18 March 2024

Australia importing the world’s rubbish


BRIEFLY:

The colony we know as Australia, is well known for its long history of importing ‘trash’ into its ecology, where it all started in 1788.

Even the Imperial Government didn’t respect human life on Terra Australis, but rather saw it as a (colonial) wasteland full of resources such as cannon fodder, ripe for experimentation, when it detonated nuclear explosions in the Montebello Islands, Emu Field and Maralinga.

The people seen in this picture were not given 'full disclosure' in being used as test subjects by the British and Australian governments.

Throughout the decades there were different policies with regards to importing ‘resources’ / slave labour or a more modern term; corporate fodder.

From cheap Chinese labour during the colony’s gold rush period to an Anglo-Masonic (racist) White Australia policy, to a current low quality human trash imports that no other governments want.

Low quality, i.e. low moral or financial/societal value humans are imported from all over the world where a majority now come from Africa, Middle East and India, that being the norm over the past couple of decades.

Just to spice things up a bit for the general population, the people in government even import ‘known’ criminals or people that have zero intentions of leading a law abiding life in the colony thereby causing harm to the community.

What are the consequences? Why nothing of course.

As if there would be a RICO (Racketeer Influenced and Corrupt Organisations Act) type law for Australia, where those responsible in government for causing harm would be held accountable. As if the colony’s law makers would make a law against their ‘brethren’.

In any event those in government have screwed over ‘everyday’ Australians, mums & dads taxpayers, young people going out on their own, trying to make a home for themselves.

From the ‘Housing/Rental Crisis’ to overburdened utilities e.g public transport to overpopulation in many suburbs causing much dis-ease in the community.

They don’t care as they live in their ivory towers isolated from the trials (also criminal) and tribulations of the serfs.

Australia is ‘bust’, you know, financially kaput! So how do you fix it?

Let the government import another 1-100 million units of (human) trash into the colony to bring up the economy, as that’s what it’s all about, where most importantly they can be bank slaves where more money can be printed out of thin air, off the slave labour (as it’s no longer gold backed) of the imported serfs.

That’s life in a colony! Viva la corporate promissory notes.

The myth: “Australia is a lucky country” (because it sure isn’t a clever one!)

The REALITY: "a lucky country run mainly by second-rate people who share its luck”

TIL calling Australia 'The Lucky Country' was actually intended as an insult, not a compliment.     

Source:supplied.

14 March 2024

Victoria's child protection services gives children to paedophiles and rapists


The mainstream media drew attention to a recent posting by Anthony Lees, under his YouTube channel 'Spanian' from the 'Into the hood' series, where this time the crime ridden outer western town of Melton was the focus of the trials and tribulation of criminals living there.

While the media focused on the 'trivial' matters of some individuals, a more serious matter was aired, which was deliberately(?) ignored, that being paedophilia.

The boy whose face was blurred recounts how paedophiles within the department pass on children to paedophiles masquerading as carers or foster parents within the community.

An agenda on a high priority list of those in positions of government/power is a little taboo called paedophilia. E.g. ‘alleged’ ( – you know ‘cause it was never proven in court) paedophile Lionel Murphy was given the task (by his mates) to look after Family Law, you know taking away children from families, then putting them in foster care, so they can have their pickings…

It seems that the Victorian department for child protection services (DFFH Services) is knowingly(?) supplying children to paedophiles, as seen by the testament of this child:

Another concerning element coming from the judicature, is that the system releases known to re-offend criminals, who then once released continue their crime spree, terrorising the general population.

Would the system react differently of a judge's, magistrates' or police officer's home was invaded an a family member shot or stabbed.

After all the first job of government is to look after its people.

See post: 

What is the first job of a government?

The system is not broken, but rather functions exactly, as the law makers, judiciary and MPs intend it to.

10 March 2024

Android 14 introduces first-of-its-kind cellular connectivity security features

Android is the first mobile operating system to introduce advanced cellular security mitigations for both consumers and enterprises. Android 14 introduces support for IT administrators to disable 2G support in their managed device fleet. Android 14 also introduces a feature that disables support for null-ciphered cellular connectivity.

Hardening network security on Android

The Android Security Model assumes that all networks are hostile to keep users safe from network packet injection, tampering, or eavesdropping on user traffic. Android does not rely on link-layer encryption to address this threat model. Instead, Android establishes that all network traffic should be end-to-end encrypted (E2EE).

When a user connects to cellular networks for their communications (data, voice, or SMS), due to the distinctive nature of cellular telephony, the link layer presents unique security and privacy challenges. False Base Stations (FBS) and Stingrays exploit weaknesses in cellular telephony standards to cause harm to users. Additionally, a smartphone cannot reliably know the legitimacy of the cellular base station before attempting to connect to it. Attackers exploit this in a number of ways, ranging from traffic interception and malware sideloading, to sophisticated dragnet surveillance.


 Recognizing the far reaching implications of these attack vectors, especially for at-risk users, Android has prioritized hardening cellular telephony. We are tackling well-known insecurities such as the risk presented by 2G networks, the risk presented by null ciphers, other false base station (FBS) threats, and baseband hardening with our ecosystem partners.

2G and a history of inherent security risk

The mobile ecosystem is rapidly adopting 5G, the latest wireless standard for mobile, and many carriers have started to turn down 2G service. In the United States, for example, most major carriers have shut down 2G networks. However, all existing mobile devices still have support for 2G. As a result, when available, any mobile device will connect to a 2G network. This occurs automatically when 2G is the only network available, but this can also be remotely triggered in a malicious attack, silently inducing devices to downgrade to 2G-only connectivity and thus, ignoring any non-2G network. This behavior happens regardless of whether local operators have already sunset their 2G infrastructure.

2G networks, first implemented in 1991, do not provide the same level of security as subsequent mobile generations do. Most notably, 2G networks based on the Global System for Mobile Communications (GSM) standard lack mutual authentication, which enables trivial Person-in-the-Middle attacks. Moreover, since 2010, security researchers have demonstrated trivial over-the-air interception and decryption of 2G traffic.

The obsolete security of 2G networks, combined with the ability to silently downgrade the connectivity of a device from both 5G and 4G down to 2G, is the most common use of FBSs, IMSI catchers and Stingrays.


 Stingrays are obscure yet very powerful surveillance and interception tools that have been leveraged in multiple scenarios, ranging from potentially sideloading Pegasus malware into journalist phones to a sophisticated phishing scheme that allegedly impacted hundreds of thousands of users with a single FBS. This Stingray-based fraud attack, which likely downgraded device’s connections to 2G to inject SMSishing payloads, has highlighted the risks of 2G connectivity.

To address this risk, Android 12 launched a new feature that enables users to disable 2G at the modem level. Pixel 6 was the first device to adopt this feature and it is now supported by all Android devices that conform to Radio HAL 1.6+. This feature was carefully designed to ensure that users are not impacted when making emergency calls.

Mitigating 2G security risks for enterprises

The industry acknowledged the significant security and privacy benefits and impact of this feature for at-risk users, and we recognized how critical disabling 2G could also be for our Android Enterprise customers.

Enterprises that use smartphones and tablets require strong security to safeguard sensitive data and Intellectual Property. Android Enterprise provides robust management controls for connectivity safety capabilities, including the ability to disable WiFi, Bluetooth, and even data signaling over USB. Starting in Android 14, enterprise customers and government agencies managing devices using Android Enterprise will be able to restrict a device’s ability to downgrade to 2G connectivity.

The 2G security enterprise control in Android 14 enables our customers to configure mobile connectivity according to their risk model, allowing them to protect their managed devices from 2G traffic interception, Person-in-the-Middle attacks, and other 2G-based threats. IT administrators can configure this protection as necessary, always keeping the 2G radio off or ensuring employees are protected when traveling to specific high-risk locations.


 These new capabilities are part of the comprehensive set of 200+ management controls that Android provides IT administrators through Android Enterprise. Android Enterprise also provides comprehensive audit logging with over 80 events including these new management controls. Audit logs are a critical part of any organization's security and compliance strategy. They provide a detailed record of all activity on a system, which can be used to track down unauthorized access, identify security breaches, and troubleshoot system problems.

Also in Android 14

The upcoming Android release also tackles the risk of cellular null ciphers. Although all IP-based user traffic is protected and E2EE by the Android platform, cellular networks expose circuit-switched voice and SMS traffic. These two particular traffic types are strictly protected only by the cellular link layer cipher, which is fully controlled by the network without transparency to the user. In other words, the network decides whether traffic is encrypted and the user has no visibility into whether it is being encrypted.

Recent reports identified usage of null ciphers in commercial networks, which exposes user voice and SMS traffic (such as One-Time Password) to trivial over the air interception. Moreover, some commercial Stingrays provide functionality to trick devices into believing ciphering is not supported by the network, thus downgrading the connection to a null cipher and enabling traffic interception.

Android 14 introduces a user option to disable support, at the modem-level, for null-ciphered connections. Similarly to 2G controls, it’s still possible to place emergency calls over an unciphered connection. This functionality will greatly improve communication privacy for devices that adopt the latest radio hardware abstraction layer (HAL). We expect this new connectivity security feature to be available in more devices over the next few years as it is adopted by Android OEMs.

Continuing to partner to raise the industry bar for cellular security

Alongside our Android-specific work, the team is regularly involved in the development and improvement of cellular security standards. We actively participate in standards bodies such as GSMA Fraud and Security Group as well as the 3rd Generation Partnership Project (3GPP), particularly its security and privacy group (SA3). Our long-term goal is to render FBS threats obsolete.

In particular, Android security is leading a new initiative within GSMA’s Fraud and Security Group (FASG) to explore the feasibility of modern identity, trust and access control techniques that would enable radically hardening the security of telco networks.

Our efforts to harden cellular connectivity adopt Android’s defense-in-depth strategy. We regularly partner with other internal Google teams as well, including the Android Red Team and our Vulnerability Rewards Program.

Moreover, in alignment with Android’s openness in security, we actively partner with top academic groups in cellular security research. For example, in 2022 we funded via our Android Security and Privacy Research grant (ASPIRE) a project to develop a proof-of-concept to evaluate cellular connectivity hardening in smartphones. The academic team presented the outcome of that project in the last ACM Conference on Security and Privacy in Wireless and Mobile Networks.

The security journey continues

User security and privacy, which includes the safety of all user communications, is a priority on Android. With upcoming Android releases, we will continue to add more features to harden the platform against cellular security threats.

We look forward to discussing the future of telco network security with our ecosystem and industry partners and standardization bodies. We will also continue to partner with academic institutions to solve complex problems in network security. We see tremendous opportunities to curb FBS threats, and we are excited to work with the broader industry to solve them.

Special thanks to our colleagues who were instrumental in supporting our cellular network security efforts: Nataliya Stanetsky, Robert Greenwalt, Jayachandran C, Gil Cukierman, Dominik Maier, Alex Ross, Il-Sung Lee, Kevin Deus, Farzan Karimi, Xuan Xing, Wes Johnson, Thiébaud Weksteen, Pauline Anthonysamy, Liz Louis, Alex Johnston, Kholoud Mohamed, Pavel Grafov

googleblog.com 

09 March 2024

Fuel Rip off as government does NOTHING!

Aussies have been getting ripped off by the petrochemical industry for decades, and the people in government have stood by doing nothing about it.

Why should they? The higher the prices, the more tax is ripped from the ‘consumer’s’ wallet to feed the leeches blood sucking sociopaths in government.

The (Labour Day) long weekend is upon us in a few states; SA, ACT, Tas, Vic, which means MANY people jump in their cars to get away from the hustle and bustle.

So what do the companies do?

They jack up the price 50 cents per litre to $2.319 per litre.


No outrage from motorists?

- Obviously quite satisfied with the price hike.


No ‘Royal Commission’ into this decades long scam?

- No need, as nothing will change just like it didn’t with the RC into the banking & financial institutions industry.


That’s life in a corporatocracy/totalitarian colony, ‘advertised’ as a democracy.

07 March 2024

The sinister web of deception by Freemasons detrimental to ALL Australians

The Anglo-Masonic system of governance over Australians is deeply rooted into this colony’s history, where it ultimately works only for the benefit of its members and to the detriment of the general population as a whole.

From falsified tenders, ripping off the public purse to the tune of billions per year, to courtroom theatrics, it is ultimately the ‘ordinary’ Australians that lose, MANY of them unaware of the sinister actions in play, telling 'conspiracy theorists' to put on their tin foil hats, how sad of them to be so ignorant.

At the end of the day irrespective of whether it’s the Fabians, Masons or the Hillsong cult, or whether it’s (Matthew) Guy or (Dan) Andrews, where in the case of Andrews, he has the full support of the Anglo-Masonic courts and police to aid his criminal, oops ‘alleged’ criminal activities (e.g. Red shirts), not forgetting his staff of thugs that dig up dirt on anyone and threaten them and their families.

See also:




Here is one story that you, the general population are allowed to know a little about:

Guy silence on Freemasons membership raises ‘conflict’ questions

Former opposition leader and planning minister Matthew Guy did not declare his years-long Freemasons Victoria membership, at a time when the secretive order pursued significant property developments around the state.

Guy’s membership of Freemasons Victoria was confirmed by grand master Anthony Bucca, leaked internal documents and five internal Freemasons sources, who spoke anonymously due to rules prohibiting members from speaking publicly.

Former opposition leader Matthew Guy, also a former Liberal planning minister, in 2022

Documents obtained by The Age show Guy was registered as a Freemasons Victoria member in 2018 in the rank of “mark mason”, which is the third level of membership of the secret fraternity. Guy lost the state election that year to Labor’s Daniel Andrews.

It is not known what year Guy’s membership began, but Bucca said it had ceased in recent years, without providing an exact date, and dismissed questions about potential or perceived conflicts during the politician’s membership.

“What a minister chooses to do and doesn’t is a matter for the minister,” Bucca said. “What’s it got to do with us? Did we deal with Matthew Guy personally? Did we approach him on a one-to-one? I very much doubt it.”

One former senior freemason, who had a leadership position in the fraternity from 2000 to 2011, said he was aware of Guy’s membership during that period.

The Dallas Brooks Hall was turned into luxury apartments in a deal between Mirvac and Freemasons Victoria. 

“He would have been a rising star in the Liberal Party. It would come up when we were looking for support. Whether anything ever happened, I don’t know,” he said.

Two other freemasons said they were aware of Guy’s longstanding membership but could not recall what date he joined.

Freemasons meet regularly at the organisation’s all-male clubs to raise money for charity, network and practise ancient rituals. Once a community of society’s most powerful – notable past members in Australia include Sir Donald Bradman and Sir Robert Menzies – membership has declined in recent decades.

Guy has not disclosed the membership on his parliamentary register of interests, which are annual statements that require politicians to report investments and associations with clubs, religions or groups that could represent an actual or perceived conflict of interest.

Dallas Brooks Hall

In 2018, Guy did declare membership of the Qantas Chairman’s Lounge and the Sir Henry Bolte Lecture Trust.

The Age is not suggesting that Guy acted inappropriately in making any planning decisions or that he made those decisions based on any relationship with the Freemasons, only that he may not have made necessary declarations.

Guy declined an interview request saying he would not be “replying to a vague fishing expedition”. “I’m not a member. Go away and cease harassing me,” Guy said.

An opposition spokesperson later clarified that Guy was a “non-financial member” in 2018 and “hadn’t been a financial member for many years before that”. The spokesperson did not answer specific questions about the duration of Guy’s membership.

Victorian Nationals leader Peter Walsh is a current member of Freemasons Victoria and appears regularly on the organisation’s newsletters to promote its charitable work.

Public records show Walsh discloses membership of organisations including the Echuca Workers Club, Swan Hill Field & Game, Geelong Football Club and the Athenaeum Club, yet does not disclose his Freemasons membership.

When contacted for comment, Walsh accepted that he had been Freemason for many years but did not think disclosure was necessary.

Former Victorian MP Ken Coghill, who is a founding member of the Accountability Round Table and an adjunct professor at Swinburne University, said Freemasons was a membership that Guy should have disclosed.

“There is an obligation to disclose any interest that might be affected by decisions you make,” Coghill said. “I certainly would have expected it [disclosure] in this case. There is a possibility that he would be influenced by his membership of Freemasons, whether as an opposition member or government member.”

Centre for Public Integrity director Joo-Cheong Tham, also a Melbourne Law School professor, said the omission of Guy’s Freemasons membership “strongly appears” to be a breach of his obligation under laws to disclose membership of organisations.

“This is especially so because of the perceived conflict of interest [if he was a Freemasons member] when he was Victorian planning minister and made consequential decisions in relation to the commercial interests of Freemasons Victoria,” he said.

Tham supported greater transparency of these memberships. “There is a good case for members of parliament to disclose their membership of Freemasons Victoria as its size and influence mean that such membership could give rise to a conflict of interest in the discharge of parliamentary duties.”

Guy was planning minister for four years to December 2014, during which time Freemasons Victoria was involved in two major property development projects, in East Melbourne and Box Hill. It’s not known whether Guy was a Freemasons member during those years, and The Age does not suggest he made decisions based on any relationship with the Freemasons.

The largest and most controversial was the re-development of Freemasons Victoria’s East Melbourne headquarters, the Dallas Brooks Hall, in a $450 million partnership with Mirvac.

The proposal was first lodged with the then Coalition state government in 2013 and generated 11 objections, including from the City of Melbourne and Epworth HealthCare. The objections related to heritage concerns, height, overshadowing and privacy concerns for the neighbouring hospital.

Mirvac and Freemasons Victoria sought permission from Guy, as minister, to substantially increase the development to two towers with 17 and 11 levels respectively.

Guy appointed an expert panel to advise the government on the project, and it reported just after the 2014 election. Labor’s then planning minister, Richard Wynne, ultimately approved a plan for the site in 2016.

Wynne said he had to make significant adjustments to ensure the development did not overshadow Fitzroy Gardens, directly opposite. “The initial application was way over the odds,” he said.

Guy was also involved in a planning decision at about the same time another property was eventually developed by Freemasons Victoria.

Freemasons Victoria mounted a strong objection when its 90-year-old Masonic centre in Box Hill was considered for heritage protection in 2011, as part of a wider planning change.

Freemasons Victoria’s expert consultant argued that there was insufficient justification for heritage protection.


710 Station St, Box Hill

“From an architectural and aesthetic perspective, the Box Hill site is a typical building from the 1920s of which there are many examples developed throughout Melbourne,” its submission from the time stated.

However, Whitehorse City Council found this did not detract from the “importance”, “historical significance” and “social memories associated” with the building.

An independent panel ultimately agreed with Freemasons Victoria and recommended to the minister that the centre not receive heritage protection. Guy approved the amendment in March 2013, according to the government gazette.

Freemasons Victoria then backed a project that razed the centre to make way for a 10-storey apartment complex.

Freemasons Victoria’s 2017-18 annual report noted the last four apartments had been sold, signalling the completion of the project.

During the same planning process another masonic lodge, in Blackburn, was granted heritage protection. This was not opposed by Freemasons Victoria, but it did request consideration be given to acknowledging its development potential.

Your Noisy Fingerprints Vulnerable To New Side-Channel Attack


Here’s a warning we never thought we’d have to give: when you’re in an audio or video call on your phone, avoid the temptation to doomscroll or use an app that requires a lot of swiping. Doing so just might save you from getting your identity stolen through the most improbable vector imaginable — by listening to the sound your fingerprints make on the phone’s screen (PDF).

Now, we love a good side-channel attack as much as anyone, and we’ve covered a lot of them over the years. But things like exfiltrating data by blinking hard drive lights or turning GPUs into radio transmitters always seemed a little far-fetched to be the basis of a field-practical exploit. But PrintListener, as [Man Zhou] et al dub their experimental system, seems much more feasible, even if it requires a ton of complex math and some AI help. At the heart of the attack are the nearly imperceptible sounds caused by friction between a user’s fingerprints and the glass screen on the phone. These sounds are recorded along with whatever else is going on at the time, such as a video conference or an online gaming session. The recordings are preprocessed to remove background noise and subjected to spectral analysis, which is sensitive enough to detect the whorls, loops, and arches of the unsuspecting user’s finger.

Once fingerprint patterns have been extracted, they’re used to synthesize a set of five similar fingerprints using MasterPrint, a generative adversarial network (GAN). MasterPrint can generate fingerprints that can unlock phones all by itself, but seeding the process with patterns from a specific user increases the odds of success. The researchers claim they can defeat Automatic Fingerprint Identification System (AFIS) readers between 9% and 30% of the time using PrintListener — not fabulous performance, but still pretty scary given how new this is.

Source: hackaday.com



06 March 2024

Medical test company’s ‘serious and systemic failures’ led to cyber-attack, watchdog says

Australian Clinical Labs hack alleged to have resulted in more than 200,000 health records and credit card details being published on dark web

OAIC alleges significant failures by ACL to protect customer data from the hack by a group known as Quantum. Photograph: Wietse Michiels/Alamy

Medical testing company Australian Clinical Labs had “serious and systemic failures” that resulted in a cyber-attack that led to more than 200,000 customer health records and credit card details being published on the dark web, the Australian information commissioner has alleged.

In October last year, in the midst of the Medibank and Optus cyber-attacks, Medlab’s parent company, ACL, confirmed it had been the victim of a cyber-attack eight months earlier in February.

The hacker group responsible – known as Quantum – was able to exfiltrate 86GB worth of data, including customer passport information, health information, and credit card details including number, expiry date and CCV.

The data had been published on the dark web on 16 June last year, four months before ACL publicly confirmed the attack.

This month, the Office of the Australian information commissioner (OAIC) took ACL to court over its failure to protect customer data during the breach. The OAIC’s concise statement, released last week, alleges significant failures by the company to protect customer data and inform the commissioner about the breach when required.

According to the documents, within four hours from the time the first employee noticed the ransomware message on a desktop computer in Medlab, it had spread to other computers in Brisbane and Sydney, which were then encrypted by the attackers.

ACL, which generated revenue of almost $1bn during the 2022 financial year, did not have a dedicated cybersecurity team, the documents state. Its response was led by an IT team leader, overseen by ACL’s CIO and head of technical services, but the OAIC alleges none of these staff had formal cybersecurity qualifications or experience in responding to a cyber-attack.

The head of technical services provided the IT team leader with the company’s playbook for ransomware and malware, but the IT team leader had not been trained to use these books, and OAIC alleges critical steps in the playbook were not followed, including analysing the ransomware.

The company then brought in a third-party company, StickmanCyber, to assist in the response. The OAIC found that monitoring agents were only deployed on three of the at least 121 computers infected with ransomware.

StickmanCyber’s short engagement with ACL, including reviewing one hour of firewall logs and dark web scans, concluded at the time no data had been taken.

By 21 March 2022 the IT team leader, after a conversation with the company’s general counsel, sent an email stating “as per information available to the IT department there was no unauthorised access, disclosure, or loss of any personal information … as a result of the incident”. The company did not inform the OAIC about the attack.

On 25 March, the Australian Cyber Security Centre informed ACL it had intelligence that Medlab may be a victim of a ransomware attack, and reminded ACL of its notification requirements. ACL did not investigate further, OAIC alleges.

ACSC alerted ACL again on 16 June that data had been published to the dark web. It would take the company nearly one month (10 July) to inform the OAIC, which OAIC alleges is in breach of the act. ACL would take until October to announce the breach publicly.

The OAIC alleges ACL was “aware of serious deficiencies in its cybersecurity framework” at least nine months before the cyber-attack, and did not take appropriate steps to protect personal information.

The OAIC said the failures were “serious and systemic”, noting that ACL’s IT budget was $1.3m in 2022, with a cybersecurity budget of $350,000 – “significantly lower than that of industry standards”, the OAIC alleges.

The OAIC is seeking civil penalties and costs.

A spokesperson for ACL said the company is “vigorously defending the action”.

The case continues.

The OAIC is still investigating Optus and Medibank over cyber-attacks last year, which could lead to similar court action against the two companies.

Source: The Guardian

Australian's will see more of these so called failures with regards to their 'private and confidential' data, where only huge fines may wake up corporations to better protect their 'consumer's' data.

01 March 2024

Windows BitLocker Hacked in 43 seconds!



A security expert has managed to break Windows’ BitLocker encryption using a Raspberry Pi Pico microcontroller.

It took him just 43 seconds to steal BitLocker’s master key and access a locked laptop. He claimed to have exploited a flaw in the TPM security standard.

(For privacy and security, Microsoft products are not recommended.)

See video:



26 February 2024

Which VPN? Be careful of the reviews!

Trust, but verify: An in-depth analysis of ExpressVPN's terrible, horrible, no good, very bad week

In light of ExpressVPN's double-whammy of troubling news, we take a deep dive into the facts, and whether you can feel safe or suspicious about using one of the world's most popular VPNs. 

ExpressVPN has been all over the news for the past week, and not in a good way. Because we recommend ExpressVPN here at ZDNet as one of the top VPNs out there, I've gotten a flood of reader questions asking for an objective read on the news. In this article, I'll do my best.

 Sitrep

Let's start with a sitrep (situation report). There are two key items which are tangentially related.

The first item is that Kape Technologies has announced plans to acquire ExpressVPN for $986 million. I do have concerns about this because Kape was once considered a malware provider. I'll talk more about this in a bit.

The second item is a report in Reuters indicating that ExpressVPN CIO Daniel Gericke is among three men fined $1.6 million by the US Department of Justice for hacking and spying on US citizens on behalf of the government of the UAE (United Arab Emirates).

I'll discuss each of these reports individually, and then share with you some thoughts about how these situations might impact your decision to use (or not use) ExpressVPN.

Kape Technologies

Kape Technologies has had quite a convoluted history. According to a report in Forbes, a company called Crossrider was formed in 2011 by "billionaire Teddy Sagi, a serial entrepreneur and ex-con who was jailed for insider trading in the 1990s. His biggest money maker to date is gambling software developer Playtech," and Koby Menachemi.

Menachemi was a developer for Unit 8200, an Israeli signals intelligence unit responsible for hacking and collecting data (think of it as part CIA, part NSA, and part high school, because the unit hires and trains teenagers in hacking and coding skills).

Crossrider's business was ad injection. Remember back in the day when companies like Yahoo tried to convince you to download their browser extension with their search bar? Crossrider's business was creating tools that allowed them to inject ads into other companies' web pages, sometimes overriding even ads that were paid to run on the sites that were being compromised.

Ad injection skirted the line between just being scummy and being malware. Forbes reported that Symantec's anti-malware identified software based on Crossrider's product as malware, in part because the product effectively stole the ad revenue from the sites its users visited, and in part because it collected whatever data it could find in the process.

According to Publift, an ad partnering service founded by ex-Googlers, the ad injection business is still out there. But Google has been fighting it for about five years now, meaning it's not nearly as lucrative a business as it once was.

According to a 2018 report in the Israeli business daily Globes, Kape Technologies was a rebranding effort on the part of then relatively new Crossrider CEO Ido Erlichman. Crossrider's share price had fallen to a low of £0.27 on the London Stock Exchange and the company was seeking a new strategy.

What better strategy for a company dedicated to siphoning users' data and eyeballs than to branch out into the one area of cybersecurity where users are obsessed with anonymity and information security?

You can cut the irony with a knife.

In any case, the newly renamed Kape Technologies set out on an acquisition binge. The company started buying in 2017, acquiring CyberGhost VPN for about $9 million. Next, in 2018, came Mac antivirus company Intego for $16 million. A few months later, Kape gobbled up another VPN provider, ZenMate, for about $5 million. A year later, in 2019, Kape spent $95 million for Private Internet Access, one of the best known VPN providers at the time.

After a 2020 IPO on the London Stock Exchange (which raised $115 million), and a year of record earnings where the pandemic and work-from-home cybersecurity concerns drove VPN demand, Kape was riding high. Back in March of this year, the company bought Webselenese for $149 million. This is worthy of further discussion.

At first glance, it's tough to pin down what Webselenese does. The company describes itself as "an online platform specialising in consumer-focused privacy and security content." What does this mean? According to investment site The Twenties Trader, Webselense owns two very high profile review sites, VPNMentor and Wizcase. According to Alexa (Amazon's traffic monitoring service, not Amazon's voice assistant -- I know, it's confusing), VPNMentor has a rank of 5,807. Wizcase has a rank of 7,280.

Are you seeing where this is going? Adware provider pivots to become a provider of VPN services, then that company buys up two of the largest VPN review sites on the internet. Does anyone think those reviews will remain unbiased? According to site RestorePrivacy.com (which itself traffics in VPN reviews), VPN rankings on both VPNMentor and Wizcase changed in Kape Technologies' favor just as soon as Kape bought Webselenese.

Can you spell "conflict of intererest?" Sure. I knew you could.

And then, last week, Kape siphoned up ExpressVPN for $936 million, its biggest deal to date. With Kape's somewhat sordid history, you can see the concern. I'll mention one other issue about Kape, and then we'll move on.

 Last year, my CNET colleague Rae Hodge did an extensive analysis of Kape Technologies. At the time, she was looking at Kape as it pertained to its ownership of CyberGhost. But one thing she pointed out should be a concern. She pointed out that even after the change from Crossrider to Kape, "Kape still operated the infamous scareware Reimage -- a potentially unwanted program that positions itself as a computer performance enhancer but which has been known to signal false positives on security threats in order to persuade you to pay for its premium service." She also pointed out that as recently as 2019, "new Crossrider-Kape mutations have been cropping up on the web."

So, there's that. Now let's get to know Daniel Gericke a little better.

ExpressVPN CIO Daniel Gericke

Last week, as a completely separate story from Kape's acquisition of ExpressVPN, Reuters reported that, "Three former U.S. intelligence operatives who worked as cyber spies for the United Arab Emirates admitted to violating U.S. hacking laws and prohibitions on selling sensitive military technology."

They were Marc Baier, Ryan Adams, and...Daniel Gericke. Gericke, as it turns out, is also ExpressVPN's CIO.

Baier, Adams, and Gericke were not good boys. They were hired guns for a special intelligence unit set up by the United Arab Emirates (UAE) to gather intelligence on journalists, activists, dissidents, and rival governments. According to some excellent in-depth reporting by Reuters, Raven was a substantial project, using money from Arab royalty to hire at least a dozen former NSA and CIA operatives to hack into networks in the US and other countries on behalf of their clients.

Remember Project Raven. We'll come back to that in a bit, with even more irony.

Unfortunately, Gericke doesn't have a profile on LinkedIn. There is a profile for a Daniel Gericke listing his sole position as "IT Director at Professional Corporation," so if that's our Daniel, it's not much to go on. The most we know is in the 1,563-word statement issued by ExpressVPN regarding Mr. Gericke. ExpressVPN said it hired him in 2019. It did not say whether he was still doing work for Project Raven or the UAE at that time.

If you're deeply interested in this, the best thing to do is read ExpressVPN's statement. It's a bit of a marvel. It goes on to say that the company knew Gericke was involved in spy stuff, but did not know about anything illegal, immoral, or fattening. The company explains that it's necessary to hire someone "steeped and seasoned in offense" in order to build the best defenses. Then it goes on to state how it protected its services from corruption from within and have subsequently hardened its services from external attack.

As of September 17, the company reaffirmed its support of Gericke and did not indicate any plans to terminate him.

 Edward Snowden and his glass house

Y'all remember Edward Snowden? Back in 2013 and 2014, Snowden used up a lot of my column inches. For those of you doomed to forget history, Edward Joseph Snowden was a former NSA employee and CIA contractor who stole and then leaked more than a million top secret documents from the governments of the United States, Australia, and Great Britain.

After the leak, he ran from the US to Hong Kong, and then from Hong Kong to Russia, where he received asylum after living in the Sheremetyevo Alexander S. Pushkin International Airport for about 40 days and 40 nights. In 2020, Snowden applied for and was granted permanent residency in Russia. He then went on to apply for dual Russian-American citizenship in December of that year.

In his years subsequent to his theft and escape to Russia, Snowden has made quite the name for himself. A movie was based on his exploits. And he makes a living doing remote speaking engagements for willing and credulous audiences.

So how did Mr. Snowden wind up in our story? As it turns out, he weighed in on ExpressVPN and Daniel Gericke when the news broke last week. On September 15, he tweeted, "If you're an ExpressVPN customer, you shouldn't be." This came out the day after the Reuters report on Gericke and ExpressVPN and was picked up by media sources across the internet.

You've probably heard the phrase, "people who live in glass houses shouldn't throw stones." Well, here's Snowden's glass house. According to Reuters' in-depth report on Project Raven, two months before Snowden's fateful theft of US government top secret information, he was recommended for work at military contractor Booz Allen Hamilton (which then subcontracted him out to the three letter agencies) by Lori Stroud, who herself was later recruited to Project Raven by Marc Baier. Baier worked at NSA Hawaii along with Snowden. Baier was also one of the three men indicted by the Justice Department along with ExpressVPN's Gericke.

So, as we wade deeper in irony, we have a former NSA operative who stole millions of documents from the US Government and ran to Russia, who is complaining about the employer of a former colleague of a former colleague, both of whom were involved in shady activities, but nothing as vastly criminal as his own actions.

 What now?

Okay, so now you're up to date. You know about the company that just acquired ExpressVPN and its somewhat shady past and, at the very least unethical juking of the stats when it comes to VPN reviews. You know about the  background of ExpressVPN's CIO.

But what of ExpressVPN itself? The key question is, should you use it or skip it?

What I use

One of the most frequently asked questions I get is which VPN service I use. This week, it's been all about whether I'm going to stop using ExpressVPN as my VPN service.

Here's the hard truth: I don't use a commercial VPN service. I don't like the idea of my data going through any of the VPN players' servers. But I'm a bit of an outlier. I've long run my own bare-metal Linux VPN server network located across a few cloud infrastructure providers. I've been hacking my own Linux kernel mods for years, and I'm just as comfortable spinning up a series of servers that bounce traffic as I am making a cup of coffee in the morning.

I do test all the VPN services I review, but only for a limited time, and only on dedicated test machines. Any that I have concerns about have been documented in my reviews. So far, at least among the top players, I haven't found anything much worse than a VPN connection indicating that the connection is routing through a VPN.

But it's important to note that I personally only use a VPN for communication security at airports, hotels, and coffee shops -- which I'm visiting a whole lot less these days. I don't have any need to obfuscate my location in order to illegally route around sports viewing restrictions, or to cheap out and not pay for new episodes of Star Trek Discovery or Picard.

I am also not a dissident, or someone running from an abusive relationship. I don't do financial transactions online when away from my home network. As such, I don't need all the services and all the clients offered by many of the VPN service providers I've profiled.

None of the VPN services I recommend are bad -- I just don't need them in my day-to-day life because I built my own.

But what about ExpressVPN?

What about ExpressVPN? Do these revelations change anything? To answer that for yourself, you'll need to ask yourself three questions.

How good is ExpressVPN for my needs?

When I looked at ExpressVPN, I called it "an easy-to-use VPN with middle-of-the-road everything." I did find that an ExpressVPN connection routed through Security Firewall Ltd, a firm with a surprisingly high Google fraud rating. ExpressVPN reached out to say that Security Firewall is just one of many companies it leases infrastructure from, and its network is secure. You can read the company's statement in my review.

Also: ExpressVPN review: A fine VPN service, but is it worth the price?

Overall, I didn't find that ExpressVPN was the fastest or the cheapest VPN, but it did have great documentation, support for a whole lot of clients, a nice user interface, and was easy to setup. So, from a functional point of view, it's fine. Not great, but generally good enough.

Will the Kape acquisition change things?

Kape has genuinely been going hard after acquiring cybersecurity companies. I'd be comfortable with its pivot (we all did things in the past we regret) if it weren't for the Webselenese acquisition this year. Acquiring those review sites for $149 million just has terrible optics. I reviewed both CyberGhost and Private Internet Access well after their acquisition by Kape, and both products were good.

Also: 

Kape has had a past that's at odds with the mission of a VPN provider. Kape, back when it was Crossrider, liked to hoover up users' data, probably to sell to advertisers. Will it continue to do so? I don't know, but it'd be really foolish if it did. The VPN market is a vastly more profitable business than ad informatics, and Kape's VPN brands are now its golden geese. It'd be insane to risk those cash cows (I know, the mixed metaphor hurts), in favor of selling out its users' data.

What about keeping Gericke on staff?

The company's blog post went to great lengths to show how it is restricting Gericke's access so he won't do baaaad things. But I agree with the premise that you need some offensive warriors when you're at war. I'm not sure Gericke should stay as the company's CIO with any infrastructure responsibility, but keeping a stable of folks who know and understand the enemy is important in this business.

So what's the bottom line?

One thing I'm asked regularly is whether or not ExpressVPN (or any other VPN) is going to share information with the FBI (or name your favorite intelligence agency). The prevailing wisdom is that VPN vendors located outside the various "Eyes" intelligence sharing treaties are somehow safer for those hiding information from government access. This is generally not true. As I discussed in my analysis of NordVPN, most VPN providers have enough of a footprint in MLAT treaty countries that if a three-letter agency wants your information, it'll get it.

So, unless you're a very serious dissident (or, I guess, a criminal) on the run from the government, the whole issue of jurisdiction is merely VPN theatre for the benefit of good marketing hype. And if you are relying on a VPN service to protect your life and freedom, why are you relying on something you read online for your truth? I just showed you that the biggest VPN review sites are owned by a VPN conglomerate. You need to do some very serious investigation and testing on your own, if you want to be truly safe.

If you're currently using ExpressVPN for general-purpose safe computing (like checking your mail at the local coffee shop) and you like it, I wouldn't say you should give it up. If you're relying on any of the Kape brands for a life and death situation, I'd say it's probably not worth the risk.

If you're shopping for a VPN, read all the reviews and try them out. Most give you thirty days, so see how they actually work for you. Again, I wouldn't necessarily dismiss ExpressVPN out of hand because of these reports, but it's up to you to gauge your risk level.

In the mid-1980s, US president Ronald Wilson Reagan was preparing for a summit with Soviet president Mikhail Sergeyevich Gorbachev and wanted to bond with his Soviet counterpart. When Reagan spoke with Russian history scholar Susanne Massie, an American, she introduced him to the phrase doveryai, no proveryai. In English, that's trust, but verify. Reagan apparently liked the phrase so much, he overused it, much to the annoyance of Gorbachev.

In any case, that's how I recommend approaching ExpressVPN: trust, but verify. We'll keep an eye on how the company behaves. Does Kape do anything else that indicates their moral compass is askew? Does Gericke's access become more limited or does he leave the company? Does data secured by ExpressVPN turn out to be less secure?

I don't believe we need to pillory ExpressVPN just yet. All the bad news is tangential to its operations. But I'd advise the company to walk very carefully, to hold its new masters at Kape accountable, and to both know where the line is and stay firmly on the angels' side of that line.


You can follow my day-to-day project updates on social media. Be sure to follow me on Twitter at @DavidGewirtz, on Facebook at Facebook.com/DavidGewirtz, on Instagram at Instagram.com/DavidGewirtz, and on YouTube at YouTube.com/DavidGewirtzTV.


See source: https://www.reddit.com/r/vpngeeks/comments/e0gr9p/expressvpn_review_reddit_review/