ExpressVPN have received some unwelcome publicity after it was revealed that servers leased by ExpressVPN were used in an attempt to cover up details in the assassination of Russian Ambassador Andrey Karlov in Turkey.
Karlov was a Russian diplomat working in Turkey as the Russian Ambassador. One year ago on the evening of 19th December 2016, Karlov was assassinated while giving a speech at an art gallery in the Turkish capital, Ankara.
Mevlüt Mert Altıntaş was named as the perpetrator of the incident who was able to enter the art gallery unchallenged after showing his police ID.
A video showing Altıntaş dressed in a suit was widely circulated where he aimed directly at Karlov and fired. The Turkish security forces shot Altıntaş in retaliation which resulted in both Karlov and Altıntaş dying from their injuries.
The ExpressVPN connection
ExpressVPN will no doubt be horrified that they have been caught up in such an international political event but with the VPN services being known to protect privacy it is inevitable that they will be used for both good and evil.
It is alleged that a still unknown accomplice of Altıntaş logged into his Facebook and Gmail accounts in an attempt to delete incriminating evidence.
The unknown user made use of VPN servers leased by ExpressVPN in Turkey to protect their privacy in an attempt to cover their tracks when deleting details from Altıntaş’s accounts.
In a statement released by ExpressVPN it would appear they were already aware of the usage of their service. ExpressVPN said in January 2017 they told Turkish authorities investigating the connection that they do not store user logs and so would be unable to pinpoint exactly which user was connected at the time of the incident.
They further clarified that it would be impossible to know which user was accessing Facebook or Gmail as they do not store any activity logs.
VPN Server seized
It is not clear if Turkish authorities took the steps to physically seize the server rented by ExpressVPN before contacting them for information or after.
However, it appears that no further details were discovered on the server reaffirming ExpressVPN’s claims that they do not store any log information of their user connections.
While the case shocked both Turkey and Russia the result of a VPN provider being dragged into the fringes of the case make for interesting reading.
ExpressVPN is not alone and are joined by an ever growing line of VPN providers who have been caught up in scandal around the world.
ExpressVPN should be proud of themselves, as even though the case highlights clearly criminal use of their VPN service, the case gives weight to ExpressVPN’s claims of storing no logs of their user activities.
Other VPN providers not so guilt-free
The most recent case of a VPN provider being caught with their trousers down was PureVPN who it was revealed cooperated with law-enforcement in the United States which eventually led to the arrest of a cyber-stalker. PureVPN failed to comment on the case but it has no doubt hurt their future user-base.
One of the earliest cases of VPN provider privacy lapses was the case involving HideMyAss and the Lulzsec group. In a first of its kind back in 2011, HideMyAss was involved with outing members of the infamous website hacking group Lulzsec. Their use of the HideMyAss service and subsequent discussion of it assisted the downfall of some of their members.
In 2014, EarthVPN felt the wrath of the online privacy community after it was revealed that one of their servers were seized by Dutch police in the case of a telephone bomb-hoaxer. EarthVPN claimed they stored no logs and were the victim of data-centre IP logging, although the truth behind this has since been questioned on various forums.
So while ExpressVPN will no doubt be disappointed to be caught up in such an international and saddening case they should take pride that it’s no-log claims have publicly been put to the test.
As VPN services grow in size it is inevitable that providers will continue to be caught up in such cases.
Putting aside the seriousness of the Turkish incident, users of privacy services for legal purposes will clearly make choices to move to providers such as ExpressVPN who have shown to be robust even in the most extreme of circumstances.