National Security National Security

An Overview of the Growing Threat

Approximately 20% of the world’s global population are being either directly or potentially set up for the Chinese government to collect all of their private emails, messenger conversations, personal records, as well as the psychological information that could be assessed from that data. The potential harvesting of this VPN data should concern us all.

“Everyone sees what you appear to be, and few experience what you really are.” ― Niccolò Machiavelli, The Prince

China can access 20% of the world’s private data

There are 4.57 billion Internet users in the world.i 31% of those use a VPN.ii Upon reviewing a sample size of 30 popular VPNs, we can estimate that approximately 62% of those are secretly Chinese-owned VPNs currently installed on 878,354,000 consumer user devices.iii Thus, we can estimate with arithmetic the following:

(4,570,000,000 Internet users x 31% VPN users) x 62% Chinese-owned VPNs
= 878,354,000 Chinese-owned VPNs installed on user devices worldwide.

In 2020, 29% of Americans reported using a VPN for personal use (up from 11% in 2019). Of the 275 million Internet users in the US, this means that 39 million Americans may be sharing embarrassing, personal, or otherwise secret data with China. Earlier this year, a number of VPN company databases were breached and leaked; these VPNs claimed to not keep user logs, yet they did. UFO VPN, based out of Hong Kong, is among them. The total amount of log data leaked exceeds one terabyte. In other words, simply because a VPN claims to not have logs does not mean they can be trusted on their word, when the CCP is involved. iv

State Actors Snooping on Americans in the VPN Space?

The free world’s vulnerability to shady VPNs is evident in all levels of the industry, including top market share companies. It is very hard to raise capital to start a business. It is very hard to run a business once that capital has been raised. It is almost impossible to raise capital for a business with political goals that run counter to the profit motive. Ergo, when VPN businesses get political, we may consider that smoke indicates a fire, with fire being evidence that the business in question may be a state-supported surreptitious operation designed to collect mass population data. Let’s start with the most obvious facts. VPNs make money pursuing the following markets, with video streaming at the top.

If one were to start a VPN business, the foremost priority would be to maximize profit by focusing on the largest segment of users: video streaming by circumventing geo-blocking. If a VPN were to go against the grain and seek out more fickle, suspicious, and narrowly focused customers, one could argue this is not the best use of capital. When businesses start to move away from focusing on profit, they may raise red flags as supporting state actor initiatives: or aligning with them. Express VPN is one of those curious cases.

Express VPN is a Hong Kong company that is officially registered as a company in the British Virgin Islands. Using Internet Archive, we can see that they used to announce their place of business as Hong Kong.v For more than a decade they obscured their ties to Hong Kong, China, through an offshore shell company in the British Virgin Islands (ie. a shell company that exists only on paper).

In terms of market share, Express VPN ranks in the top 5 in the United States and the world.vi Their daily user number comes close to 5 and 15 million users per day.

The above suggests Express VPN earned 50 million and 150 million dollars per month at an average subscription price of $10 per month. Despite this their BVI companies appears to report less than 0.1038 million in sales while we can estimate real revenue reaching 600 million to 1.2 billion in revenue per year, just not recorded in their offshore company in the BVI that they swear is their headquarters. See “Express VPN Inconsistencies.”vii Let’s look at their recruiter, Nicholas Lui, employee of Network Guard.

It would appear that he has done recruiting for both Network Guard as well as ExpressVPN. Additionally, it appears that both share the same office, as evidenced in our write up about Express VPN. This is where it gets more interesting. If we go to https://chengbao.com.hk/ it redirects us to https://networkguard.com/. (Chengbao is Mandarin for “fortress.”)

  • Employees of Chengbao and Express populate the NG logo; when we click on NG on either profile both go to Network Guard. Network Guard has Express VPN Employees all over their activities. They also share stock photos from the same office.
  • Chengbao Ltd may be the de facto operating company for Express VPN, and Express VPN is a worthless British Virgin Islands shell company reducing, their fair share of taxes with their earnings reporting not reflecting the scale of their business making up a broad segment of the international VPN market share.

Let us also consider that Express VPN is #2 in global market share for consumer VPNs. Despite video streaming being the main pull for many VPN companies, and often the lowest-hanging fruit in terms of targeting potential customers, Express VPN instead goes against the wind to target Americans hoping to escape censorship in the United States.

What is more, despite the US not offering a meaningful market – therefore representing an unlikely target for a profit-oriented advertiser – it is the US where Express VPN seems to focus the majority of its marketing.

Express VPN uniquely utilizes political thought leaders in the United States to advocate the use of their product. Such behavior would be more consistent with a state actor than a VPN focused on lower hanging fruit customer segments; they even provide special discounts pointing to Express VPN from their websites. Express VPN is very effective in getting inside the political establishment of the United States. Not only do they do it with advertisers, but they do with users. By looking at Google Trends for key word search frequencies and trends by region, we can find that Express VPN appears to focus on user acquisition in interesting places that raise more questions than answers:

  • Close to Intel HQs. Hagerstown, MD
  • Boeing: Tacoma, WA
  • Wall Street: NYC
  • Big Tech: SF

Despite their founders waiting 11 years to disclose their faces in an interview in October 2020, there are more questions than answers.viii They claim to have “No external investors, no backing from big tech.”ix The interviewer should have asked them if they source all of their engineering within Express VPN or if they outsource some of their work to Chengbao Ltd (aka Network Guard)x, which could open the door about questions of it being the de facto operating company of the VPN itself.

There is no clear proof Express VPN is a tool for inappropriate activities on behalf of a state, namely China. There is, however, a lot of unusual activity coupled with logical arguments to indicate there is sure quite a bit of smoke leading to a potential fire with Express VPN being up to something of concern. There are more clear examples of abuse of user log data with other China-rooted VPNs; Express VPN, however, is uniquely interesting because of its market share and penetration in US markets with US political thought leaders endorsing it.

For an even more clear example of what a China-linked VPN could be doing with our data, let us look at UFO VPN. Despite claiming a no-log policy (see policy here)xi, Hong Kong-based UFO VPN was found to have stored and leaked “894 GB of data was stored in an unsecured Elasticsearch cluster. UFO VPN claimed the data was “anonymous”, but, based on the evidence at hand, we believe the user logs and API access records included the following info:

  • Account passwords in plain text
  • VPN session secrets and tokens
  • IP addresses of both user devices and the VPN servers they connected to
  • Connection timestamps
  • Geo-tags
  • Device and OS characteristics
  • URLs that appear to be domains from which advertisements are injected into free users’ web browsers”xii

A potential threat to us all

VPN data is rich with information, and when paired with quantum computers decrypting the data traveling within those channels, we are vulnerable to attack from many different angles. This includes non-kinetic warfare capable of leaving countries destitute and poor within months once such VPN user data is weaponized. If the CCP has access to 20% of the data going through the world’s VPNs generally, with significant concentrations in sensitive locations, such as Hagerstown, MD, they should be expected to be using that data for a massive global spying operation that could translate into winning wars, shifting global power, and aiding the rise of an empire.xiii We would be deeply stupid, not naive, but stupid, to think competition is a viable strategy against an adversary that does not want a portion of the dinner table. They want to own the farm. VPN data user data is key to this winner-take-all violent strategy heading our way from over the Pacific.

The views in this article are those of Tom Jackson, a cybersecurity expert.

i https://jamestown.org/program/cognitive-domain-operations-the-plas-new-holistic-concept-for-influence- operations/

ii https://www.top10vpn.com/global-vpn-usage-statistics/

iii https://www.zdnet.com/article/many-free-mobile-vpn-apps-are-based-in-china-or-have-chinese-ownership/

iv vpnmentor.com/blog/report-free-vpns-leak/

v https://www.comparitech.com/blog/vpn-privacy/vpn-market-share-report/

vi https://www.comparitech.com/blog/vpn-privacy/vpn-market-share-report/

vii http://www.authorstream.com/Presentation/thejohnjkelly-4527004-express-vpn-ccp-china/

viii https://www.techradar.com/news/vpns-coming-of-age-a-discussion-with-the-expressvpn-co-founders 

ix http://techradar.com/news/vpns-coming-of-age-a-discussion-with-the-expressvpn-co- founders#:~:text=In%20this%20exclusive%20world-first,two%20of%20the%20industry’s%20pioneers.

x https://www.linkedin.com/company/wearenetworkguard/

xi https://ufovpn.io/privacy

xii https://www.comparitech.com/blog/vpn-privacy/ufo-vpn-data-exposure/

xiii https://www.washingtonpost.com/opinions/2020/09/26/data-dump-that-reveals-astonishing-breadth-beijings- interference-operations/?