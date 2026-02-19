In 1982, a Washington software company called Inslaw developed a case-management program for the U.S. Department of Justice. Within a few years, according to a House Judiciary Committee investigation, that software — PROMIS — had been stolen, fitted with a surveillance backdoor, and sold to intelligence agencies across the globe.¹ The man alleged to have brokered that operation was Robert Maxwell, the British-Czech media magnate whose ties to Israeli intelligence were confirmed in the most extraordinary fashion: at his 1991 funeral on the Mount of Olives in Jerusalem, attended by the Israeli prime minister, the president, and at least six serving and former heads of Israeli intelligence.²

Four decades later, the pattern has resurfaced. An estimated 1.6 billion people worldwide rely on virtual private networks to shield their most sensitive online activity — political dissent, financial transactions, confidential journalism.³ A significant share of that market is controlled by a single company with deep roots in Israel’s intelligence establishment. The question that animated the PROMIS scandal has never been more pressing: when the tools people trust to protect their privacy are owned by entities with documented connections to surveillance operations, what exactly is being protected — and from whom?

From Adware to Privacy Empire

The company at the centre of this story is Kape Technologies, a London-registered firm wholly owned by Israeli billionaire Teddy Sagi through his investment vehicle Unikmind Holdings.⁴ Kape’s portfolio includes ExpressVPN, acquired in 2021 for $936 million; CyberGhost, purchased in 2017; Private Internet Access, bought in 2019 for $127 million; and ZenMate.⁵ Together, these services account for three of the six most popular VPN products globally, serving approximately 7.4 million paying subscribers.⁶ Kape also owns vpnMentor and Wizcase, review platforms that rank VPN services — including Kape’s own products — for consumers seeking expert guidance.⁷

Before 2018, Kape operated under the name Crossrider. Founded in 2011, Crossrider built a platform used extensively by the ad-injection industry. A 2015 joint study by Google and the University of California identified Crossrider by name among businesses profiting from forced browser advertising.⁸ Security firms Malwarebytes and Symantec classified Crossrider-based software as malware.⁹ Kape’s CEO, Ido Erlichman, acknowledged the rebranding was necessary due to the company’s association with its “past activities.”¹⁰

The Unit 8200 Pipeline

Crossrider’s co-founder, Koby Menachemi, served as a developer in Unit 8200, the Israeli Defence Forces’ signals intelligence unit — Israel’s equivalent of the NSA.¹¹ Erlichman served in the IDF’s Duvdevan Unit, a special operations formation known for undercover intelligence operations in the occupied Palestinian territories.¹² Unit 8200’s significance extends far beyond Kape. NSO Group, whose Pegasus spyware was used to monitor over 50,000 individuals including heads of state and journalists, was founded by Unit 8200 alumni — and all Pegasus sales required Israeli government approval.¹³ Cellebrite, whose phone-cracking technology serves law enforcement worldwide, emerged from the same nexus.¹⁴

The pipeline functions with remarkable consistency: young Israelis develop elite signals intelligence and cyber-offensive capabilities during military service, then carry that expertise directly into commercial ventures. Parents invest heavily in preparation for Unit 8200 selection, understanding that membership unlocks career opportunities throughout Israel’s technology sector — the unit is widely described as “Israel’s Harvard.”¹⁵ The result is an ecosystem where the boundary between state intelligence capability and private enterprise is porous by design, and where a generation of surveillance professionals populate the leadership ranks of companies selling (anti-) privacy to the world.

The PROMIS Template

The PROMIS affair established the operational template decades earlier. Two federal courts found that the Department of Justice “took, converted and stole” Inslaw’s software “through trickery, fraud and deceit.”¹⁶ A 1992 House Judiciary Committee investigation, the culmination of a three-year inquiry led by Chairman Jack Brooks, found that high-level officials had conspired to steal PROMIS and secretly convert it for use by domestic and foreign intelligence services. The committee’s chief investigator, Ronald LeGrand, told Inslaw’s owners that a trusted Justice Department source had confided the affair “was a lot dirtier for the Department of Justice than Watergate had been, both in its breadth and depth.”¹⁷

Israeli intelligence agent Rafi Eitan, operating under the alias “Dr. Ben Orr,” obtained a copy of the software through Reagan administration contacts. He then worked through former Mossad operative Ari Ben-Menashe to commission a Silicon Valley engineer to construct a backdoor exclusively for Israeli intelligence.¹⁸ According to authors Gordon Thomas and Martin Dillon, this gave Israel covert access to every system running the modified program.¹⁹ Robert Maxwell, leveraging his international publishing empire and unparalleled access to world leaders, brokered sales to agencies across more than a dozen countries — the KGB, the Royal Canadian Mounted Police, agencies in Australia, China, South Africa, and across Latin America. In a sworn affidavit, Thomas reported that Eitan told him Maxwell alone sold over $500 million worth of the compromised software.²⁰ When PROMIS was sold to Credit Suisse, Israel gained the ability to track international money flows through any entity using that bank.²¹

The methodology deserves emphasis: acquire or co-opt a legitimate product trusted by users, modify it to enable covert surveillance, distribute it through commercial channels that conceal the intelligence operation. PROMIS demonstrated that the most effective surveillance infrastructure is one its targets adopt voluntarily, believing it serves their interests.

The contemporary VPN landscape presents a structural parallel that warrants close attention. When users route their entire internet traffic through a VPN, they concentrate extraordinary volumes of sensitive data at a single chokepoint. Every website visited, every communication initiated, every file transferred, every search query entered passes through the provider’s servers before reaching its destination. The VPN provider occupies a position of near-total informational trust — a position more comprehensive than that of an internet service provider, since the VPN captures traffic across all networks the user connects to. A VPN that keeps logs, or whose infrastructure could be modified to enable selective monitoring, would represent a surveillance capability that PROMIS’s architects could only have imagined. Where PROMIS tracked case files, a compromised VPN tracks lives.

The Gericke Affair

If structural concerns about VPN ownership remained theoretical, the case of Daniel Gericke made them concrete. In September 2021, the day after Kape announced its ExpressVPN acquisition, the U.S. Department of Justice unsealed records revealing that ExpressVPN’s chief information officer had worked as a mercenary hacker for the United Arab Emirates.²² Gericke had participated in Project Raven, a clandestine operation that ran from 2016 to 2019. The team built Karma, a zero-click exploit system — capable of infiltrating target devices with no user interaction whatsoever — and deployed it against human rights activists, journalists, rival heads of state, and American citizens. Reuters’ 2019 investigation found that some activists targeted by Project Raven were subsequently tortured by UAE security forces.²³

Gericke reportedly renounced his U.S. citizenship in 2017 while working on Project Raven. He was informed on “several occasions” that his work violated the International Traffic in Arms Regulations, yet continued regardless.²⁴ He eventually paid a $335,000 fine and agreed to cooperate with U.S. authorities under a deferred prosecution agreement.²⁵ ExpressVPN stated it had known “key facts” of his history and that its trust “remains strong,” arguing his surveillance expertise made him “a uniquely qualified expert to advise on defense against such threats.”²⁶ Internal employee questions obtained by Vice revealed deep alarm within the company, with staff asking how ExpressVPN could present itself as ethical while employing someone who had built tools to hack journalists’ phones.²⁷

The Disappearing Act

In 2023, Sagi completed consolidation. Through Unikmind, registered in the Isle of Man, he acquired 98.54 percent of Kape’s shares and delisted the company from the London Stock Exchange on May 31, 2023, in a transaction valuing Kape at approximately $1.58 billion.²⁸ The privatization eliminated the last mechanisms of public accountability — no more financial disclosures, regulatory filings, or public scrutiny of a VPN empire serving millions.²⁹

The broader pattern extends beyond Kape. Onavo Protect, an Israeli VPN acquired by Facebook in 2013 for $120 million and founded by Unit 8200 graduates, was marketed as a privacy tool while covertly monitoring user activity.³⁰ Internal documents revealed the operation, dubbed “Project Ghostbusters,” involved creating fake digital certificates to intercept encrypted traffic from Snapchat and YouTube.³¹ Australia’s Federal Court ordered Meta to pay AUD $20 million for deceptive conduct related to Onavo.³² Hola VPN, also headquartered in Israel, was exposed for selling users’ bandwidth to third parties.³³ The Aura/Pango/Point Wild corporate structure, with Israeli founding ties, controls additional brands including Hotspot Shield and Betternet.³⁴

Meanwhile, broader tech consolidation continues apace. Apple’s recent $1.6 billion acquisition of Q.AI illustrates how rapidly privacy-adjacent technology companies change hands — often with limited public scrutiny of the implications for user data sovereignty.

What Remains Unknown

Responsible accounting demands distinguishing documented facts from inference. No public evidence has emerged that Kape has sold user data to any intelligence agency, inserted backdoors, or cooperated with any government in monitoring users. Independent audits of ExpressVPN’s no-logs policy have found the claims credible at the times they were conducted.³⁵ Technical measures like RAM-only server architectures provide additional structural assurances.

What is documented is a pattern: an Israeli billionaire with a fraud conviction acquired a company associated with malware distribution, staffed its leadership with intelligence and special operations veterans, spent over a billion dollars consolidating major VPN brands, purchased the review sites evaluating those brands, hired an executive who had built state surveillance tools targeting journalists, and then took the entire operation private — eliminating every mechanism through which the public might verify that privacy promises are kept. Israel’s own domestic security agency, Shin Bet, maintains legal authority to compel telecommunications providers to furnish user metadata — and the question of whether VPN companies with corporate presence in Israel fall within that jurisdiction is one no regulator has publicly addressed.³⁶

The PROMIS affair generated congressional investigations, federal court proceedings, and a special counsel appointment. Those processes existed because the scandal involved government agencies subject to legislative oversight. The VPN market operates in a regulatory vacuum where no equivalent accountability exists. No international body reviews beneficial ownership of privacy infrastructure. No treaty governs which entities may acquire technology through which millions route their most sensitive communications. Consumers are left trusting corporate assurances from companies they cannot see into, owned by individuals they cannot scrutinize, governed by laws whose reach they may not comprehend.

Robert Maxwell’s funeral cortège wound through Jerusalem in November 1991. Israeli Prime Minister Yitzhak Shamir reportedly said that Maxwell had “done more for Israel than can today be said.”³⁷ Three decades on, the privacy industry may have produced successors whose full contributions are equally difficult to assess — not because the evidence is hidden in classified files, but because the corporate structures that might contain it have been made deliberately opaque.

Next week: The man behind the empire. Teddy Sagi — convicted fraudster, gambling software mogul, and the Israeli billionaire who spent over a billion dollars assembling the world's largest VPN conglomerate before pulling it off the stock exchange entirely — gets the investigation his corporate architecture was designed to prevent. "The Men Who Sold You Privacy" traces the full network from a Tel Aviv courtroom to the Isle of Man, from IDF donations to your monthly subscription fee.

Sources

This article is based on extensive open‑source research, including reports, investigations, policy papers, corporate documents, and legal or NGO.

For readability, individual sources are not listed here in full. If you want to review the complete bibliography, including direct links, outlet names and publication dates, you can request it by sending me a private message on Substack. I will share the full source list and additional background material on request.