There’s no doubt that our society relies on technology. With nearly 20.4 billion IoT-linked items in existence projected by 2020, we’re more digitally connected than ever. But online security remains a real problem. Although free WiFi may be available in your favorite coffee shop, that doesn’t mean you should automatically connect; doing so can leave your private information vulnerable to internet criminals. That’s why VPNs, or Virtual Private Networks, are so widely used. By obtaining a VPN, you’ll create a barrier between your information and a publicly accessible network, providing a greater sense of security no matter where you surf or what you send.
But, as it turns out, VPN providers may be just as prone to shady dealings as common cyber criminals. Or that’s what one lawsuit alleges, at least. An Orlando-based VPN provider called TorGuard has filed a suit against a competitor, NordVPN, claiming that the latter worked with a Canadian hosting provider to conduct DDoS attacks, steal company secrets, and commit blackmail against the filing company.
In the suit, TorGuard makes major allegations against NordVPN, stating that NordVPN was able to steal proprietary business information from TorGuard while the company worked with Collective 7, Inc (which was originally wrongly named as C-7 in the suit, due to their shared Toronto location and similar brand names). Since the passing of the Defend Trade Secrets Act of 2016, U.S. trade secret case filings have increased from 860 to 930 cases per year to 1,134 cases filed in 2017, and this filing just shows how easy it might be to acquire sensitive business information through company affiliations. Collective 7 is reportedly a NordVPN subsidiary; this relationship was apparently not known to TorGuard at the time they entered into a business arrangement with Collective 7, despite the fact that the latter company has shared employees with NordVPN.
According to the lawsuit, Collective 7 “has routinely, and systematically, targeted and threatened TorGuard” as a result of their relationship with NordVPN, a known competitor of TorGuard’s. The lawsuit states that NordVPN launched a denial-of-service (DDoS) attack on TorGuard on Black Friday on 2018, known as the busiest day of the year for retailers, which caused “significant economic and reputational damage.”
In May 2019, a NordVPN representative supposedly made contact with a TorGuard contractor and revealed that NordVPN had acquired confidential information likely obtained through TorGuard’s relationship with Collective 7. The representative allegedly explained that NordVPN would publish this information, which has been identified as either an undisclosed security flaw or a trade secret, if TorGuard refused to comply with demands pertaining to the removal of a negative YouTube video. According to TorGuard, the company was asked to persuade a VPN affiliate of theirs, known as Tom Spark Reviews, to remove negative YouTube content pertaining to NordVPN’s brand.
For TorGuard’s part, the company maintains that whatever security flaw was discovered by NordVPN was not a threat to their users. Both TorGuard and NordVPN have published inflammatory blog posts telling their side of the story, while NordVPN has fired back that they plan to file a countersuit for defamation and libel.
TorGuard is seeking $75,000 in damages related to the DDoS attack, but because NordVPN is actually based in Panama, it’s not likely that a Florida court will be able to grant any monetary damages from either NordVPN or Collective 7. Even if TorGuard is merely filing the lawsuit to make a point, it seems that the point has been muddied and may never be made completely clear. And while it’s evident that business owners should always do their research before hiring or entering into an agreement with another company, this story might serve as a warning to consumers to choose a VPN provider with secure servers and very little drama.