ExpressVPN CIO among three facing $1.6 million DOJ fine over Project Raven

Samuel Corum/Getty Images

The chief information officer of a leading virtual private network is reportedly among three former US intelligence and military personnel fined more than £1.6 million by the US Department of Justice to resolve hacking-related charges. ExpressVPN CIO Daniel Gericke, as first reported Tuesday by Reuters, is a former US intelligence operative and one of the three members of Project Raven who worked as mercenary hackers for the United Arab Emirates, helping it spy on its enemies. ExpressVPN said its trust in Gericke "remains strong." 

The three defendants have agreed to cooperate with US authorities and pay the fine in exchange for deferred prosecution, according to a Justice Department release.

The three have also forfeited foreign and US security clearances and face future employment restrictions. The agreement comes a day after ExpressVPN announced it had been sold as part of a £936 million deal to former adware distributors Kape Technologies, a company cofounded by an ex-Israeli surveillance agent and a billionaire previously convicted of insider trading

Get the CNET Home newsletter

Modernize your home with the latest news on smart home products and trends. Delivered Tuesdays and Thursdays.

Read moreWhat is Kape Technologies?

What you need to know about the parent company of CyberGhost VPN  Despite future employment restrictions, ExpressVPN said in an email to CNET that it still backs Gericke's position within the company.  "We've known the key facts relating to Daniel's employment history since before we hired him, as he disclosed them proactively and transparently with us from the start.

In fact, it was his history and expertise that made him an invaluable hire for our mission to protect users' privacy and security," ExpressVPN said, adding that the company has already benefitted from Gericke's history as a US intelligence operative. "We were confident at the time and continue to be confident now in Daniel's desire and ability to contribute to our mission of enabling users to better protect their privacy and security. He has demonstrated nothing but professionalism and commitment to advancing our ability to keep user data safe and private.

Our trust in Daniel remains strong." By Tuesday evening, Gericke's social media accounts on Twitter and LinkedIn appeared to have been removed from public view.  Project Raven, first exposed in 2019, involved the development and deployment of hacking and surveillance tools for the UAE that were allegedly used to target US victims and prominent activists who spoke out against the UAE's human rights record.

Other Project Raven targets allegedly included the Emir of Qatar, a Nobel Peace laureate human-rights activist in Yemen.  In a Justice Department release, Acting Assistant Attorney General Mark J. Lesko called the agreement a "first-of-its-kind resolution" for an investigation into two distinct strains of crime. 

"Providing unlicensed export-controlled defense services in support of computer network exploitation, and a commercial company creating, supporting and operating systems specifically designed to allow others to access data without authorization from computers worldwide, including in the United States," he said. "Hackers-for-hire and those who otherwise support such activities in violation of U.S. law should fully expect to be prosecuted for their criminal conduct."