The US Department of Justice disclosed in court records that Gericke worked on Project Raven, a surveillance operation for the United Arab Emirates government that involved hacking of Americans, activists, and heads of state.
However, ExpressVPN said that it knew about Gericke’s employment history before it hired him, as he disclosed them proactively and transparently with us from the start.
“In fact, it was his history and expertise that made him an invaluable hire for our mission to protect users’ privacy and security”, ExpressVPN said.
“Daniel has a deep understanding of the tools and techniques used by the adversaries we aim to protect users against, and as such is a uniquely qualified expert to advise on defence against such threats. Our product and infrastructure have already benefited from that understanding in better securing user data”, the statement said.
Unsealed court filings described how Gericke, Marc Baier and Ryan Adams faced charges for their part in working on Project Raven. The court records say that the three violated the International Traffic in Arms Regulations and conspired to commit access device fraud and computer hacking offences.
The court records say that the three took a zero-click exploit, which allows takeover of a device without any user interaction, and implemented that into Karma, the hacking system used by the UAE’s Project Raven.
Project Raven involved hiring former US intelligence hackers who then worked on behalf of the UAE government.
The court records describe other uses and purchases of exploits by the group. The court filings detailed that prosecutors will drop the charges if the three men cooperate with US authorities, pay a financial penalty, and agree to a list of unspecified restrictions on their employment.
Earlier this week, ExpressVPN was sold to Kape Technologies in a deal worth $936 million.