PureVPN Logs Helped FBI Net Alleged Cyberstalker
#1
[Image: fbi-logo.png]Last Thursday, Ryan S. Lin, 24, of Newton, Massachusetts, was arrested on suspicion of conducting “an extensive cyberstalking campaign” against his former roommate, a 24-year-old Massachusetts woman, as well as her family members and friends.

According to the Department of Justice, Lin’s “multi-faceted campaign of computer hacking and cyberstalking” began in April 2016 when he began hacking into the victim’s online accounts, obtaining personal photographs, sensitive information about her medical and sexual histories, and other private details.

It’s alleged that after obtaining the above material, Lin distributed it to hundreds of others. It’s claimed he created fake online profiles showing the victim’s home address while soliciting sexual activity. This caused men to show up at her home.

“Mr. Lin allegedly carried out a relentless cyber stalking campaign against a young woman in a chilling effort to violate her privacy and threaten those around her,” said Acting United States Attorney William D. Weinreb.

“While using anonymizing services and other online tools to avoid attribution, Mr. Lin harassed the victim, her family, friends, co-workers and roommates, and then targeted local schools and institutions in her community. Mr. Lin will now face the consequences of his crimes.”

While Lin awaits his ultimate fate (he appeared in U.S. District Court in Boston Friday), the allegation he used anonymization tools to hide himself online but still managed to get caught raises a number of questions. An affidavit submitted by Special Agent Jeffrey Williams in support of the criminal complaint against Lin provides most of the answers.

Describing Lin’s actions against the victim as “doxing”, Williams begins by noting that while Lin was the initial aggressor, the fact he made the information so widely available raises the possibility that other people got involved with malicious acts later on. Nevertheless, Lin remains the investigation’s prime suspect.

According to the affidavit, Lin is computer savvy having majored in computer science. He allegedly utilized a number of methods to hide his identity and IP address, including TOR, Virtual Private Network (VPN) services and email providers that “do not maintain logs or other records.”

But if that genuinely is the case, how was Lin caught?

First up, it’s worth noting that plenty of Lin’s aggressive and stalking behaviors towards the victim were demonstrated in a physical sense, offline. In that respect, it appears the authorities already had him as the prime suspect and worked back from there.

In one instance, the FBI examined a computer that had been used by Lin at a former workplace. Although Windows had been reinstalled, the FBI managed to find Google Chrome data which indicated Lin had viewed articles about bomb threats he allegedly made. They were also able to determine he’d accessed the victim’s Gmail account and additional data suggested that he’d used a VPN service.

“Artifacts indicated that PureVPN, a VPN service that was used repeatedly in the cyberstalking scheme, was installed on the computer,” the affidavit reads.

From here the Special Agent’s report reveals that the FBI received cooperation from Hong Kong-based PureVPN.

“Significantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time,” the agent’s affidavit reads.

Needless to say, while this information will prove useful to the FBI’s prosecution of Lin, it’s also likely to turn into a huge headache for the VPN provider. The company claims zero-logging, which clearly isn’t the case.

“PureVPN operates a self-managed VPN network that currently stands at 750+ Servers in 141 Countries. But is this enough to ensure complete security?” the company’s marketing statement reads.

“That’s why PureVPN has launched advanced features to add proactive, preventive and complete security. There are no third-parties involved and NO logs of your activities.”


PureVPN privacy graphic[Image: pure-privacy.png]
However, if one drills down into the PureVPN privacy policy proper, one sees the following:
Quote:Our servers automatically record the time at which you connect to any of our servers. From here on forward, we do not keep any records of anything that could associate any specific activity to a specific user. The time when a successful connection is made with our servers is counted as a ‘connection’ and the total bandwidth used during this connection is called ‘bandwidth’. Connection and bandwidth are kept in record to maintain the quality of our service. This helps us understand the flow of traffic to specific servers so we could optimize them better.
This seems to match what the FBI says – almost. While it says it doesn’t log, PureVPN admits to keeping records of when a user connects to the service and for how long. The FBI clearly states that the service also captures the user’s IP address too. In fact, it appears that PureVPN also logged the IP address belonging to another VPN service (WANSecurity) that was allegedly used by Lin to connect to PureVPN.

That record also helped to complete another circle of evidence. IP addresses used by

Kansas-based WANSecurity and Secure Internet LLC (servers operated by PureVPN) were allegedly used to access Gmail accounts known to be under Lin’s control.

Somewhat ironically, this summer Lin took to Twitter to criticize VPN provider IPVanish (which is not involved in the case) over its no-logging claims.

“There is no such thing as a VPN that doesn’t keep logs,” Lin said. “If they can limit your connections or track bandwidth usage, they keep logs.”

Or, in the case of PureVPN, if they log a connection time and a source IP address, that could be enough to raise the suspicions of the FBI and boost what already appears to be a pretty strong case.

If convicted, Lin faces up to five years in prison and three years of supervised release.

Source: TF, for the latest info on copyright, file-sharing, torrent sites and ANONYMOUS VPN services.
[Image: Torrentfreak?d=yIl2AUoC8zA][Image: Torrentfreak?i=rTAejmWrYEA:9vQmlAYgEYs:D7DqB2pKExk]
[Image: rTAejmWrYEA]

Originally Published: Mon, 09 Oct 2017 09:04:32 +0000
source
Reply
#2
I guess you gotta move offshore to Panama outside of FBI jurisdiction, but into CIA.

So is PIA the same?
Reply
#3
Probably

The two most common myths about VPN's are:
1. Some of them don't keep logs and
2. You need a VPN which doesn't keep logs.

All anyone knows about any VPN is what it says it does/doesn't do; nobody knows what they actually do/don't do. And even if a VPN really doesn't keep logs that doesn't mean it won't do so in future when cornered in a dark alley by shady members of the state's security apparatus.

But, that doesn't matter to pirates, we're not doing anything that will attract the attention of the state (unless you're a member of a major release group, or first receiver of a leaked/stolen release), only of corporations. And I have never heard of any VPN, not even a free one or an openly log-keeping one, giving up a pirates identity to copyright trolls. And if it had happened, we would have heard--it would be major news, just like the story above.

VPN's do not provide complete security, so do not rely on them to protect you if you are into child porn, terrorism, or harassing women. But they provide enough security to screen you from bots harvesting IP addresses (and the copyright infringement notices which follow).
Reply
#4
privacy and protecting your own network do not go well together..

This is like saying.."We value our privacy first always by no logs, AND that tops everything even serious crimes"

PureVPN had a right to  maintain their service, as no knows what this stalker would have done if not found out..

"Exceptions" must be given in these situations... even a "no logging" policy.. as technically you arn't logging,,, your only logging the suspects which is fair.

Otherwise your asking PureVPN, to open itself up to attacks..

If by keeping ANY logs even under FBI or criminal act scares the *** out of you, then perhaps u should stay from technology altogether...

I'm privacy focused as well,, but the difference is, at least I understand why its needed to log in serious situations.

While most who value privacy can't even do that. We all like to value one side only, and unfortunately it doesn't work that way in the real world.

We just like to think it does.
Reply
#5
Bottom line anyone that uses this service provider and wants security or anonymity should move on.
Reply
#6
Anyone who thinks that using a VPN is a secret thing that no one will ever know about, is sort of a fool.

Of course they are needed sometimes to get around blocks/bans or whatever, but don't think that means you are anonymous.

I don't use a VPN because I have never needed to, but I would never once assume that they are keeping anything secret. That's silly. They have to keep track of lots of different things or they wouldn't even be able to function without chaos taking over.

And as far as this Lin guy goes, he's supposedly a computer science major, and can't do better than that? LOL. I can hide things better than him. Just because you study something doesn't mean you actually understand it. He deserves what he gets.
Reply


Possibly Related Threads…
Thread Author Replies Views Last Post
  US: FBI searched Americans' digital communications 3.4 million times last year Resurgence 1 11,394 May 21, 2022, 02:32 am
Last Post: antiseptic
  does mediafire keep IP logs forever of users who access my content Enjay173 2 21,805 Feb 16, 2019, 18:43 pm
Last Post: waregim
  How Document-Tracking Dots Helped The FBI Track Down Russian Hacking Doc Leaker Mike 1 19,377 Oct 09, 2017, 08:13 am
Last Post: contrail
  fbi will "legally" get more unfiltered info from the nsa to target US citizens foilmon 8 24,710 Jul 21, 2016, 21:37 pm
Last Post: Philidor



Users browsing this thread: 1 Guest(s)