NordVPN Accused of Blackmail, Gets Sued by TorGuard

Last Updated: May 30, 2019
Muhammad Hamza Shahid

Muhammad Hamza Shahid

Muhammad Hamza Shahid is an online privacy/security advocate at, who loves sharing his expert knowledge regarding the latest trends in user privacy, cyber laws, and digital affairs. Apart from writing blogs/articles relating to anonymity, he also writes detailed VPN reviews.

Ah, I was just discussing with my colleague the other day on how “calm”, everything has been in the VPN industry lately. I guess I spoke too soon, because things, have taken a turn for the wild!

Unforeseeably, TorGuard recently announced on Twitter about its step of suing NordVPN and a Canadian web design and development provider, C-Seven Media, Inc.

You can read the full copy of the lawsuit that was filed in a Florida district court, wherein TorGuard alleges against NordVPN and C-Seven Media on three counts:


So, why is a US-based TorGuard in Florida suing the Panamanian-based NordVPN, recently tied to misleading advertisements and “dishonestly” registering 735,000 IPs from ARIN through Micfo?


A Summary on the Lawsuit

This video from Tom Spark should summarize the entire fiasco, but if you still need a quick background, I have compiled a short list of events as highlighted in the lawsuit:

  1. An “unknown individual showed up uninvited at a staff member’s personal residence asking to speak about the VPN industry.”
  2. The TorGuard employee also received emails to a personal account from this “unknown individual” of a competitor VPN provider.
  3. Said Individual later revealed to be from NordVPN using the legal[@] email ID revealed having “TorGuard’s confidential and trade secret information”.
  4. The US-based provider claimed that Nord has relations to or controls C-Seven Media (previously a service provider to TorGuard gaining access to “private info”.
  5. TorGuard allegedly gets blackmailed by NordVPN to remove negative YouTube postings from an affiliate of Tor (Tom Spark Reviews), otherwise, they will leak the secret information.
  6. After the conclusion of C-7 and TorGuard’s relationship, NordVPN and C-Seven Media conducted DDoS attacks with one being conducted on November 23, 2018, a.k.a. Black Friday.
  7. TorGuard is seeking injunctive and equitable relief, damages “in excess of $75,000”, recovery of all profits that were lost” in light of these DDoS attacks.


NordVPNs Official Response to the Lawsuit

After I read the lawsuit, I immediately contacted NordVPN to comment on the allegations, and they directed me to a blog post about the case.

NordVPN claims that it all started after they found a TorGuard server configuration file and decided to analyze it, which led to the discovery of pirate keys, a bunch of infrastructural IP address, including the IPS of their authentication servers and similar assets.

Further analyzing discovered that a server was unprotected and contained sensitive information that in the wrong hands could cause major damage to TorGuard and their customers. This is where NordVPN decided to reach out to TorGuard’s CTO, Keith Murray.

He immediately included TorGuard’s CEO, Benjamin Van Pelt, to the conversation and NordVPN provided the IP of the affected server without asking for anything in return so that TorGuard could patch up their vulnerability.

We are still having trouble wrapping our heads around what happened next. On Monday, May 27th, we received information about a lawsuit filed against us by a law firm called Losey PLLC. TorGuard was accusing us and (probably by mistake) some unrelated Canadian web design company of plotting against them, hacking their servers, launching a DDoS attack against them on Black Friday, and physically intimidating someone – and this is a heavily abridged version.

We aimed to do the right thing in the right way and to compete honestly without damaging the industry, which is why we were so shocked by the response. We will immediately move to dismiss TorGuard’s libelous lawsuit, but as long as we’re on the topic: filing false and malicious lawsuits and publishing false and misleading information is against the law. Therefore, we are filing a suit of our own on the grounds of defamation and libel.


Is TorGuard Just Casting Aspersions on NordVPN?

Truth be told, it is difficult to know who’s in the right and not. The VPN industry is gaining in popularity day-by-day, especially in a time where governments seek more control, imposing laws that mandate data retention and mass surveillance.

As such, a tough competition between providers is only expected, and this is not the first time we are witnessing different VPN providers openly attacking one another both: in-court and online. Remember that scandal involving ProtonVPN and PIA?

NordVPN got mentioned in that case too for being linked to a company CloudVPN (based in the US), which has links to the Lithuanian company, Tesonet. Later on, it was revealed that CloudVPN is only a payment processor for Nord, since being based in Panama makes transactions difficult.

The Panamanian-based provider regularly visits the news section of VPN industry for various allegations against their service (lawsuit involving Hola VPN), when in reality you can rarely ever find any consumer having a bad experience about the product and its capabilities.

TorGuard is among those getting in the action, where their affiliate “Tom Spark Reviews”, often criticizes Nord, all while having a weird background himself. There have been claims that this Tom Spark guy is the same Kevin Wadala and a person known as Corelio Guardez, who promotes TorGuard but degrades Nord!

I also feel it’s important to mention here that this is not the first time TorGuard has been accused of security flaws. In 2015, the provider was accused by competitor for copying their browser design and API implemented in their browser and proxy service insecurely.



Take a look at the vulnerabilities found by VPN.AC in their blog:


Torguard stores the credentials in clear-text; we are XORing the pass to protect it against spyware that will search all over the place for clear-text credentials;
To reproduce: add some credentials and save them > right click on extension > Inspect popup > Resources > Local Storage

Torguard gets the up-to-date list of proxy gateways over HTTP (again in clear-text); we get them over HTTPS (A+ on Qualys/mirrored results): from Torguard’s background.js, from our background.js;
The obvious risk of providing server IPs over HTTP is that they can be easily hijacked in a MitM attack;

Torguard’s HTTPS proxy is highly insecure: uses insecure ciphers like RC4, supports SSL 3, is vulnerable to POODLE attack, doesn’t provide Forward Secrecy. Gets a shameful Grade C on Qualys test. Result mirror 1mirror 2 (to see the original result). And this is our result/mirror (FS enabled, no weak ciphers, support only for TLS 1.1 and 1.2);


Wrapping Things Up

It is difficult to decide who exactly is in the wrong here. Only TIME and the verdict of the lawsuit will determine what actually went down and how will be paying who for defamation lol.

The only thing I am disappointed about is looking at competitors in the industry resorting to petty tactics in such a public manner, eliminating the little trust customers already have in VPNs.

Stop this mud throwing and toxic attacks! You guys should be joining hands trying to raise more awareness about Mass Surveillance and Data Retention which are BIGGER PROBLEMS.

Leave a Reply

Rate the Review*

Your email address will not be published. Required fields are marked *