ExpressVPN said it plans to stand by its CIO after Daniel Gericke was named by the U.S. Department of Justice as one of three people who were fined for allegedly providing “hacking-related services” to the government of the United Arab Emirates.
In an announcement earlier this week, the DOJ said that Gericke, 40, Marc Baier, 49, and Ryan Adams, 34, would be paying out fines adding up to $1.68 million in a deferred prosecution agreement (DPA) that settles charges related to their work for an unnamed company that contracted with the UAE government to provide state-sponsored hacking services.
According to the DOJ’s complaint, the trio and their company had contracted with the UAE government between 2015 and 2019 to break into accounts owned by targeted individuals and companies under the brand name “DarkMatter.”
According to the complaint, the accounts were from an unnamed vendor of smartphones and operating systems. Some of those targeted were U.S. citizens or companies based in the U.S.
“These services included the provision of support, direction and supervision in the creation of sophisticated ‘zero-click’ computer hacking and intelligence gathering systems — i.e., one that could compromise a device without any action by the target,” the DOJ said.
“[DarkMatter] employees whose activities were supervised by and known to the defendants thereafter leveraged these zero-click exploits to illegally obtain and use access credentials for online accounts issued by U.S. companies, and to obtain unauthorized access to computers, like mobile phones, around the world, including in the United States.”
As part of the deal, the three did not have to admit to any wrongdoing, but will have to pay the fines (Gericke’s share was $335,000) and agree to restrictions on “future activities and employment.”
We’ve known the key facts relating to Daniel’s employment history since before we hired him, as he disclosed them proactively and transparently with us from the start. In fact, it was his history and expertise that made him an invaluable hire for our mission to protect users’ privacy and security. ExpressVPNCorporate statement
The chief information officer for ExpressVPN once helped the United Arab of Emirates orchestrate a massive cyberspying campaign on computers across the globe.
According to the Justice Department, ExpressVPN CIO Daniel Gericke and two others worked as hackers for hire for the UAE to develop “zero-click” attacks capable of breaking into internet accounts and devices, including those in the US.
All three formerly worked for the US intelligence community. However, by offering their hacking expertise to a foreign country from 2016 to 2019, the trio broke US export controls, which required them to obtain a license from the State Department to provide such services. Reuters originally reported on the hire-for-hacking scheme with the UAE, and said the spying ensnared iPhones and internet accounts belonging to activists, political rivals, and even Americans.
The cyberspying naturally raises questions about the security around ExpressVPN. However, the VPN service is sticking with Gericke, who ceased his work with the UAE once he joined ExpressVPN in December 2019.
“We’ve known the key facts relating to Daniel’s employment history since before we hired him, as he disclosed them proactively and transparently with us from the start,” ExpressVPN wrote in a blog post on Wednesday. “In fact, it was his history and expertise that made him an invaluable hire for our mission to protect users’ privacy and security.”
Despite breaking US laws with the hacking, the Justice Department is refraining from charging Gericke with a crime. Instead, he’s entered into an agreement that forbids him from ever conducting “computer network exploitation” operations on behalf of an employer ever again. He also agreed to pay a $335,000 fine.
ExpressVPN adds that it constantly vets its VPN service for security. “Of course, we do not rely on trust in our employees alone to protect our users,” it wrote in Wednesday’s blog post. “We have robust systems and security controls in place in all our systems or products. We also engage and provide significant access to many independent third parties to conduct audits, security assessments, and penetration tests on our systems and…
https://spinsafe.com/wp-content/uploads/2021/09/expressvpn-cio-helped-united-arab-of-emirates-hack-into-phon_jdsk.1200.jpg6751200SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2021-09-15 22:00:032021-09-15 22:00:03ExpressVPN CIO Helped United Arab of Emirates Hack Into Phones, Computers
Despite the sudden nation-wide lockdown last year due to the pandemic, the Godrej group rose to the occasion and rolled out a remote work model within days for its 12,000 employees spread across four continents.
“The lockdown in India happened quite suddenly and at that moment nobody knew what the future of work would look like,” says Satyavrat Mishra, Assistant Vice President – Corporate IT, Godrej Industries Limited.
Mishra attributes the success of this migration to early adaptability of technology. The Godrej group, whose business interests span across industries like consumer products, Diversified Agri Business, chemicals, real estate and housing finance, had implemented a complete Enterprise Mobility Security (EMS) Suite, along with Microsoft Defender for Office 365 (erstwhile Office 365 Advance Threat Protection) for email security back in 2018.
While the conglomerate’s journey towards enabling employees to work remotely had started before the lockdown, it still did not have a ‘work from home’ culture. One of the biggest challenges Godrej faced was related to identity and security. In an office, there are physical boundaries, hence it is easy to secure the perimeter. With remote working, that wasn’t the case any longer, which made the job of securing the company’s networks and data became different and much more challenging.
“The one thing that worked in our favour was that we’d already adopted Microsoft’s cloud-based solutions for secure connectivity earlier, but we were using it for a smaller user base. After the lockdown, all we had to do was roll it out for all our employees,” Mishra says.
Godrej uses over 150 business applications across verticals, and each of them was connected to Azure Active Directory (AAD) to enable Single Sign-On (SSO) authentication. The company made sure that this solution was enabled not just for employees, but also their vendors and consultants.
“Earlier, there used to be discussions on how to secure the perimeter, how to put more security and network access control solutions. Now, we’re implementing Zero Trust frameworks. That is a major paradigm shift in the way that a security team would define resource access….
https://spinsafe.com/wp-content/uploads/2021/09/how-godrej-is-securing-its-hybrid-workforce.jpg434800SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2021-09-10 07:00:052021-09-10 07:00:05How Godrej is securing its hybrid workforce, IT News, ET CIO
The dimensions of healthcare has widened with the adoption of modern thinking and the acceptance of medical innovation. Over the past few years, there has been an increasing utility and a growth of AI and digital technologies in reproductive medicine for new standardization, automation, and precision.
With automatic annotation of embryo development, embryo grading, and embryo selection for implantation is evolving as one of the best uses of Artificial intelligence applications. The selection process of the best embryo from the larger cohort of the fertilized egg is majorly by the embryologist by grading the embryos.
“The embryo selection process is on the morphology and the photography of that particular embryo. Now, these grading because of the manual intervention will change based on embryologist to the embryologist, lab to lab and, city to city. Thus, the standardizing and automizing the process using AI becomes very, very important,” said, Nitiz Murdia, the co-founder and Director of Marketing & Embryology at Indira IVF Group while, explaining the grading of the embryos in acquiring the best suitable matches.
Multiple organizations are opting towards this development of the Artificial intelligence process to objectivize and standardize these embryos grading to predict the higher implantation potential embryo compared to any X-Y-Z or the other embryo. According to Murdia, the analysis of the data sets plays a vital role in selecting the embryo with higher efficiency.
“If I am an embryologist, I can only do a particular number of cases, but the AI prediction has at least one lakh cases in his database. It can perform a better prediction compared to me, and it has more experience compared to me. I might have experienced it for ten years but, the AI will have a combined experience of 150 years. So that is the biggest advantage I think with this kind of system that exists,” Murdia said.
Overcoming the Issues with AI
As AI increases the evaluation and selection for the embryos, the major problem lies in the grading performed by the individual embryologist. Each system delivers the different results of the same embryo image feed into the system by the…
https://spinsafe.com/wp-content/uploads/2021/09/here-is-how-ai-is-transforming-reproductive-treatments.jpg434800SecureTechhttps://spinsafe.com/wp-content/uploads/2024/01/SS-Logo.svgSecureTech2021-09-08 01:30:042021-09-08 01:30:04Here is how AI is transforming reproductive treatments, IT News, ET CIO
Despite the sudden nation-wide lockdown last year due to the pandemic, the Godrej group rose to the occasion and rolled out a remote work model within days for its 12,000 employees spread across four continents.
The dimensions of healthcare has widened with the adoption of modern thinking and the acceptance of medical innovation. Over the past few years, there has been an increasing utility and a growth of AI and digital technologies in reproductive medicine for new standardization, automation, and precision.