August 20, 2019
The world of VPNs is a highly competitive one and a field where a lot of factors come into play. From off-the-record discussions to shady DDoS attacks, the latest news paints a picture that isn’t honoring the industry. TorGuard has decided to sue NordVPN and a Canada-based hosting provider, C-Seven Media Inc. (C-7). The allegations made in the relevant complaint that was submitted to the US District Court of Florida include stealing of confidential trade secret information, coordinated attack against technical infrastructure, and blackmailing.
TorGuard filed the attached complaint against NordVPN in the Middle District of Florida last Friday.https://t.co/7rK4Qdbrz4
— TorGuard (@TorGuard) May 27, 2019
According to TorGuard, NordVPN managed to steal secret business information from them by working together with C-7, who at the time was serving TorGuard. C-7 is allegedly a subsidiary of NordVPN, with several employees of the one having jumped ship to the other. Having information about a security flaw in their hands, NordVPN sent a representative to TorGuard and asked for favorable YouTube reviews from tech experts who are affiliated to TorGuard, otherwise, they would disclose the flaw. TorGuard claims that the particular weakness was not affecting their users since it was located in a non-operational server of theirs.
As the lawsuit details, NordVPN has conducted DDoS (Distributed Denial of Service) attacks against TorGuard during the sales-critical day of Black Friday, resulting in substantial financial losses. For this reason, TorGuard is asking for damage compensation of $75000. Since NordVPN is a Panamanian corporation, it is unlikely that the Florida court will be able to grant the requested injunctive relief, as it doesn’t have jurisdiction over NordVPN or even C-Seven Media Inc.
NordVPN however, presents a different version of the same story. In their relevant blog post, they talk about a responsible disclosure of a serious security vulnerability that could jeopardize the safety of TorGuard’s users. Moreover, they deny any connection to the Canadian web design company and find the fact that they are accused of DDoS amusing since no evidence connects them to the allegations. As NordVPN says, all of these accusations are entirely fabricated, and they believe that TorGuard was afraid they might decide to disclose their severe flaws publicly, which they weren’t planning to do anyway.
Due to the jurisdiction controversy that underpins this lawsuit, we will probably never get to learn the details of what really happened, as the lawyers of the three entities will not be called to state their case. Whether TorGuard did try to hide their flaw behind a lawsuit or NordVPN followed unethical business practices, it will remain to be seen and proven in the future.