(Adds comment from ExpressVPN complaining about Project Raven)
By Joseph Menn
SAN FRANCISCO, Sept. 23 (Reuters) – When a senior executive at the virtual private network company ExpressVPN admitted last week that he was hacking American machines on behalf of a foreign intelligence agency, it stunned the employees of his new company, according to interviews and electronic records.
What ExpressVPN said after the US Department of Justice suspended prosecution https://www.reuters.com/world/us/american-hacker-mercenaries-face-us-charges-work-uae-2021-09-14 worried some employees Further . The company knew of Dan Gericke’s history as a mercenary hacker for the United Arab Emirates.
The VPN provider said it had no problem with the former secret service agent protecting its customers’ privacy. In fact, the company had repeatedly given Gericke more responsibility at ExpressVPN even as the FBI investigation into his behavior pushed for its conclusion.
According to an internal email at the time, Gericke was appointed Chief Technology Officer in August and remains in office.
Shortly after court records showed that Gericke and two other former US intelligence agencies agreed to pay a fine and give up all future covert work, he emailed his colleagues at ExpressVPN.
“I can imagine this type of news surprising or even uncomfortable,” wrote Gericke in the message received from Reuters, then assured them that he had used his skills to protect consumers from threats to their security and privacy.
When company executives answered questions about Gericke’s deal last Friday during a regular online question-and-answer session with employees and then discussed the company’s previously announced sale https://www.reuters.com/technology/kape -technologies- buys-expressvpn-936-mln-2021-09-13 to the British-Israeli provider of digital security software Kape Technologies PLC, the workforce vented their anger.
One employee wrote anonymously in an internal chat forum: “This episode undermined consumer confidence in our brand, regardless of the facts. How do we want to rebuild our reputation? “
More than 40 employees voted for this question during the meeting and put it at the top of the queue. Other employee complaints were reported earlier Thursday by Vice. The questions and the total number of votes were provided to Reuters by an authorized person.
When asked about the controversy, ExpressVPN said in a statement that the exchange was part of a regular monthly meeting between management and employees.
“As a company, we value openness, dialogue and transparency – this includes solid debates and incisive questioning,” said the company.
It was said to have known nothing of the federal investigation or the details of Gericke’s work in the United Arab Emirates, and it said the country’s surveillance campaign was “completely contrary to our mission.”
A 2019 Reuters research showed how a team that Gericke was embedded in, codenamed Project Raven https://www.reuters.com/investigates/section/usa-raven, helped UAE create a Monitor wide variety of targets including human rights defenders and journalists. Gericke did not name the story individually.
At ExpressVPN’s meeting with executives on Friday, he was also the second most-supported question.
“As an individual, I have a problem accepting that Dan was hired despite disclosing previous actions. These actions are no small thing that we can easily forget or accept. asked this person.
The company replied to Reuters: “It was only through clear commitment and contributions to our mission that Daniel was able to gain senior management positions within the company and the full trust of our co-founders.”
(Reporting by Joseph Menn; Editing by Will Dunham and Diane Craft)