A Brothers’ Feud and a 'Trojan Horse': Dispute Reveals Dark Side of the Web

Luminati and the famous Hola VPN service are at the center of a massive lawsuit, revealing the trade’s dark secrets and even possible ties to NSO

Send in e-mailSend in e-mail
Send in e-mailSend in e-mail
The legal and family dispute between Colin Shribman and Derry Shribman may reveal the VPN industry's dark secrets
The legal and family dispute between Colin Shribman (R) and Derry Shribman (L) may reveal the VPN industry's dark secretsCredit: metamorworks / Getty Images/iStockphoto, Facebook (Colin Shribman), Eyal Toueg

Two years ago, on June 18, 2019, Colin Shribman appeared at the offices of Luminati Networks, which has more recently changed its name to Bright Data as part of a rebranding. He was seeking to rejoin the company that he had once worked for as vice president for technology. But this is what he was told in a WhatsApp message sent from the phone of his older brother, Derry Shribman, one of the company’s founders: “If you don’t obey my orders and leave the premises, we will make sure that the police arrest you. You are forbidden from communicating with anyone in the company except for me, If you want something –  talk to me.” 

Colin didn’t give up: “You and Or [Lenchner, the CEO] wrote to me to come to the company on June 18 –  and here I am. You didn’t let me come in. Why not? Why did you tell me to be here on that date?” A few seconds later, another message came from Derry, which apparently ended the discussion: “You aren't supposed to be anywhere near the building. You know everything about our internal network. There’s no way we can allow you near the building. If yelling at you doesn’t help, what will? How stupid can you be?”

The sharp wording of the messages and other evidence that appear in lawsuits filed by Colin Shribman and the company against each other testify to the depth of the rupture between the two brothers. The first suit was filed by the company in Tel Aviv Labor Court to be answered shortly later by a countersuit by Colin, the younger, banished brother. What began with the great promise of a thriving family enterprise ended in quarrels and suspicion. During a hearing, Hola Networks – which is in the lawsuit on Derry’s side – accused Colin of involving what it called “a third party who is irrelevant to the suit.” That third party was the brothers’ mother,

Colin ShribmanCredit: Facebook

A business dispute that spills out from the confines of the family happens almost everywhere where money is involved, but this story is unusual. Neither of the two brothers work at the company, but information that was revealed in the legal dispute they are now engaged in has shed light on a world in which high-tech companies like Luminati operate and on the business model they employ that makes use of data of those using their services. If what they assert is true, it could send shockwaves throughout the industry. 

The countersuit that Colin filed contains damning evidence against the company’s managers. He claims that the firm put a “Trojan horse” into customers’ computers and that a large part of its commercial activities is used for the purpose of Google click fraud. He also alleges that the company uses its platform to infringe on copyright. For its part, Luminati claims that Colin helped its competitors –  whom it is suing for patent infringement –  to hurt the company and that he sought to undermine the company’s plans to put itself up for sale by approaching potential buyers. Colin, it asserts, sought to discredit the company for personal business interests. 

An Israeli company, Luminati was sold in 2017 for $156 million. One of its main products is a virtual private network (VPN) server that enables customers to use the internet anonymously via a proxy server that hides the user’s IP address. The company’s product enables the user to circumvent geographical boundaries and government controls.

The use of VPN technology straddles the border between legal and illegal. Nevertheless, Colin’s claims that Luminati misused its platforms are of a general nature and not backed by evidence while some, such as the claim of copyright infringement, relate to the basic function of VPNs. The company, by comparison, describes the service it provides as “a P2P-based data-mining service that enables businesses to harvest competitors’ online data, which in other environments would be blocked.” 

‘A campaign of revenge’

The Shribman family comes from Carmiel and counts five brothers and sisters. The brothers’ biographies stress their professional abilities: Derry left school in ninth grade in order to complete a bachelor’s degree in computer science at the Open University. His brother, Colin, served as an officer in 8200 and studied at the Technion-Israel Institute of Technology. At the end of the 90s, Derry met the high-tech entrepreneur Ofer Vilenski, while the two of them were working at Check Point. In 1998, they founded their first company together.

Derry Shribman (R) and Ofer VilenskiCredit: Eyal Toueg

The company that would eventually bring them their biggest exit was Hola Networks, which they formed in 2007. Under Hola, they formed a unit called Luminati, which was developing systems for concealing users on the internet. It was almost natural that the two founders decided to bring onboard Derry’s younger brother, Colin, as one of their first employees. In 2017, Hula announced it was selling Luminati to the private equity fund EMK at a $20 million company valuation. It later emerged that it was a $156 million deal.

At the same time, at the start of that same year, Colin was named the company’s chief technology officer. The appointment was not a success and a few months later he left the business. Why he left depends on who you ask, Colin himself claims that the company was satisfied with his performance, but the work was too much for him, because he was also acting as research and development manager. These days, he is working on starting up his own fintech company. The older brother, Derry, is no longer working at the company.

Colin’s departure was the opening shot in a legal battle. Luminati  sued him, asserting that he had begun “a campaign of revenge that included destroying vital documents belonging to the plaintiff that were in his exclusive control.”  The suit alleges that he moved documents to an email box to which only Colin had access and then erased them. Luminati is seeking 2 million shekels ($620,000) in damages. The case, which will be open to the public, begins on November 3.

Colin in his suit against Luminati is seeking 900,000 shekels. Among other things, he claims that the company treated him poorly and had promised him a 2% stake. He says that Luminati tried to fire him by creating a “manufactured crisis” between him and the company in order to avoid paying severance pay and deter him from revealing what he knew about the business.

Nevertheless, for the public the most interesting part of Colin’s countersuit is where he claims that “during his work at Luminati, he was exposed to serious, unethical and even criminal acts in part, which are carried out on the instructions of the CEO and its controlling shareholders on a regular basis. This was not only against its competitors but also against its customers and business partners.” 

The VPN services that Luminati provides its customers enable them to circumvent controls on websites that prevent access from certain geographic locations, for example, if the user lives in a dictatorship that blocks access to certain sites. Customers can also use the service to access sites like Netflix that offer different content in different countries. In other words, Luminti lets users dodge the system by preventing websites from knowing where the user is actually located.  

In addition, the company offers its 10,000 business customers, among them 80 of the world’s leading universities, web information-gathering services. 

The VPN services that Luminati provides its customers enable them to circumvent controls on websites that prevent access from certain geographic locations - like NetflixCredit: Bloomberg

The information is used to tailor their marketing to their consumers: “In the past, as part of their business intelligence-gathering, a company would use satellite pictures to learn how full the parking lots of a competing fast-food chain were. The rapid move to online sales because of the coronavirus led business intelligence-gathering to move to the virtual realm, too,” Omri Orgad, managing director for North America, told TheMarker in an interview six months ago.

“Today, they’re more reliant on information that exists on the web. For example, a food supplier will check the opening hours of area restaurants and their menu prices in order to get a better understanding of local market risk.” 

Luminati customers use its service to gather information on their competitors without the other side knowing. To collect information, Luminati uses internet protocol (IP) addresses –  a means of identification that every device connected to the internet has. Many times, the content a user sees on the web varies depending on their IP address, which indicates the user's geographical location and the type of device they are using.

Colin claimed that Luminati’s work methods include aggressive violations of users’ privacy and abetting copyright violations, and that the entire platform serves to defraud advertisers. These practices entail “penetrating computers and stealing information, including some protected by copyright,” the suit said.

“Once a week, it is Luminati’s practice to use a Trojan horse that was planted in users’ computers as part of the program to transfer, save and process data on its servers,” it continued. “This information includes tracking the programs installed on users’ computers and the IP addresses they connect to (especially those of its business rivals) and copying programs protected by copyright from these computers, all without users’ knowledge.”

“To minimize the danger of its illegal activity being discovered by third parties, 500,000 users are randomly chosen each week,” the suit added. And on the basis of this information gleaned, “a report is prepared that includes the IP addresses used by Luminati’s rivals and their market segmentation, so that the company can focus its marketing operations at them.”

Colin’s suit claimed that this is the report the company sought through its suit against him. He also charged that a significant portion of Luminati’s commercial activity serves to commit click fraud, with its full knowledge. 

As part of its business model, the company’s platform is used to defraud Google of sizable sums, the suit added, since through Luminati’s services, Google is charged more money than it should be for its clicks. This happens because users of Luminati’s platform pose as users from countries in which the revenue per click is higher than it is in the countries where they are really located.

Moreover, the suit said, Luminati developed its system to deliberately violate copyrights, and also violates international law by keeping users’ information on its servers even after they have disconnected from its services. 

Until a few months ago, the suit said, one of the company’s clients was the spyware firm NSO. Luminati admits that NSO was one of its customers, but vehemently denies that the latter company used any of Luminati’s tools for its espionage operations.

NSO's offices in Israel. The suit says they were a client and Luminati does not deny the claimCredit: Daniella Cheslow/AP

It would be easy to dismiss Colin’s accusations as a revenge campaign by an embittered worker furious over the fact that he has reaped no financial rewards from the company’s exit, even as his brother has become a multimillionaire. But doing so would ignore the fact that the accusations are being made by someone who worked for Luminati from the day it was founded, reached the position of chief technology officer and was therefore exposed to all its core activities.

In response to Colin’s suit, the company is expected to argue that what Colin described as the penetration of customers’ computers with a Trojan horse is merely a process whereby, for a few months in 2019, people who used Luminati’s product were asked to agree in advance to download an addition to the software meant to ensure that its rivals hadn’t installed different software on their computers.

Luminati is also expected to say that major international companies use its services to prevent click fraud against themselves, and to deny that it has kept users’ information on its servers. In addition, it will argue that the activities the suit terms “deliberate copyright violation” are actually the core of its business activity, and that it is not to blame if customers abuse its services for such a purpose.

Legal battle in Texas

Another element of Luminati’s fight with Colin is a different legal battle the company is currently embroiled in, and which is mentioned in the defense brief it filed against Colin’s countersuit. 

“Colin Shribman committed himself upon leaving the company in 2019 not to talk with third parties in legal proceedings with the company, or with its competitors,” the brief said. “At this time, the plaintiff [in the original suit – i.e., Luminati] is conducting legal proceedings against a competitor in Texas. These proceedings are happening under a protective order whose meaning is that most of the documents are seen only by the parties’ attorneys. The defendant in this case violated the decision handed down in that case and is in contact with the rival company.”

In the Texas suit, Luminati – which is registered in that state – has accused a Lithuanian competitor, Teso LT, of violating its patents. The jury is supposed to decide the case in August. 

After Colin left his job as CTO, Luminati proposed that he stay on as a part-time employee to help it manage this lawsuit. Therefore, its claim that he was in contact with Teso could indicate that it fears he has switched sides.

Bright Data said it is “a global leader in the field of making open, public data from the internet accessible. The company has more than 10,000 customers, including giants in the fields of banking, academia, retailing and information security. The company enables its customers to fight internet fraud, the concealment of information, copyright theft and fake news.

“The source of the allegations against us is a former employee of the company whom it sued more than two years ago. The claims that the company served or is serving negative purposes are wrong, and the motive for disseminating them now raises questions. The company operates with full transparency.”

NSO said, “The company isn’t a party to the suit and regrets that its name has been inserted into this issue.”

Attorney Tomer Ryterski, who represents Colin Shribman, declined to comment for this article. So did Derry Shribman.

Click the alert icon to follow topics: