What does a company with a history of producing malware have to do with a VPN service that offers privacy and security?

There is a lot speculation and questions that have surfaced since Private Internet Access announced that it was acquired by Kape Technologies. With the merger between PIA and Kape, many VPN users are wondering if now is the time to jump ship or trust there will be smooth sailing ahead.

In this article we’re going to put Kape and Private Internet Access under the microscope and show you exactly why people are alarmed.

Kape Technologies acquires Private Internet Access, plans another name change

On November 19, 2019, Kape Technologies officially announced its plan to acquire Private Internet Access.

Kape Technologies, is delighted to announce the transformational acquisition of Private Internet Access (PIA), a leading US-based digital privacy company. This acquisition will significantly increase the company’s presence in North America and doubles its existing user base to over 2 million paying customers with a truly global brand. This catapults Kape towards becoming the ‘go-to’ privacy company for consumers, paving the way to dominating the rapidly growing digital privacy space, which is already worth US $24 billion in 2019 and is expected to grow by 50% by 2022. According to the Breach Level Index, in the first half of 2018, more than 25 million records were compromised every day, which equates to 291 records every second. As technology develops, and more and more data is shared online, the need for online protection is increasing exponentially.

This all sounds fine on the surface, and there is truly a need for reliable privacy tools. As we’ve covered before, the cybersecurity statistics and trends are only getting more alarming with each passing year.

But this acquisition also raises some interesting questions:

What is the background of Kape Technologies?

Can Kape be trusted with protecting your privacy online?

Why are many longtime PIA customers freaking out and cancelling their subscriptions?

Kape plans to change its name (again)

While most acquisitions are designed to boost the parent company’s name, in this case, Kape Technologies is planning to drop its own name. Kape will be taking on the name of “Private Internet” as the parent company of Private Internet Access. This actually marks the second time that Kape (formerly Crossrider) has changed its name in just the past few years.

Why would Kape undergo yet another name change? (We’ll answer this below.)

Kape Technologies also owns CyberGhost and Zenmate

This latest acquisition marks another trend we’ve seen developing over the years: consolidation in the VPN market. But this isn’t the first time Kape Technologies has been involved in a VPN acquisition. Before it changed it’s name to Kape Technologies, the company was called Crossrider – and it was buying up VPNs.

Before 2017, Crossrider was not in the VPN business, but rather, the malware business (we’ll cover this below). However, in March 2017, Crossrider purchased CyberGhost VPN for about $10 million.

Despite being purchased by an Israeli company, CyberGhost claims it remains a Romanian VPN provider under the jurisdiction of Romania.

Then, in 2018, Crossrider purchased another VPN service, Zenmate. According to Edison, Crossrider paid €4.8 million for Zenmate, a Berlin-based VPN provider.

With the latest acquisition of Private Internet Access, Kape is the parent company of three different VPN services.

This is the consolidation of the VPN industry, as smaller companies get bought up by the big players.

Now let’s take a closer look at Kape Technologies.

Crossrider (Kape) created “high risk” malware and adware

Before changing its name to Kape Technologies in 2018, the company was called Crossrider.

If you take a minute to research Crossrider, you see that it is a company that built a (bad) reputation from creating malware and adware products. There are many different articles about Crossrider’s malware and adware, such as this article from Malwarebytes:

Crossrider offers a highly configurable method for its clients to monetize their software. The common method to infect end-users is software bundlers. The installers usually resort to browser hijacking. Targeted browsers are Internet Explorer, Firefox, Chrome, and sometimes Opera. Crossrider not only targets Windows machines but Macs as well. PUP.Optional.Crossrider installs are typically triggered by bundlers that offer software you might be interested in and combine them with adware or other monetizing methods.

According to Malwarebytes and many other reputable online security websites, Crossrider was hiding malware in software bundlers, which would then infect the user’s computer.

From Symantec:

Risk Impact: High

Systems Affected: Windows

Behavior

Adware.Crossid is a security risk that displays advertisements in certain social networking sites and Web browsers.

And for those who want to dismiss this as old history, there are articles as recent as 2018 warning about Crossrider malware infecting computers. And note, this was after Crossrider had purchased CyberGhost in 2017.

A 2018 article from Malwarebytes describes how Crossrider was infecting computers with fake Adobe Flash updates:

A new variant of the Crossrider adware has been spotted that is infecting Macs in a unique way. For the most part, this variant is still quite ordinary, doing some of the same old things that we’ve been seeing for years in Mac adware. However, the use of a configuration profile introduces a unique new method for maintaining persistence. …This new Crossrider variant doesn’t look like much on the surface. It’s yet another fake Adobe Flash Player installer, looking like the thousands of others we’ve seen over the years….

So is this old history, or a pattern of behavior?

Can a company that built a business around malware and adware be trusted with running a VPN service and protecting user privacy?

Importantly, we see that even in 2018, after Crossrider had already purchased CyberGhost VPN, its malware was still making headlines and infecting peoples’ computers.

Who is behind Crossrider and Kape Technologies?

The main figure behind Crossrider and Kape Technologies is the Israeli billionaire Teddy Sagi. In fact, some outlets refer to the company as “Teddy Sagi’s Kape” when discussing the latest merger news with PIA.

You can read about Teddy Sagi on Wikipedia; he has an interesting history.

Forbes wrote an interesting article (archived) that discusses Crossrider, Sagi, and the company’s ties to the Israeli intelligence community.

The Forbes article had this to say about Sagi and Crossrider:

A vast number of companies are affiliated with ad injectors, either packaging their tools or funnelling ads down to them. One of the biggest is Crossrider, the majority stake of which is held by billionaire Teddy Sagi, a serial entrepreneur and ex-con who was jailed for insider trading in the 1990s. His biggest money maker to date is gambling software developer Playtech. Co-founder and CEO Koby Menachemi was part of Unit 8200, where he was a developer for three years.

So what is Unit 8200?

Forbes explains this connection as follows:

What went unnoticed, until now, is that most of the searchable organisations involved in this potentially dangerous business are based in Israel. They also happen to have links to the nation’s military and its top signals intelligence agency, the Israeli equivalent of the NSA or GCHQ: Unit 8200, which works out of the Israel Defense Forces (IDF).

The co-founder and CEO of Crossrider was Koby Menachemi, who was also part of Unit 8200, as you can see on his archived LinkedIn page.

But I’m not the first (or only) person pointing these things out. It seems word has gotten out, with other articles (archived) pointing out these same concerning ties.

You can read more about Unit 8200 here.

And these developments seem to be worrying many PIA users.

Why another name change?

As noted earlier, this latest decision will be the second time in the past few years that the company has changed it’s name:

Crossrider > Kape Technologies > Private Internet (planned)

So why does this company keep changing its name?

Answer: to distance itself from a questionable and controversial past.

As the CEO admitted here, the name change was an attempt to distance Kape from controversial “past activities”:

The decision to rename the company, explains Erlichman was due to the strong association to the past activities of the company as well as the need to enhance the consumer facing brand for the business.

CyberGhost also admitted in a blog post that Crossrider was an “ad tech” company that did the “opposite” of what CyberGhost does (privacy and security):

While CyberGhost focused on privacy and security from day one, Crossrider started out as a company that distributed browser extensions and developed ad tech products. Quite the opposite of what we did.

This latest name change seems to fulfill two objectives:

It further distances the company (Kape/Crossrider) from its controversial past.

It rebrands the business to be about “privacy” now that it owns three different VPNs.

Some PIA users are freaking out

While I’m not certain if this trend is representative of a large percentage, or instead a vocal minority, there are clearly some upset PIA users canceling their subscriptions. Various forums have been lighting up with talk about Crossrider, Kape, malware, and links to overseas intelligence operations.

When asked why everyone is skeptical about PIA following the merger with Kape, one reddit user succinctly put it this way.

The alarm among Private Internet Access users has apparently been enough for PIA to go into damage control mode. They issued a post on reddit to try to calm fears and mitigate subscription cancellations.

So now to the million-dollar question.

Is PIA safe and trustworthy after the merger with Kape?

Short answer: you decide.

With Private Internet Access merging with Kape, and retaining the “Private Internet” name for the parent company, there is a lot to consider. Ultimately, only you can decide if PIA is still an adequate privacy tool to place trust in for your unique threat model and needs.

Up until this point, Private Internet Access had a pretty good track record. It is one of a few verified no logs VPN providers, having been tested in two separate court cases and proven to not keep logs. But it is also a VPN operating in the United States, a Five Eyes surveillance country with bad privacy laws.

Now fast forward to today, and the good track record may not be enough for some people.

One of the big draws of PIA is that it was a battle-tested VPN that was proven to not keep logs in court. On a positive note, there are a few other proven no logs VPN providers, some of which have passed third-party audits.

It is also a cheap VPN service, with very reasonable pricing. But again, there are many other cheap VPNs on the market. Lastly, our best VPN list includes other recommendations as well.

At the end of the day, only you can decide which privacy tools are safe and effective for your unique needs. This case is somewhat similar to the recent news of System1 acquiring an undisclosed portion of Startpage.

Ultimately, if the news about PIA merging with Kape Technologies leaves you feeling uneasy, there are many other VPNs to consider.