Kape Technologies (formerly Crossrider) has now acquired four different VPN services and a collection of VPN “review” websites that rank Kape’s VPN holdings at the top of their recommendations. This report examines the history of Kape Technologies and its rapid expansion into the VPN industry.

Update: We have added new information and corrections to this report, while also publishing another article that closely examines the business of Kape and Crossrider.

As is normal in the tech industry, the VPN world is undergoing some major changes and consolidation. The most recent example of this is with ExpressVPN, which announced plans this week to be acquired by Kape Technologies. While this may come as a surprise to some, it is nothing new in the industry. In fact, Kape has been on a VPN buying spree since 2017.

Unfortunately, many VPN users remain oblivious about the real owners of the VPN they are using as well as the history behind some of these entities. This is not because the owners are concealing anything, but rather, most “VPN review” websites fail to mention these important facts.

Before 2018, Kape Technologies was called Crossrider and it was often discussed in the malware and adware industry. You can still find numerous outlets that discussed Crossrider malware and adware infecting various devices, such as with Malwarebytes, Symatec, and Security Beulevard in 2019.

Below is an excerpt from a Malwarebytes article that discussed how Crossrider malware infected devices through software bundles:

Crossrider offers a highly configurable method for its clients to monetize their software. The common method to infect end-users is software bundlers. The installers usually resort to browser hijacking. Targeted browsers are Internet Explorer, Firefox, Chrome, and sometimes Opera. Crossrider not only targets Windows machines but Macs as well.

PUP.Optional.Crossrider installs are typically triggered by bundlers that offer software you might be interested in and combine them with adware or other monetizing methods.

While many outlets attributed this “Crossrider malware” to the people/business behind Crossrider itself, the truth is that Crossrider never created malware. Instead, the Crossrider platform was abused by third parties to spread malware and adware.

Crossrider offered monetization options that were used by ad injectors

We closely examined Crossrider’s history here and learned that it was a big player in the ad injection industry. In fact, there was even a research paper published by UC Berkeley, Google, and other co-authors who called out Crossrider’s business practices.

Crossrider is a mobile, desktop, and extension development platform that enables drop-in monetization via major ad injectors. Crossrider provides its affiliate ID to ad injectors while separately tracking kick-backs to developers. The other top affiliates listed in Table III are all cross-browser extensions and plugins that impact Chrome, Firefox, and Internet Explorer.

The main investor behind Kape is Teddy Sagi, an Israeli billionaire who previously spent time in jail for insider trading — but this happened all the way back in 1996, early in Sagi’s career. Sagi acquired Kape Technologies in 2012 and is an investor in many other industries.

Interestingly, Sagi is also named in the Panama Papers that detail a “rogue offshore financial industry.”

Another key figure behind Crossrider/Kape is Koby Menachemi. Forbes wrote a interesting article on Menachemi, detailing his ties to Israeli intelligence and cyber espionage.

Forbes noted the ties that Crossrider had to Israeli state surveillance entities:

A vast number of companies are affiliated with ad injectors, either packaging their tools or funnelling ads down to them. One of the biggest is Crossrider, the majority stake of which is held by billionaire Teddy Sagi, a serial entrepreneur and ex-con who was jailed for insider trading in the 1990s. His biggest money maker to date is gambling software developer Playtech. Co-founder and CEO Koby Menachemi was part of Unit 8200, where he was a developer for three years.

What went unnoticed, until now, is that most of the searchable organisations involved in this potentially dangerous business are based in Israel. They also happen to have links to the nation’s military and its top signals intelligence agency, the Israeli equivalent of the NSA or GCHQ: Unit 8200, which works out of the Israel Defense Forces (IDF).

It’s important to note, however, that Menachemi is no longer with Kape. And as we noted here, nearly the entire leadership of Crossrider left the company when Crossrider closed down its development platform. Furthermore, today, Kape is led by CEO Ido Ehrlichman, who was never part of Crossrider.

Interestingly, we also just learned that ExpressVPN’s CIO, Daniel Gericke, also has ties to state surveillance activities. According to Reuters, Gericke and two others are accused of “violating U.S. hacking laws and prohibitions on selling sensitive military technology” to the United Arab Emirates. According to reports, this “sensitive military technology” helped the UAE spy on dissidents and human rights activists.

Make of this situation what you will. However, keep in mind that when you use a VPN, you are trusting the service to handle all of your internet traffic and not do anything questionable in the background.

malaysians use VPN to bypass the bad routing only
they don't care privacy or security

dulu guna local puya.. BolehVPN

Did you also know lowyat host (.net) is from Yahudees?

Many thought using VPN are safe, but...

Don't be surprise they're also hired by our telcos and government to do security audits and run the country's cyber security team.

2024 still got ppl used centralized VPNs?...

https://www.mysterium.network/