TorGuard has filed a legal complaint against NordVPN, a rival competitor in the VPN market, alleging serious malpractices.
On Friday 24 May the US District Court of Florida received the legal filing detailing allegations of a successful Distributed Denial of Service (DDoS) on Black Friday, of wrongfully obtaining confidential trade secret business information, and blackmailing the company. TorGuard is asking for damage compensation to the sum of $75,000.
The accusations are based on the purported collaboration between Panama-based NordVPN and Canadian web hosting company c-Seven Media Inc, which TorGuard also used as a service provider. TorGuard alleges that: “Working together, C-7 and NordVPN wrongfully obtained and used TorGuard’s confidential and trade secret business information to blackmail TorGuard.”
With information about a security flaw, NordVPN allegedly sent a representative to TorGuard asking for favorable reviews from tech experts affiliated to TorGuard. If not, it would disclose the flaw. TorGuard claims that the particular weakness in question was not affecting its users since it was located in one of its non-operational servers.
On May 20, four days prior to the legal complaint, TorGuard released a blog post in which it described “an unknown individual […] from a competing VPN company asking to discuss the relationship between both VPN providers.”
The blog post goes on to state that: “During the conversation the individual demanded a ‘gentleman’s agreement’ asking us to persuade one of our VPN affiliates, Tom Spark Reviews, to remove negative content from YouTube regarding their own VPN brand. The representative then revealed they had damaging information about TorGuard that would be released if we did not comply.”
NordVPN have responded to the lawsuit by releasing a blog post entitled “How we got sued by TorGuard for trying to disclose their own vulnerability to them”. In it, blog editor Daniel Markuson claims that NordVPN made TorGuard aware that one of its “servers was left completely unprotected.” Claiming to be concerned about sensitive information getting into the wrong hands, NordVPN states: “We provided the IP of the affected server without asking for anything in return so that TorGuard could patch up their vulnerability.”
Purporting to be shocked by the subsequent lawsuit filed against it, in the same post NordVPN denies the allegations: “All of these accusations, and we say this with unwavering confidence, are fabricated.”
It went further to speculate that: “We can’t understand their reasoning for doing so, and we’re not sure whether this unprovoked attack was launched because TorGuard are afraid we might disclose their vulnerabilities publicly.”
On top of that, NordVPN announced it will be “filing a suit of our own on the grounds of defamation and libel.”
The VPN market is extremely competitive and security flaws are very serious to VPN users. Therefore it’s not surprising to see the extent of VPN in-fighting, especially following the lawsuits raised by HolaVPN.
It’s not clear if the lawsuit will stand considering NordVPN is based in Panama and C-7 is based in Canada, outside the jurisdiction of the US.