In a recent Twitter post, TorGuard announced that they’ve just taken measures against NordVPN and a web hosting provider from Canada, C-Seven Media, Inc., by filing a lawsuit.
The full copy of the lawsuit, which was filed in a Florida district court, can be accessed and read from here.
The reason why TorGuard, a Florida(US)-based VPN service provider, would suddenly decide to file a lawsuit against a competitor VPN service based in Panama (NordVPN) and a web hosting company based in Canada (C-Seven Media, Inc.) might still be a mystery for you, but we’ll get to that soon.
The blog post that started it all
A few days back, on the 20th of May 2019, TorGuard has published a post on their blog, stating that a series of events took place, which we believe were the precursory to the recently-filed lawsuit.
The events described in their blog are as follows:
- A staff member has received an unsolicited visit from an “unknown individual” at his/hers personal residence. The “individual” asked if they could talk about the VPN industry. At the same time, the staff member also received an email on their “personal account” from a competing VPN company, asking to discuss the relationship between TorGuard and the VPN company they were representing;
- One of the checkpoints in the conversation was when the “individual” allegedly extended a “gentleman’s agreement” towards the TorGuard staff member, asking for the persuasion of a certain TorGuard affiliate, “Tom Spark Reviews,” to remove negative contents regarding their own brand from the associated YouTube channel;
- At some point, the “unknown individual” revealed the competitor VPN had some damaging information about TorGuard that would be revealed in case they wouldn’t comply with their demands (removing the negative content);
- Apparently, the damaging information was that TorGuard’s “2017 IPsec streaming server install scripts had recently become open in error”;
- TorGuard’s response was to immediately verify the server, and they noted that it was, indeed, left open during upgrades, but the certificate and server that were the subject of the “damaging information” were reportedly not used for installs since January 2018 and are not in production on the TorGuard network. Apparently, there was no security risk, but as a measure, TorGuard has reissued certificates per their security protocol;
Note that in the blog post, TorGuard didn’t even hint at the identity of the competitor VPN company, but kept an ambiguous air about it and let their readers make out what they want of those statements. However…
TorGuard sues NordVPN and C-Seven Media, Inc.
Not long after, on the 24th of May (less than a week after the blog post), TorGuard has filed a lawsuit in a Florida district court (Orlando) against NordVPN and the C-7 web hosting company.
The lawsuit’s opening consists of attacks aimed at NordVPN’s “misleading advertising” scandal that they were a part of a while ago, but also claims that they were leasing IP addresses from ARIN, both of which had absolutely no connection to the allegations.
The lawsuit reveals that TorGuard has been allegedly threatened by NordVPN with “previous legal action” and that the latter has performed DDOS attacks (strategically-timed, too) on TorGuard’s website during Black Friday, in an attempt to destabilize them, and have succeeded, as the results were “significant economic and reputation damages.”
According to the lawsuit, TorGuard claims that C-7 are controlled by NordVPN or at least affiliated with them and that they’ve allegedly made a purchase offer in NordVPN’s name. However, the lawsuit also reveals that C-7 have been previously contracted by TorGuard, in 2018, which supposedly is the way C-7 discovered the damaging information about TorGuard in the first place. The “damaging information” was then provided to NordVPN, which in turn allegedly used these pieces of data to blackmail TorGuard.
TorGuard also states that NordVPN, through their representative, extended a “gentleman’s agreement,” asking TorGuard to convince “Tom Spark Reviews” to remove some content from their YouTube channel that gave NordVPN a bad name, otherwise TorGuard’s security flaws would be made public.
TorGuard requested compensation from the parties that were involved in the scandal, damages “in excess of $75,000,” legal fees, “exemplary damages” worth twice the amount of the actual losses, “additional relief” and the recovery of all the profits that they lost.
Last, but not least, TorGuard demands a jury trial, claiming that both NordVPN and C-Seven Media, Inc. have violated “Florida’s Computer Abuse and Data Recover Act (“CADRA”), the Florida Uniform Trade Secrets Act (“FUTSA”)” and, related to TorGuard’s business relationships, “Tortious Interference.”
NordVPN make a stand
After finding out about the lawsuit, NordVPN has made some official statements, but also wrote a post on their blog, telling the story from their side.
Apparently, some time ago they’ve received a tip that led them to discover some critical information about TorGuard: a server configuration file that was lying “in the open” on the Internet. Digging around, they’ve been able to make out the way TorGuard’s service was configured, a bunch of infrastructural IP addresses, private keys, IP addresses of TorGuard’s authentication servers and other similar assets, only from the “leaked” file.
More so, NordVPN attempted to access some of the leaked IP addresses in the file from a regular browser and discovered that one of the servers in the list was completely open, unprotected, vulnerable. After accessing it, they discovered that the server held several scripts and sensitive information that could’ve been used to deal major damage to TorGuard and their customers if it fell in the wrong hands.
Reportedly, after seeing how grim the situation really was, NordVPN reached out to Keith Murray, TorGuard’s CTO, informing him and Benjamin Van Pelt (TorGuard’s CEO) about their findings, “over and end-to-end encrypted messaging platform.”
Apparently, NordVPN have had strong reasons to believe that TorGuard is running an “illegal defamation campaign” against them and were hoping that after providing the latter with this critical piece of information, instead of making it public, to begin with, they’d be able to put their differences aside and the defamation campaign will come to an end. However, NordVPN claims that they are “still having trouble wrapping our heads around what happened next” (i.e. TorGuard filing a lawsuit against them).
NordVPN didn’t skip a beat and quickly dismissed the accusations brought to them by TorGuard, deeming them as “false,” “malicious,” and “misleading.” As a result, NordVPN has decided to retaliate by filing a lawsuit of their own “on the grounds of defamation and libel” against TorGuard.