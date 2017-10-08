Please create an account to participate in the Slashdot moderation system

 


Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI (bleepingcomputer.com) 62

Posted by EditorDavid from the no-more-secrets dept.
An anonymous reader writes: "VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity," writes Bleeping Computer, "but a recent criminal case shows that at least some do store user activity logs." According to the FBI, VPN providers played a key role in identifying an aggressive cyberstalker by providing detailed logs to authorities, even if they claimed in their privacy policies that they don't. The suspect is a 24-year-old man that hacked his roommate, published her private journal, made sexually explicit collages, sent threats to schools in the victim's name, and registered accounts on adult portals, sending men to the victim's house...
FBI agents also obtained Google records on their suspect, according to a 29-page affidavit which, ironically, includes the text of one of his tweets warning people that VPN providers do in fact keep activity logs. "If they can limit your connections or track bandwidth usage, they keep logs."

Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI

  • This is a good reminder that you shouldn't put much faith in the claims made by service providers.

  • ... you'll be anonymous, they said.

    I'm bookmarking this article for reference material for the VPN fanbois.

    • All a VPN really does is prevent your local ISP provider from monetizing your surfing habits. Which is enough for me.

      • That's all a VPN does for you , which is irrelevant to what Pure VPN says it does [purevpn.com] for others.

        PureVPN operates a self-managed VPN network that currently stands at 750+ Servers in 141 Countries. But is this enough to ensure complete security? That's why PureVPN has launched advanced features to add proactive, preventive and complete security. There are no third-parties involved and NO logs of your activities .

        Emphasis mine.

      • Re: (Score:2)

        by AmiMoJo ( 196126 )

        It also forces the security services to actively target you and expend some extra effort to get your data.

        In some countries, e.g. the UK, ISPs are required to log and hand over such data pretty much on demand to the police, and of course you have outfits like GCHQ and the NSA doing mass surveillance.

        A VPN increases to cost to spy on you from nearly zero to something that will discourage casual snooping and a lot of abuse. It's not perfect but it's a useful line of defence.

    • Get a VPN they said ... you'll be anonymous, they said.

      You will be anonymous until the VPN gets a warrant for specific information.

      If you want to be entirely anonymous then you will need to set up proxies using multiple hacked IoT devices in nations that will not cooperate.

      • If you want to be entirely anonymous then you will need to set up proxies using multiple hacked IoT devices in nations that will not cooperate.

        So say you.

        Where do you publish your guarantee, and how do we know you're not outright lying like Pure VPN is?

    • Re: (Score:2)

      by Ramze ( 640788 )

      VPNs aren't meant to keep people anonymous. They just obscure the origin IP address enough to where an average site may not know for certain who is visiting and law enforcement would have to request account connection details -- time and origin of connection, user name, actual name, length of time of connection, bandwidth usage, etc. Sure, VPNs don't usually record what sites you visit, but the sites themselves keep detailed logs that include the IP address of the VPN used... which in this situation corre

      • VPNs aren't meant to keep people anonymous.

        Yes, this is exactly correct. VPNs don't disguise endpoints or decorrelate access times.

        Personally, I use a VPN solely so that I don't have to worry quite as much when I'm connecting through WiFi access points that I don't control (open access points, workplace WiFi, etc.).

        I'm not even trying to hide from my ISP (since, at some point, my datastream is going to be exposed to an ISP anyway -- at least this way, I know which one I'm exposed to). So, I don't use a third party VPN. I run my own VPN server, and m

    • Pure VPN says, in writing, that they do not log.

      What VPN would you suggest, and how do you know they actually do what they say they do ... in writing?

  • VPN vendors were PureVPN and WANSecurity.
    He also used a secure email and Tor but no indication that logs or info was pulled from those.

    https://torrentfreak.com/vpn-s... [torrentfreak.com]

    Never heard of these VPN services, but if you stick to VPNs that have been reviewed and tested for privacy over the years they are fine. See above link for good reviews..noticed PUREVPN was never reviewed?

    • That list doesn't really mean anything, though. All they've done is ask providers questions and ranked them according to the provided answers. There has been no independent verification of the provider's practices or technical security, so there's no way to tell if the answers were complete and honest.

    • How do you know that reviewed VPNs don't keep logs?

  • It was his room mate. With physical access to the machine, if he can not get a key logger in or video tape log ins to capture credentials that idiot deserves everything that's coming to him. Jeez, people like him bring bad name to all evil people.
  • You could roll your own VPN by purchasing a VPS and routing your traffic through it but even that will only give you a little bit more privacy. At some point the data that you send will have to be decrypted in order to be sent out to the internet at large. Authorities can see the point at which the decryption is taking place and trace it back to that end-point IP address. It is a trivial matter to see who the IP address belongs to. The VPS provider could then be issued a subpoena to get your information. Th

      The internet is forever, you can't really disappear on the grid as much as one would like to believe. You can hide, but you'll be found in time.

      The best defense is not to do dumb stuff in the first place.

      • The best defense is not to do dumb stuff in the first place.

        That doesn't protect you from other entities doing dumb or abusive stuff, though.

  • She is not the only victim here. (Score:5, Informative)

    by 140Mandak262Jamuna ( 970587 ) on Sunday October 08, 2017 @11:59AM (#55331309) Journal

    Special Agent in Charge of the Federal Bureau of Investigation, Boston Field Division. “This kind of behavior is not a prank, and it isn't harmless. He allegedly scared innocent people, and disrupted their daily lives, because he was blinded by his obsession. No one should feel unsafe in their own home, school, or workplace, and the FBI and our law enforcement partners hope today's arrest will deter others from engaging in similar criminal conduct.”

    This jerk has degraded the trustworthiness of ALL bomb threat calls, ALL emergency distress calls. As incidents like this increase, as people figure out better ways to hide their tracks, more people will do such things. In the end the police and emergency services will take time to check veracity and trustworthiness of the caller before responding. False alarms will increase cost for all tax payers. Some stalking victims could actually be raped or violated due to such postings.

    This guy is evil, he should be punished so severely others don't even fantasize doing such things.

    • This jerk has degraded the trustworthiness of ALL bomb threat calls, ALL emergency distress calls. As incidents like this increase, as people figure out better ways to hide their tracks, more people will do such things. In the end the police and emergency services will take time to check veracity and trustworthiness of the caller before responding. False alarms will increase cost for all tax payers. Some stalking victims could actually be raped or violated due to such postings.

      This guy is evil, he should be punished so severely others don't even fantasize doing such things.

      Agreed. And I also think we should prevent certain morons from mocking North Korea on Twitter, too.

    • Re: (Score:2)

      by Yosho ( 135835 )

      This guy is evil, he should be punished so severely others don't even fantasize doing such things.

      Unfortunately, severely punishing somebody for a crime has a negligible effect on discouraging anybody else from committing the same crime. I guarantee that at no point did this person ever think, "I wonder what happened to others who have stalked and harassed people? What's my risk vs. reward ratio here?"

  • Sure you can write disparaging remarks, insult other people anonymously; but the moment you start performing malicious actions causing deliberate targeted harm, that mask can come off mighty fast.
  • Adj.
    1 almost or nearly as described, but not completely or according to strict definition.

