A Massachusetts man was arrested late last week on suspicion of conducting a cyberstalking campaign against a female former roommate, her friends, and family. Court documents reveal that logs, obtained by the FBI from privacy service PureVPN, helped the prosecution. Until now, PureVPN had always maintained it carried no logs – almost.
Last Thursday, Ryan S. Lin, 24, of Newton, Massachusetts, was arrested on suspicion of conducting âan extensive cyberstalking campaignâ against his former roommate, a 24-year-old Massachusetts woman, as well as her family members and friends.
According to the Department of Justice, Linâs âmulti-faceted campaign of computer hacking and cyberstalkingâ began in April 2016 when he began hacking into the victimâs online accounts, obtaining personal photographs, sensitive information about her medical and sexual histories, and other private details.
Itâs alleged that after obtaining the above material, Lin distributed it to hundreds of others. Itâs claimed he created fake online profiles showing the victimâs home address while soliciting sexual activity. This caused men to show up at her home.
âMr. Lin allegedly carried out a relentless cyber stalking campaign against a young woman in a chilling effort to violate her privacy and threaten those around her,â said Acting United States Attorney William D. Weinreb.
âWhile using anonymizing services and other online tools to avoid attribution, Mr. Lin harassed the victim, her family, friends, co-workers and roommates, and then targeted local schools and institutions in her community. Mr. Lin will now face the consequences of his crimes.â
While Lin awaits his ultimate fate (he appeared in U.S. District Court in Boston Friday), the allegation he used anonymization tools to hide himself online but still managed to get caught raises a number of questions. An affidavit submitted by Special Agent Jeffrey Williams in support of the criminal complaint against Lin provides most of the answers.
Describing Linâs actions against the victim as âdoxingâ, Williams begins by noting that while Lin was the initial aggressor, the fact he made the information so widely available raises the possibility that other people got involved with malicious acts later on. Nevertheless, Lin remains the investigationâs prime suspect.
According to the affidavit, Lin is computer savvy having majored in computer science. He allegedly utilized a number of methods to hide his identity and IP address, including TOR, Virtual Private Network (VPN) services and email providers that âdo not maintain logs or other records.â
But if that genuinely is the case, how was Lin caught?
First up, itâs worth noting that plenty of Linâs aggressive and stalking behaviors towards the victim were demonstrated in a physical sense, offline. In that respect, it appears the authorities already had him as the prime suspect and worked back from there.
In one instance, the FBI examined a computer that had been used by Lin at a former workplace. Although Windows had been reinstalled, the FBI managed to find Google Chrome data which indicated Lin had viewed articles about bomb threats he allegedly made. They were also able to determine heâd accessed the victimâs Gmail account and additional data suggested that heâd used a VPN service.
âArtifacts indicated that PureVPN, a VPN service that was used repeatedly in the cyberstalking scheme, was installed on the computer,â the affidavit reads.
From here the Special Agentâs report reveals that the FBI received cooperation from Hong Kong-based PureVPN.
âSignificantly, PureVPN was able to determine that their service was accessed by the same customer from two originating IP addresses: the RCN IP address from the home Lin was living in at the time, and the software company where Lin was employed at the time,â the agentâs affidavit reads.
Needless to say, while this information will prove useful to the FBIâs prosecution of Lin, itâs also likely to turn into a huge headache for the VPN provider. The company claims zero-logging, which clearly isnât the case.
âPureVPN operates a self-managed VPN network that currently stands at 750+ Servers in 141 Countries. But is this enough to ensure complete security?â the companyâs marketing statement reads.
âThatâs why PureVPN has launched advanced features to add proactive, preventive and complete security. There are no third-parties involved and NO logs of your activities.â
Our servers automatically record the time at which you connect to any of our servers. From here on forward, we do not keep any records of anything that could associate any specific activity to a specific user. The time when a successful connection is made with our servers is counted as a âconnectionâ and the total bandwidth used during this connection is called âbandwidthâ. Connection and bandwidth are kept in record to maintain the quality of our service. This helps us understand the flow of traffic to specific servers so we could optimize them better.
This seems to match what the FBI says â almost. While it says it doesnât log, PureVPN admits to keeping records of when a user connects to the service and for how long. The FBI clearly states that the service also captures the userâs IP address too. In fact, it appears that PureVPN also logged the IP address belonging to another VPN service (WANSecurity) that was allegedly used by Lin to connect to PureVPN.
That record also helped to complete another circle of evidence. IP addresses used by
Kansas-based WANSecurity and Secure Internet LLC (servers operated by PureVPN) were allegedly used to access Gmail accounts known to be under Linâs control.
Somewhat ironically, this summer Lin took to Twitter to criticize VPN provider IPVanish (which is not involved in the case) over its no-logging claims.
âThere is no such thing as a VPN that doesnât keep logs,â Lin said. âIf they can limit your connections or track bandwidth usage, they keep logs.â
Or, in the case of PureVPN, if they log a connection time and a source IP address, that could be enough to raise the suspicions of the FBI and boost what already appears to be a pretty strong case.
If convicted, Lin faces up to five years in prison and three years of supervised release.
Source: Â TorrentFreak.com
Be the first to comment