VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity, but a recent criminal case shows that at least some, do store user activity logs.
The case in question is of Ryan Lin, a 24-year-old man from Newton, Massachusetts, arrested on Thursday, October 5, on charges of cyberstalking.
According to an FBI affidavit published by the US Department of Justice, Lin is accused of harassing and cyberstalking an unnamed 24-year-old woman — referred to under the generic name of Jennifer Smith — between April 2016 and up until his arrest.
It all started with a Craigslist ad
The two met after Lin answered a Craigslist ad and moved in with Smith and her two other roommates. The FBI says that soon after Lin moved in with Smith, she was the victim of multiple hacking, harassing, and cyberstalking incidents.
Investigators believe that Lin got access to passwords of some of Smith's online profiles because Smith didn't have a lock on her room door, and didn't password-protect her computer.
Authorities say that Lin allegedly accessed Smit's Apple iCloud account from where he downloaded personal photos, and also her Google Drive account from where he took her private journal.
Smith was the victim of a wide range of harassment campaigns
According to the affidavit, Lin is the prime suspect behind a multi-faceted and unyielding harassment campaign that spanned months. In no particular order, below are some of the FBI's accusations:
⧐ The suspect allegedly sent excerpts of Smith's private journal to other persons, revealing personal details such as a past medical, psychological, and sexual history.
⧐ The suspect allegedly created online accounts in Smith's name on adult portals asking people to show up at her house to enact BDSM, gangbang, rape, and other sexual fantasies. At least three people showed up.
⧐ The suspect allegedly harrassed Smith using SMS messages sent via an anonymous text messaging service (textnow.com).
⧐ The suspect allegedly spoofed Smith's identity to send bomb and other threats to nearby schools and lone individuals.
⧐ The suspect allegedly sent threatening communications to Smith's friends, associates, and family (including a minor), urging Smith to commit suicide, or threatening to kill and rape Smith and associates.
⧐ The suspect allegedly bombarded Smith with friend requests on Facebook, even after getting blocked.
⧐ The suspect allegedly hacked Smith Rover.com account (pet sitting service) and told pet owners that Smith intentionally killed one of their pets, resulting in the pet owners sending police officers to their house to deal with Smith.
⧐ The suspect brought up the fact that Smith had an abortion, even if the suspect did not tell anyone about it, and only recorded the event in her private journal.
Smith told authorities the abusive behavior began soon after Lin moved in, and continued even if she moved out two months later, scared by his actions.
Lin's abusive behavior was then redirected to the other two roommates, and following complaints to the landlord and police, Lin was kicked out from the shared apartment in August 2016. The cyberstalking and harassing behavior continued, again, mainly directed at Smith.
Suspect hid behind VPNs, Tor, ProtonMail
For all of these actions, the suspect used ProtonMail, VPN clients, and Tor to hide his identity. After local police investigated all the victim's complaints for almost a year, they called in the FBI to help.
The FBI found their first evidence at one of Lin's former employers. The company had reinstalled Lin's work computer after he left, but the FBI was able to find various artifacts in the hard drive's unallocated disk space. Evidence includes:
⧐ Google Chrome artifacts that Lin had an account on textnow.com
⧐ Google Chrome artifacts that Lin had an account on ProtonMail
⧐ Google Chrome artifacts that Lin had visited Rover.com
⧐ Google Chrome artifacts that Lin had visited the Smith's Spotify profile, but also the profiles of Smith's brother and one of her best friends.
⧐ PureVPN artifacts suggesting Lin was using the company's VPN client.
VPN activity logs tie Lin to Smith's harassment
Yet, the most conclusive evidence came after the FBI managed to obtain logs from two VPN providers — PureVPN and WANSecurity.
The logs showed how within the span of minutes the same VPN IP address had logged into Lin's real Gmail address, another Gmail address used for some of the threats, and a Rover.com account Lin created to discover Smith's real phone number. PureVPN was later able to link the stalking activity with Lin's home and work IPs. The information in the affidavit may shock some PureVPN customers, as the company boldly advertises on its privacy policy page that it does not keep any logs.
Ironically, FBI agents also found tweets in which Lin was warning other users that VPN providers store activity logs, advice he didn't follow himself.
Investigators became sure they identified the right man after they interviewed some of Lin's past classmates, who recounted a similar pattern of harassment and cyberstalking from a man they described as a computer "genius."
"As alleged, Mr. Lin orchestrated an extensive, multi-faceted campaign of computer hacking and online harassment that caused a huge amount of angst, alarm, and unnecessary expenditure of limited law enforcement resources," said FBI Special Agent in Charge Shaw.
"This kind of behavior is not a prank, and it isn’t harmless. He allegedly scared innocent people, and disrupted their daily lives, because he was blinded by his obsession," the agent added. "No one should feel unsafe in their own home, school, or workplace, and the FBI and our law enforcement partners hope today’s arrest will deter others from engaging in similar criminal conduct."
Comments
Occasional - 6 years ago
Point 1: Anonymity is fertilizer for monstrous behavior. This guy may have been a bad seed to start, but the more he figured he could get away with, the worse he got.
Point 2: Many would be Ok with a VPN that would only keep and pass logs under a court order (and had fully adequate security/privacy internal technologies and policies). If a VPN provider advertised that, they'd probably get more business from entities who wouldn't want to do business with a vendor that attracts sleaze, and with it, attention of law enforcement.
Wingo99 - 6 years ago
"Point 1: Anonymity is fertilizer for monstrous behavior. This guy may have been a bad seed to start, but the more he figured he could get away with, the worse he got.
Point 2: Many would be Ok with a VPN that would only keep and pass logs under a court order (and had fully adequate security/privacy internal technologies and policies). If a VPN provider advertised that, they'd probably get more business from entities who wouldn't want to do business with a vendor that attracts sleaze, and with it, attention of law enforcement. "
Your false assumption that "Anonymity is fertilizer for monstrous behavior," might come as a shock to TOR and VPN users that need to be anonymous in monstrous police states like Iran and China.
PureVPN LIED about its logs policy and paying customers aren't ok with lies and deception.
Occasional - 6 years ago
Anonymity does foster bad behavior - never said there were no scenarios where it could be used in self defense. This guy lived outside Boston. Even a Yankees fan wouldn't equate Massachusetts with Iran.
I made no comment about PureVPN - The "being Ok with" point was an "If" statement. PureVPN would flow through "Else".
Wingo99 - 6 years ago
Pretty lame reply pal.
"Anonymity does foster bad behavior - never said there were no scenarios where it could be used in self defense."
No you just make a blanket statement, "Anonymity is fertilizer for monstrous behavior."
I say having shades on your windows promotes monstrous behavior indoors.
I bet 10-1 that you have shades on your windows, what are you hiding?
BTW "Occasional" why are you posting anonymously?
Is it because you're a monstrous troll?
Here are your ANONYMOUS stats on your account for this site, "Occasional".
Dirty hypocritical troll.
" Group Members
Active Posts 12
Profile Views 21
Age Age Unknown
Birthday Birthday Unknown
Gender
Not Telling Not Telling"
Joe_BubbA - 6 years ago
I have no problem with them nailing this guy. The problem I have with PureVPN is how they totally mislead potential customers: "There are no third-parties involved and NO logs of your activities. "
They stand by that statement even today, claiming that they only keep "date/time stamps". What kind of BS is that? Again, I have no problem with a VPN keeping logs and revealing such logs only upon a court order/warrant, but don't lie about it....
Joe_BubbA - 6 years ago
P.S. Just go to their website and "chat" with them. It's hilarious watching their "sales agents" try to deflect the facts...
Wingo99 - 6 years ago
Clearly PureVPN are liars and have made fraudulent statements regarding their privacy policy.
All current and former PureVPN users should be refunded fully, for being defrauded by a dubious and now fully discredited VPN.
"PureVPN’s Privacy Policy
We do NOT keep any logs that can identify or help in monitoring a user’s activity.
You are Invisible – Even We Cannot See What You Do Online
We Do Not monitor user activity nor do we keep any logs. We therefore have no record of your activities such as which software you used, which websites you visited, what content you downloaded, which apps you used, etc. after you connected to any of our servers. Our servers automatically record the time at which you connect to any of our servers. From here on forward, we do not keep any records of anything that could associate any specific activity to a specific user. The time when a successful connection is made with our servers is counted as a “connection” and the total bandwidth used during this connection is called “bandwidth”. Connection and bandwidth are kept in record to maintain the quality of our service. This helps us understand the flow of traffic to specific servers so we could optimize them better."
luvkk - 6 years ago
hmmm
RightfullyAngry - 6 years ago
I am not a computer genius I have been, hacked, tracked, robbed, had email addresses,medical records, credit cards, 10 cellphones including this one ...tablets, 4 laptops, mobile banking,.email addresses that I have had since 1998. My Comcast accts, 2 magic jacks and created 30 plus email address in my name. My phone's hacked from Washington State. Medina
A to Mission Veilijo San Diego their entire network 10 location total. They vandalized my cars, broke into my storages, shed
So basically fuck anonymity no checks and balances or boundaries or protocol protecting John Q Public means these scumbags are continuing to terrorize honest hard-working people. I went to police they said change you email addresses
And was told the FBI won't deal with it unless you lose 500,000 or more the police don't have the resources
To deal with it
RightfullyAngry - 6 years ago
So in conclusion for people like me who just want to talk to our friends and family, listen to our paid music subscriptions aren't because they have completely fucked your cyberlife. I want them stopped and prosecuted and made an example of. If they had a criminal cyber stalking similar to the sexual predator registry so a person could get better cyber security...what is the best one thank you. Honestly it's like being raped for your life