もっと詳しく

An anonymous reader quotes a report from Motherboard: ExpressVPN, a popular VPN company, said it was aware of the “key facts” of its chief information officer Daniel Gericke’s previous employment before hiring him. On Wednesday, the Department of Justice disclosed in court records that Gericke worked on Project Raven, a surveillance operation for the United Arab Emirates government that involved hacking of Americans, activists, and heads of state. “We’ve known the key facts relating to Daniel’s employment history since before we hired him, as he disclosed them proactively and transparently with us from the start. In fact, it was his history and expertise that made him an invaluable hire for our mission to protect users’ privacy and security,” ExpressVPN told Motherboard in a statement. “Daniel has a deep understanding of the tools and techniques used by the adversaries we aim to protect users against, and as such is a uniquely qualified expert to advise on defense against such threats. Our product and infrastructure have already benefited from that understanding in better securing user data,” the statement continued.

On Tuesday, unsealed court filings described how Gericke as well as Marc Baier and Ryan Adams faced charges for their part in working on Project Raven. The court records say that the three violated the International Traffic in Arms Regulations and conspired to commit access device fraud and computer hacking offenses. The court records say that the three took a zero-click exploit, which allows takeover of a device without any user interaction, and implemented that into Karma, the hacking system used by the UAE’s Project Raven. Project Raven involved the hiring of former U.S. intelligence hackers who then worked on behalf of the UAE government, Reuters reported in 2019. The court records also describe other uses and purchases of exploits by the group. The court filings detailed that prosecutors will drop the charges if the three men cooperate with U.S. authorities, pay a financial penalty, and agree to a list of unspecified restrictions on their employment. Earlier this week, ExpressVPN was sold to Kape Technologies in a deal worth $936 million.

Read more of this story at Slashdot.