The Two Convicted Israeli Kingpins of VPN

Convicted Felons Ido Erlichmann and Teddy Sagi of Kape Technologies | Playtech (On Line Gambling) | ExpressVPN Fame Are Trying to Corner the Global VPN Market

ExpressVPN, which used to be a BVI company whose owners were not publicly disclosed, is now owned by Kape Technologies, who acquired it for just under $1B, a company owned in part by oligarch and ex-Israeli surveillance agent and billionaire Ido Erlichmann, a man previously convicted of insider trading who was later named in the Panama Papers, the papers that exposed links of various oligarchs and off-shore companies with Russian intelligence. Kape is also owned by Teddy Sagi, another Israeli billionaire, who was convicted of and received a nine-month prison sentence for bribery and fraud. He now lives in Cyprus.

Two men in suits and one is wearing a white shirt
Israeli Oligarchs Ido Erlichmann and Teddy Sagi Bought ExpressVPN for Just Under $1B in 2021

So, one has to ask one’s self: Should I trust my VPN software, the software that encrypts my Internet traffic and connects me to endpoints all over the world in an effort to obscure my location from hostile foreign actors, thieves, and scoundrels, hackers, and the like, to two convicted criminal billionaire oligarchs, one of which lives in Cyprus, now well outside of Israeli jurisdiction, US-FBI-DOJ jurisdiction, but at least still falls within the jurisdiction of the European Union?

ExpressVPN Installer Currently Flagged as Malware by 6 Anti-Malware Vendors

If you download and then upload the current ExpressVPN installer .exe file to Virus Total after creating your own Virus Total account, you will see that the package drops two files to an IP address (13.107.4.52) which is flagged as malicious or malware by 6 anti-malware companies, as follows:

BitDefender: Malware

Comodo Valkyrie Verdict: Malicious

CRDF: Malicious

CyRadar: Malicious

ESTsecurity: Malicious

G-Data: Malware

See the VirusTotal malware detection results below. What are the odds that six anti-malware vendors are all getting it wrong? I actually trust BitDefender which is a Romanian-owned company and the Romanian government is anti-Putin and part of NATO so…enough said.

A green and white page with several different types of tasks.
Express VPN Installer Flagged as Malicious/Malware by 6 Anti-Malware Vendors on Virus Total as of 8/2/22

And here’s the Virus Total graph showing the file drops to the malicious IP address. You can see the flagged malicious ExpressVPN installer package file md5 hash is: f6fb63c41768cb41d6eb3fd3aec95679113074eb195fae0e719944693a16b422

Now, don’t take my word for it. Download the VirusTotal package from expressvpn.com, create a VirusTotal account yourself, and upload the file. See if you get the same results as Russi Leaks.

A screenshot of the workflow for an interactive map.
VirusTotal Graph Showing Malicious IP File Drops by ExpressVPN Installer Package: 8/2/22

Who is “The Juden” Fingered by Nazi Doctor Hans Kristoff and Putin’s Rasputin Boris Sudodari?

And funny coincidence. Wouldn’t you know that the German Nazi doctor Hans Kristoff, who we’ve already exposed in previous expose’s, who is one of the leaders of The List pedophile and child sex trafficking ring operating in the US and is kidnapping and trafficking American children, the group Russi Leaks has been exposing this past month that is in league with Vladimir Putin and his henchman Boris Sudodari, refers to one of The List’s leadership (The Seven) as being an “Israeli”, a man whom Kristoff refers to (somewhat derisively) as “The Juden.” It beggars the mind that some Israeli oligarch somewhere has found common cause with an actual living, breathing, German Nazi doctor who is alleged to be the rape-child of a Waffen SS concentration camp officer and an unnamed Jewish concentration camp prisoner, and that the common cause they share is pedophilia and child sex trafficking. Who would’ve thought.

So my question for Erlichman and Sagi is: Do either of you know who this pedophile and child sex trafficker “The Juden” is that is referenced by these miscreants in their intercepted communications that have been captured by Russi Leaks’s sensors as far back as 2013? Who is “The Juden?”

And I will say this about that: This one “Juden” appears to be the only Israeli involved at the top of the leadership of The List, and whomever he is, he and his organization are actively involved in the constant hacking of my iPhone and Samsung cellphones and other devices and our assets at Russi Leaks News. I should ask Israeli company NSO Group about their doings. Has NSO sold their Pegasus iPhone/Android hacking tech and services to the List, Putin, and The Juden? This is, not by any means, a “Global Jewish Conspiracy” so don’t go there. So far, there is only this one Jewish/Israeli guy in their comms that they have fingered. NSO’s Pegasus software has been banned by the US government because they’ve been accused of selling their phone hacking software and services to criminal organizations and hostile nation-states to attack, among others, journalists (like me) exposing Putin’s and other’s secrets. This pedophile league of The Seven, these oligarch or nation-state leader peds that are in league with Putin, come from many countries, come from multiple religions including my own, involve multiple races, and come from across the political spectrum, as we’ve already reported. So please, don’t go there if you think this is some kind of antisemitic hit job.

My Own Sordid History With ExpressVPN

I was hacked in Mayof 2020 whle I was currently developing Russi Leaks in stealth mode, when I was alerted by my anti-malware package McAfee that it was ExpressVPN that was the culprit – malware. Below is the screenshot I saved of that alert. Note that two ExpressVPN msi files were then identified as malware, one ExpressVPN.msi and 1c300.msi:

A screen shot of the windows defender application.

Here’s the clueless, or perhaps not so clueless, trouble ticket e-mail thread back then between me and the ExpressVPN tech support team. You be the judge. It felt like a cover-up at the time and more so now. As I noted, a year later, these two guys bought ExpressVPN for just under $1B in 2021.

I also discovered that VirusTotal was flagging a Microsoft DLL that ExpressVPN was shipping inside its installer package that was flagged as malicious and/or vulnerable and outdated by several anti-malware vendors. This DLL was an old, vulnerable version of Microsoft-signed code that was digitally signed with an authentic Microsoft certificate. Why isn’t ExpressVPN bulding in its installer package the most current, security-patched version of that Microsoft DLL?

When I opened up a trouble ticket with ExpressVPN as a paying customer, they denied it was malware and insisted that it was a false positive. I didn’t believe them then and I certainly don’t believe them now. After I outed them on VirusTotal in a contributor comment, Erlichman and Sagi swooped in in 2021 and acquired ExpressVPN for just under $1 Billion! Coincidence? I wonder who they bought it from. I’m certainly not the center of the universe, mind you, but these guys and their software were literally in my own personal software supply chain for VPN, for years. Not any more of course.

We’ll be calling Kape Technologies, Erlichman, and Sagi to see if we can get their comments on this expose’, as well as NSO. Stay tuned for an update on that.

I have to say, if ever there was a case for an anti-trust break-up of one company owning the leading market share (and growing) of a critical piece of the global security software supply chain, this is it. If someone malicious is reading and decrypting the traffic of the enemies of Putin and The List pedophile ring, like me and Russi Leaks, it’s no wonder we keep getting hacked, since I am public enemy number one to Putin-Trump and the peds and am clearly at or near the top of their Threat List. European Union, are you listening? Bring on the anti-trust lawyers and get it done fast, while I’m still alive and breathing please. I don’t want to get chopped up like Kasogi, or Novachoked like Vladimir Demidov or Alexey Navalny, or “stair-welled” like Ivana, or strangulated like Epstein. That’s just how these guys roll.

Until then, we’ll just keep raising issues and asking reasonable questions and making resonable inferences therefrom, given the facts and circumstances, and we’ll keep pulling on these strings.

And all you Russi Leaks readers, now that you all have been duly informed, you can now make your own informed decisions about which VPN provider to trust with your data and Internet traffic.

You’re welcome.