Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI

[Solarquest]

VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity, but a recent criminal case shows that at least some, do store user activity logs.
The case in question is of Ryan Lin, a 24-year-old man from Newton, Massachusetts, arrested on Thursday, October 5, on charges of cyberstalking.

According to an FBI affidavitpublished by the US Department of Justice, Lin is accused of harassing and cyberstalking an unnamed 24-year-old woman — referred to under the generic name of Jennifer Smith — between April 2016 and up until his arrest.

It all started with a Craigslist ad
....

 

[Danielx64]

And that why I don't use a VPN - since the providers can't be trusted to do the right thing.

 

[Arequire]

I keep a VPN connected permanently but I'd implore anyone who uses one not to trust any VPN providers' word of a no logging policy.
Also keep in mind that using a VPN is nothing more than a transfer of trust from your ISP to the VPN provider; both are commercial entities that will do what they feel is in their company's best interest, even if that means hanging a paying customer out to dry.

Irrespective of PureVPN's now tarnished reputation, I'm glad this guy was caught.

 

[_CyberGhosT_]

And that why I don't use a VPN - since the providers can't be trusted to do the right thing.

It's clear that "some" are not t be trusted.
But to assume that "all" are not trustworthy is just paranoid. My VPN does a good job, and keeps it's word.
There are some that deserve the suspicion and poor comments I get that, but to bundle or heap all into one
category is just plain stupid to do, It's like saying all kids are bad based on one or two children.
I use a VPN, but I did my homework and I use a honest and quality VPN Provider so my experience has been
very different from most of the VPN hating momo's of the world
Thanks Solar, for another cool story .

 

[Danielx64]

It's clear that "some" are not t be trusted.
But to assume that "all" are not trustworthy is just paranoid. My VPN does a good job, and keeps it's word.
There are some that deserve the suspicion and poor comments I get that, but to bundle or heap all into one
category is just plain stupid to do, It's like saying all kids are bad based on one or two children.
I use a VPN, but I did my homework and I use a honest and quality VPN Provider so my experience has been
very different from most of the VPN hating momo's of the world

If I was to use/get a VPN I would set up my own server in a datacenter. May cost a bit more but I can use that server for hosted mail, put my websites on it etc.

 

[Arequire]

It's worse than that, you are transfering your HTTPS faith from a straight ORIGINATOR to YOU HTTRS, To ORIGINATOR -> VPN HTTPS -> YOU (does not apply to some but it does to many), so in the end do you trust that the VPN won't peak into your HTTPS traffic?

I trust them more than my ISP, whom is legally obligated to collect and store all my browsing activity.

 

[_CyberGhosT_]

I am sorry but how do you know for certain that it's a trusted VPN?

If your neighbor were to kill your youngest daughter and you wanted him dead, would you use the VPN to hire a hitman?

I wouldn't need to hire a 3rd party to handle my business, and that's gospel brother
But for shits & giggles lets play, First off, No I would not use the internet to schedule a "retaliation" I know better
its not the VPN's fault, that is the fault of the idiot who left a cyber trail that led to a poorly planned and implemented
crime lol

 

[Arequire]

You don't get it, the ISP does not decrypt the HTTPS traffic, some VPN providers do and they offer you their own certs so you can still have an encrypted traffic.
Check your cert route when using some of the VPNS and you will see that they inserted themselves into the chain, most (if not all) ISP don't do that.

Maybe, maybe not. I'll ask Windscribe if they insert their own certs or not.
I already have Adguard replacing my certs with their own so they've also got the opportunity to spy on my HTTPS traffic. I figure if either entity is discovered doing so it's commercial suicide for them.

the ISP does not decrypt the HTTPS traffic

Sadly, they're forced to try at least.

placed a legal obligation on CSPs to assist with targeted interception of data, and communications and equipment interference

A sign of the times I guess.

 

[insanity]

I think it's worth reading:
Which VPN Services Keep You Anonymous in 2017? - TorrentFreak

PureVPN's privacy policy seems ambiguous. They first state they don't keep logs, but later they confirm keeping personal information. Either way, this provider deserves a place in the hall of shame of Internet companies.

 

[Node]

Just to sum it up: if they say they don't keep logs, but say they don't allow illegal activity on their network then they keep logs.

How to get around this? Buy your own server outside the U.S.

 

[ForgottenSeer 58943]

HTTPS/443 needs a root CA on the device to effectively be intercepted. When we run intercepts for corporations as directed to do this via their legal department, we take our self generated RCA and implant it on the PC. Once our self generated RC is installed we can peel apart ALL of their 443 traffic without them having any knowledge of it. Spooks have been known to do this, or exploit an issued CA, etc. Which is why you need to always 'mind the store' with your CA's or you can get into some trouble. I wonder how many people reading this still have the revoked Equifax Trusted Root CA on their PC's? Go check, I bet you do. Which means you aren't minding your CA's.

This guy wasn't a 'genius' as the article because he clearly left tracks and used a VPN with a '0' rating for privacy. He also didn't even seem to know about the cipher /w:C command on his previous employers computer he used - among other things.. He made a lot of mistakes, especially so since the FBI are pretty much low grade hacks in the IT forensics field. He pretty much exploited people that were pretty dumb for security/privacy and was absolutely pathetic at covering his tracks.

As for VPN's, you have to be careful. WiTopia for example shares the same offices as a CIA facility. I suspect a lot of VPN's are just honeypots for intelligence to get those root certs on peoples boxes and sniff traffic. Shame on PureVPN, as a Hong Kong based company they could have easily told the FBI to go away. Granted, this guy was a sleezeball, but apparently PureVPN doesn't care about their reputation? Let's make sure to update Wikipedia about this.

 

[zzz00m]

Wow, that is a very disturbing affidavit! It reads like some B horror movie script! I certainly have no sympathy for the accused.

This brings up today's larger issue of privacy and encryption vs. legitimate law enforcement efforts. How do we protect our privacy, while ensuring we can catch guys like this? It's a slippery slope...

 

[HarborFront]

Quote from the above link

The FBI found their first evidence at one of Lin's former employers. The company had reinstalled Lin's work computer after he left, but the FBI was able to find various artifacts in the hard drive's unallocated disk space. Evidence includes:

⧐ Google Chrome artifacts that Lin had read about the bomb threats against local schools.
⧐ Google Chrome artifacts that Lin had an account on textnow.com
⧐ Google Chrome artifacts that Lin had an account on ProtonMail
⧐ Google Chrome artifacts that Lin had visited Rover.com
⧐ Google Chrome artifacts that Lin had visited the Smith's Spotify profile, but also the profiles of Smith's brother and one of her best friends.
⧐ PureVPN artifacts suggesting Lin was using the company's VPN client.

and also from the below link

VPN logs helped unmask alleged 'net stalker, say feds

However, the complaint revealed, he made a fundamental error by using a work computer for some of his campaign, and even though he'd been terminated and the OS reinstalled on the machine, there were footprints left behind for investigators to associate Lin with the 16-month campaign against Smith.

I thought after resetting and reinstalling the OS everything's gone? If not, then how to completely obliterate your traces?

 

[ForgottenSeer 58943]

Quote from the above link


and also from the below link

VPN logs helped unmask alleged 'net stalker, say feds




I thought after resetting and reinstalling the OS everything's gone? If not, then how to completely obliterate your traces?

When you reinstall the OS many people simply just hit 'next'. If you choose to customize it you can blow out the partitions, including the small vendor partition. (250-350Mb usually) At that point you can choose a 'quick' or 'full' format. If you blow out the vendor partition and use a full format the data is gone. Forensics 'might' be able to get something, but it's probably not likely. If you want to be 100% sure DBAN the drive then install the OS.

 

[HarborFront]

When you reinstall the OS many people simply just hit 'next'. If you choose to customize it you can blow out the partitions, including the small vendor partition. (250-350Mb usually) At that point you can choose a 'quick' or 'full' format. If you blow out the vendor partition and use a full format the data is gone. Forensics 'might' be able to get something, but it's probably not likely. If you want to be 100% sure DBAN the drive then install the OS.

Normally, when I reset my tablet I select 'Remove all programs and data from my drive" in WIndows. Is that good enough to obliterate all traces?

Thanks

 

[motox781]

I think it would be pretty difficult to trace logs back to an IP that is shared on a VPN.

 

[ForgottenSeer 58943]

Normally, when I reset my tablet I select 'Remove all programs and data from my drive" in WIndows. Is that good enough to obliterate all traces?

Thanks

If you select that you are given two options - basic, if you are keeping the device. Full if you need it securely wiped and are selling it. If you select the full option (second one) but run the cipher /w:C command before you do this then you are probably fine.

 

[omidomi]

Ok,this is why I never suggest this "spy VPN" at all
in long time last at this forum I said that this software follow USA rules and work with them(who one know? may be work with another country police and inteligence service also?),so no one pay attention to me and many readers think that I want "bulli.."to this company...
so see the truth,I do't know why people do't want to prevenet "sick"....
keep close attention to choose your vpn...(be sure that do't trust companies privacy and advertiset website many of them are liar and just want reach "steal" your money...)
btw: PureVpn is Hong Kong base company and can easily rejected FBI request due to their country law....

 

[RoboMan]

I think it would be pretty difficult to trace logs back to an IP that is shared on a VPN.

I don't think so. Let's picture a scenario where a VPN has 100,000 customers, out of wich 10,000 used the same IP. We have now 10,000 suspects. Only one matches the MAC Address linked in the logs. Maybe he spoofed it. We have a screen size that only matches 100 screens. Now we have 100 suspects. Only 5 match the local time and date used in the logs. It's really easy to track you down if they hand the logs... I'm just surprised this happened...

 

[NikolayfromRussia]

My advice is not to use a purevpn. I purchased a lifetime subscription for $55 last year. The price is really good but now this service has problems with a connection/download speed. But the most important thing is security. There is a DNS leak. I noticed even if it hides your Ip but some sites detects your DNS. When I am connected to purevpn and surf some sites. These sites show me advertisement related to my country ,,Russia,,. It mustn't be so because I am connected to VPN hiding my Ip but there is a DNS leak. By the way I read some reviews about purevpn and they complain about DNS leak.
So, be careful using this vpn. However there is no reliable vpn service at all especially based in US