties that Kape had to Israeli state surveillance entities:
A vast number of companies are affiliated with ad injectors, either packaging their tools or funnelling ads down to them. One of the biggest is Crossrider, the majority stake of which is held by billionaire Teddy Sagi, a serial entrepreneur and ex-con who was jailed for insider trading in the 1990s. His biggest money maker to date is gambling software developer Playtech. Co-founder and CEO Koby Menachemi was part of Unit 8200, where he was a developer for three years.
What went unnoticed, until now, is that most of the searchable organisations involved in this potentially dangerous business are based in Israel. They also happen to have links to the nation’s military and its top signals intelligence agency, the Israeli equivalent of the NSA or GCHQ: Unit 8200, which works out of the Israel Defense Forces (IDF).
Interestingly, we also just learned that ExpressVPN’s CIO, Daniel Gericke, also has ties to state surveillance activities. According to Reuters, Gericke and two others, “admitted to violating U.S. hacking laws and prohibitions on selling sensitive military technology” to the United Arab Emirates. According to reports, this “sensitive military technology” helped the UAE spy on dissidents and human rights activists.
“Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct,” Acting Assistant Attorney General Mark J. Lesko for the Justice Department’s National Security Division said in a statement.
Make of this situation what you will. However, keep in mind that when you use a VPN, you are trusting the service to handle all of your encrypted traffic and not do anything questionable in the background.
Crossrider begins purchasing VPN services, then changes name to Kape Technologies
Now that you understand the background and leadership behind Kape Technologies, let’s examine its involvement in the VPN industry.
2017: Crossrider purchases CyberGhost VPN for $10 million
Crossrider’s first big VPN acquisition was in March 2017 when it purchased CyberGhost VPN for about $10 million. Originally founded in 2004, CyberGhost was a big player in the industry that experienced rapid growth before it was acquired.
2018: Crossrider changes name to “Kape”
Sometime in 2018, Crossrider decided to change its name to “Kape Technologies” as part of a rebranding effort. Ido Erlichman, the CEO of Kape, admitted that the name change was an attempt to distance Kape from controversial “past activities”:
The decision to rename the company, explains Erlichman was due to the strong association to the past activities of the company as well as the need to enhance the consumer facing brand for the business.
CyberGhost also admitted in a blog post that Crossrider was an “ad tech” company that did the “opposite” of what CyberGhost does (privacy and security):
While CyberGhost focused on privacy and security from day one, Crossrider started out as a company that distributed browser extensions and developed ad tech products. Quite the opposite of what we did.
2018: Kape purchases Zenmate VPN for $5 million
Not being content with just one VPN service, Kape then moved on to purchase Zenmate VPN, based in Germany, for around $5 million.
2019: Kape purchases Private Internet Access for $127 million
The next acquisition came in 2019 when Kape purchased Private Internet Access (PIA) for $127 million in cash and shares. At the time, PIA was a major player in the VPN industry with a substantial user base.
We wrote an article about it back in 2019 and described how many PIA users were upset about the acquisition and did not trust Kape. This screenshot from a PIA user on the PIA subreddit summarizes the situation in a few words.
But the acquisitions were not over…
2021: Kape purchases ExpressVPN for $936 million
The latest major VPN acquisition we have for Kape Technologies is ExpressVPN, which it purchased for nearly $1 billion. This is by far the largest VPN acquisition to date and a major addition to Kape’s portfolio.
Watching this same story play out over and over again over the past four years is kind of like Groundhog Day. We generally find two reactions, with the user base being upset and the acquired VPN trying hard to calm everyone down.
- ExpressVPN users largely seem upset by the news.
- ExpressVPN issues canned statements and press releases along the lines of “Don’t be alarmed, everything is good!”
Let’s see how many more times this same story plays out with future VPN acquisitions.
Kape purchases a collection of VPN “review” websites for $149 million, then changes the rankings
In another twist to the plot, Kape Technologies also purchased a collection of VPN review websites in 2021. Yes, you got that right. The parent company that owns these VPNs now also owns a few high-profile websites that “review” and recommend VPNs to users around the world.
This is clearly a conflict of interest, but that goes without saying.
In May 2021, news broke that Kape had purchased a company called Webselenese. Like Kape, Webselenese also operates out of Israel and runs the websites vpnMentor.com and Wizcase.com. Collectively, these two websites have monthly search traffic of around 6.1 million visitors according to Ahrefs traffic analysis tool (September 2021).
Note that there may be other VPN review websites in Kape’s portfolio that we’re not aware of.
Visiting vpnMentor’s homepage today, we find that the parent company’s three large VPN services all hold the top 3 spots in the rankings of the best VPNs for 2021.
Wizcase.com: Similarly, we find the exact same top 3 rankings on Kape’s other website Wizcase.com.
Just a few months ago, both vpnMentor and Wizcase had NordVPN and Surfshark in their top rankings. However, since Kape purchased these websites, we see significant rankings changes that give all of the top 3 spots to Kape’s own VPN companies.
The future of Kape’s VPN ventures
If the past is an indication of the future, Kape will continue to expand its holdings in the cybsersecurity and VPN industry, which only continues to grow. Perhaps in the not-so-distant future, this conglomerate of VPNs and VPN review websites will be spun off and potentially sold as its own company.
In the meantime, there are now millions of VPN subscribers who fall under Kape’s ownership and control. Unfortunately, none of Kape’s VPNs that I have tested have been stand-out performers. The one exception would be ExpressVPN, but it too has fallen behind in the past year and dropped a few spots in our rankings, which will be updated soon to reflect these developments and the latest tests.
Hopefully, this trend in consolidation will slow down as it gives the end-user fewer choices with independently-owned VPN services.
Hi Sven,
Great article.
I have never used this companies services (as far as I am aware – nod, nod).
They are truly disgusting.
There must be a lot people who sign up and forget about there subscription or use vpns for access to geo-blocked content. Maybe it’s all those ads and paid sponsorships? (rhetorical)
Regards,
BoBeX
Hi Again,
Concerning VPN paranoia (I am quite paranoid myself):
One’s paranoia level is tied to one’s risk level. Someone trying to elude a government – or the law – should be far more paranoid than someone trying to prevent his ISP, and commercial companies, from tracking his web browsing habits.
Analogy: an animal must always be vigilant for predators or it won’t survive. But an animal also has to eat so it can’t stay in hiding all day. Therefore it *has* to trust its camouflage, or cryptic behavior, or nocturnal activity, or hair-trigger reflexes and fast running speed.
Likewise: privacy paranoia is essential but beyond a certain point it cripples or eliminates one’s ability to use the Internet, or computers in general. No one is fully trustworthy but you must trust someone to use the Internet.
ISPs log, share and sell user data so they can’t be trusted.
Cell phone service providers can’t be trusted.
Tor browser can’t be fully trusted, situation depending.
No other browser, or browser privacy add-on, can be fully trusted.
Social media can’t be trusted (some trust fully encrypted messaging).
Free VPNs can’t be trusted.
Microsoft and Apple can’t be trusted.
Google, Adobe and most other IT companies can’t be trusted.
Independent software developers can’t be trusted – who’s verifying their claims ?
We just saw that even Protonmail can’t be trusted.
What if espionage agencies are snooping on (or hacking) NordVPN and Surfshark servers, and using supercomputers + artificial intelligence to ferret out users’ IP addresses ? What if Mozilla or privacy add-ons (e.g. HTTPS Everywhere, NoScript) are secretly collecting / monitoring user data ?
So it’s not a matter of who is fully trustworthy – nobody is – but who is *most* trustworthy.
The answer, I’d argue, is companies whose entire business model is providing privacy. All their revenue comes thence. One violation and they’re out. These companies include major, for-profit VPN providers and cybersecurity firms.
One can’t fully trust these at their word, so how do we assure safety ? Reputable 3rd party auditing.
BUT – who is auditing the auditors ? Maybe the auditors are colluding with government agencies to certify faulty VPNs ? Who vets auditors and deems them “reputable” ?
At this paranoia level one might, perhaps, pursue IT training and build one’s own hardware and software. But what if the processors have built-in backdoors enabling espionage agencies to control the BIOS ? Who is watching Intel ? And who is watching that watcher ? What if spy agencies have a secret method to decrypt top-rated encryptions ?
Bottom line: paranoia is essential but so is realism. Surveillance & espionage agencies themselves have to trust *someone* with security / privacy. So do all governments, militaries, banks and major financial institutions. And periodically they do get hacked because nothing is 100% safe. But they survive.
Hence my previous comments about caution with assailing ExpressVPN contingent upon passing credible, 3rd party audits for best practices and maintaining transparency. ExpressVPN’s statement about Daniel Gericke – actually about the company’s trustworthiness – is honorable (https://www.expressvpn.com/blog/daniel-gericke-expressvpn/). Note especially:
“an ongoing part of our work to invite auditors, penetration testers, and other third parties to evaluate and stress-test our systems… we transitioned to using BugCrowd… [this] encouraged even more researchers to look at our apps and make them safer for our users. It also encouraged greater transparency, since all bugs and their respective fixes can be publicly disclosed…
we’ll be increasing the cadence of our existing third-party audits to annually recertify our full compliance with our Privacy Policy, including our policy of not storing any activity or connection logs…
the extensive steps we take to prevent anyone from injecting malware into our apps.”
(https://www.expressvpn.com/blog/build-verification-system-prevents-malware/)
Most people would be well served with a (relatively) secure browser, reputable privacy add-ons, an externally-audited VPN and safe browsing habits. The truly paranoid would daisy-chain 2 or 3 VPNs and then use Tor browser, all running through TAILS on a dedicated computer. Beyond this, one is in professional IT territory – if not spy territory.
Good points.
I would add that ExpressVPN provided a tangible proof of their declarations with their server seizure. Well, that could be marketing too, as can be “independent” audits, but seriously, can be a better confirmation of the company policies?
I was unclear, I tried to convey too much with too little, I apologize, not throwing shade at you, just vpns in general… The news being so fresh coupled with that it was so short a time ago you recommended expressvpn in the mentioned article….and as you are someone as diligent in your research, to have to reverse course with the new revelation…now all vpns in any list are suspect. Especially so with controlled ‘independent’ review aka propoganda (marketing) sites out there they just purchased, so obvious the strategy with that move. Totally dishonest practice, and anything Kade says about turning over a new leaf should fall on deaf ears, especially when considering the totality of their actions. A new grift on a larger and more complex scale. Which leads me to my next thought.
If a vpn that was generally regarded as secure and highly recommended is now clearly a threat, what hope of securing trust, and what lengths will other vpns need to go to in order to keep/grow their customer base?
What a weird time to be alive…trust is being eroded in so many areas of life all happening simultaneously.
Also what is weird is the financial purchasing power Kape has. Is it financed? Is it profits from their illicit business? Or is it something more sinister given the involvement of a former intel agent, state sponsored through shell company investments/fundraising? Were they so unsatisfied with their previous success or more emboldened.? Is the UK aware, if so, the lack of investigation/fines implies possible sanctioning of or silent partnership with…If true, what other services are compromised?
With the proliferation of scraping tech by facebook, google, apple, microsoft, do vpns even matter? Is the essential info about the activity hidden behind vpns compromised at the base system level and Kape saw this and saud, why not us too, we are going legit too, wink wink…
Thank you much for this review.
On the one hand, this is clearly bad news and betrayal of user trust. ExpressVPN shouldn’t have done this.
On the other hand, I think we are seeing an over-reaction. Condemnation of ExpressVPN should be based on facts, not suspicion and perhaps paranoia.
To date, ExpressVPN hasn’t been found to do anything bad. As far as I know they haven’t changed their terms of service, which would signal trouble. These terms are available publicly, hence easily monitored. What if they will continue 3rd party audits which would verify their privacy claims ? What if they retain their current, relative transparency ?
To date, has Kape been found to violate Zenmate and PIA privacy practices ?
Kape’s rating manipulations are slimy but these sorts of things occur frequently. Same for closing comments for controversial blog articles and disabling user reviews following controversy. Privacy-conscious people do their research before signing up, e.g. on this excellent website.
More importantly – if they sell customers a privacy service and then are found to violate it, not only ExpressVPN but Kape could face costly lawsuits for breaching the official terms of service. They will also lose perhaps the majority of customers for all VPN services Kape owns. Being based in Israel is no protection because under Israeli law, its businesses and citizens are subject to foreign lawsuits and legal proceedings.
Kape has invested nearly a billion dollars acquiring ExpressVPN, and the other VPNs. If they get caught violating privacy this investment will go down the drain. They will also lose a fortune due to customer departures and possibly lawsuits. Kape knows from first-hand experience it can’t get away with shady practices. They would get exposed.
Hence Kape has a vested interest to let its VPN acquisitions continue running their routine operations, thus getting return-on-investment and helping to clear their sketchy reputation. With VPNs, one confirmed breach of user privacy / trust and you’re out of business.
So while this acquisition is bad news, it would be wiser to monitor the situation and see what happens rather than accuse ExpressVPN of wrongdoing without credible evidence. Let’s see if ExpressVPN’s terms of service change and, especially, if they continue 3rd party audits.
Only the paranoid survive, somtimes they are out to get you…
A sensible perspective. Somewhat agree that being paranoid is the optimal strategy with this class of risk however your points are spot-on.
I think though, they have proven their tactics to be dirty still by buying the VPN review websites & placing the results in their favour very sneakily. Shows they are still up to their old tricks and not playing by the book.
If you use a vpn that doesn’t disclose ownership and or has an affiliate programme you are doing it wrong.
was cyberghost sold for 10 mil?
they pretty much gave away the company for free.
Excellent article!
In light of these events Mullvad has published the following blog post: https://mullvad.net/en/blog/2021/9/16/ownership-and-future-mullvad-vpn/
Looks like VPN companies will now have to not only guarantee a no-log policy, but a promise of commitment to not selling out to shady businesses like Kape…
It’ s only a matter of time until VPN’s will be declared illegal by western governments and you’ll need an internet-access passport backed by your social security number.
Anonymous access is a thorn in the side of governments.
Good article and glad you covered this. Thankfully ExpressVPN posted they were bought out by Kape Technologies on their blog which I go to at least once every 3 or 4 days, usually once a day or every two days. And thankfully I was already aware of Kape Technologies past as Crossrider making malware. As soon as I read it was The Kape Technologies and not just some random company named Kape, I installed Nord VPN and set it up and closed my virtual card I used for ExpressVPN. I warned my brother and sister and my friends that ExpressVPN shouldn’t be trusted. This was all before I even read about the CIO selling data on activists.
Also, for some weird reason, my public reviews on the Google Play Store on ExpressVPN keeps getting removed or something. I’m not deleting it either. I’ve changed up the wording, removed the sources, etc, but it keeps getting removed. I want to contact Google about this but I’m not sure if they’ll be of any help. Perhaps, regardless of who runs the Play Store page for ExpressVPN, maybe they’ve been told to go into damage control and are having Google remove the comment. (Thankfully other people have posted about the acquisition and are warning others). Also, on the blog article on the new acquisition, at least for me, they disabled the comments and removed any and all comments they had on that article.
Kape/PIA to provide VPN services for mobile subscribers in Hong Kong: https://www.londonstockexchange.com/news-article/KAPE/pia-introduces-a-new-way-of-vpn-subscription/15059584
这个以色列人的背后资金可能就是某些国家机器,比如美国DS和中共CCP。
Crunchbase lists the companies owned by Kape here: http://www.crunchbase.com/organization/crossrider/company_financials
WOW-WEE-WOW! I’m so glad I purchased the services of VPN.ac based on your sites description and recommendation. Hope they never sell out Internet criminals!!! Cheers, George
https://2009-2017.state.gov/j/inl/rls/nrcrpt/2012/vol2/184110.htm
So, a privacy jurisdictions mean nothing, as well. It’s just another myth, unfortunately.
No, that’s not necessarily true. Just look at real-world cases. Sure, there are MLAT treaties for cooperation on certain criminal cases, but that may or may not lead to anything. It’s a lot easier for US, UK, or Australian governments to force logs and compliance out of a business in their own jurisdiction than one on the other side of the world. Switzerland is proving to be an interesting case, however, and probably not as “safe and secure” as we expected. This is evident with the recent ProtonMail logging case.
The big wildcard, however, is whether the privacy service is willing to fight these requests in court, as we have seen with OVPN and the recent Rights Alliance copyright case, or bow down to 3,000+ requests per year, as we see with ProtonMail. Either way, the argument still stands. A safe offshore jurisdiction is an additional layer of safety for the end user.
Sven, I was referring on ExpressVPN’s claims that the company will stay in the same jurisdiction (BVI), trying to prove they remain autonomous, I guess?😊 These treaties will obviously help authorities and lawyers to get whatever they want, Kape won’t fight against that for sure. So, again, jurisdiction is not much if the people behind the company can’t be trusted. Right?
Ah gotcha. Yes, I would agree that the company behind the VPN is even more important than jurisdiction.
Boy am I glad my Express subscription runs out this month. I’ll probably move to something else. Anything else except this cancer.
The only real currency in the VPN industry is Trust, and it’s safe to say ExpressVPN went completely broke in that department. I really hope this news goes out to every single Express customer and they cancel their subscription and run this company into the group for all the stupid decisions their management took and all the criminals they hired (and will hire).
Riddle me this.
How in the f*&% does an israeli malware company have billions (?) of dollars just sitting around to literally buy up the vpn industry???
Seriously frens. What the f*&% is going on here??? How do you make this much money from malware, or is something else going on? What are these shady f*&%s doing behind the scenes? Think about that frens. What is happening to your data when you connect to their vpn servers? Follow me yet?
If data = money, and vpns can collect data when they abuse privacy and LOG EVERYTHING, and these guys are buying up the industry, then that points to one scary f*&%ing conclusion.
Or do you really believe these malware criminals (yes they are literally convicted criminals) just woke up one day and decided they REALLY CARED ABOUT YOUR PRIVACY? Or is something else going on?
Ask the hard questions. Solve the riddle.
Riddler out.
People associated with Kape (founders, stakeholders) have history with the IDF, particularly Unit 8200 (which also has ties with the NSO group), so we can speculate where at least part of their funding comes from.
ExpressVPN staff also have dirt on their hands;
https://uk.pcmag.com/vpn/135678/expressvpn-cio-helped-united-arab-of-emirates-hack-into-phones-computers
Not surprising Kape would want ExpressVPN in their honeypot.
ExpressVPN, seeking to assway everyone is doing just the thing all companies do in a merger.
The bought company assures that nothing will change.
And the parent company agrees….until it doesn’t.
And all purchased companies will remain the same….until they don’t.
I understand the users frustration.
Edward Snowden just publicly denounced ExpressVPN. As far as I’m concerned, ExpressVPN is as good as malware.
https://twitter.com/Snowden/status/1438291654239215619?s=19
Yep, we’ll be covering that this week as well. What a storm of news we have had in the past few days!
Don’t you recommend exprrssvpn in an article on your site from September 3rd??
Seems a little weird…How can I trust any of the recommended services in that article?
What’s weird? Obviously the article you are commenting on was written after the article that recommends ExpressVPN, dated September 3rd, before all this information came out (announced just a few days ago). And as I stated in this article, all recommendations with regard to ExpressVPN will be updated in the near future.