Slashdot Mirror
VPN Provider's No-Logging Claims Tested In FBI Case (torrentfreak.com)
An anonymous reader writes from an article published on TorrentFreak: [A] criminal complaint details the FBI's suspicions that 25-year-old Preston McWaters had conveyed "false or misleading information regarding an explosive device." The FBI started digging and in February 2016 two search warrants against Twitter and Facebook required them to turn over information on several accounts. Both did and the criminal complaint makes it clear that the FBI believes that McWaters was behind the accounts and the threats. With McWaters apparently leaving incriminating evidence all over the place (including CCTV at Walmart where he allegedly purchased a pre-paid Tracfone after arriving in his own car), the FBI turned to IP address evidence available elsewhere. "During the course of the investigation, subpoenas and search warrants have been directed to various companies in an attempt to identify the internet protocol (IP) address from where the email messages are being sent," the complaint reads. "All the responses from [email provider] 1&1, Facebook, Twitter, and Tracfone have been traced by IP address back to a company named London Trust Media [doing business as] PrivateInternetAccess.com. A subpoena was sent to London Trust Media and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States," the FBI's complain reads. "However, London Trust did provide that they accept payment for their services through credit card with a vendor company of Stripe and/or Amazon. They also accept forms of payment online through PayPal, Bitpay, Bit Coin, Cash You, Ripple, Ok Pay, and Pay Garden."
While McWaters is yet to be found guilty, it's a sad fact that some people will use anonymizing services such as VPNs, pre-paid phones and anonymous email providers to harass others. And thankfully, as this case shows, they'll need to hide a lot more than their IP address to get away with that level of crime.
While McWaters is yet to be found guilty, it's a sad fact that some people will use anonymizing services such as VPNs, pre-paid phones and anonymous email providers to harass others. And thankfully, as this case shows, they'll need to hide a lot more than their IP address to get away with that level of crime.
You really think they aren't going to use an anonimizing service to commit crime? That's like committing a bank robbery with out a ski mask and smiling for the cctv.
If there was reasonable markup in selling pre-paid phones for cash from the back of my car. There's been more than one occasion where I've heard of video evidence of somebody buying a pre-paid phone at the register. I think they've both been from Walmart, dunno if that happens at the local 7-11 or not.
1) didn't hide his activities well enough?
2) a company specializing in not keeping records didn't help the FBI too much?
I'm a liberal democrat. The Government gets into my pants way too much and way to easy. I never have, but might one day want to be bad. I want that chance. Fuck the government.
Looks to me like they have nothing for the FBI. No logs, nothing identifying anyone in particular.
This is what they promised.
1. It protects your freedoom to have your information private and not snooped on by others, or the government.
2. It protects criminals' freedom to have their information private and not snooped on by others, or the government.
Can't have one without the other, people. If you give up one, you give up both.
"And thankfully, as this case shows, they'll need to hide a lot more than their IP address to get away with that level of crime."
Yes, they have to go to a local starbucks.
Love their service.
Especially their API, which allows you to script stuff like port forwarding.
Got a nice little cronjob that automates the whole thing.
Highly recommended
I read the affidavit for a warrant for the guy's arrest.
To summarize : He used PIA, but bought 2 tracfones that he used to make harassing twitter posts. They have surveillance of someone looking like him at the register, his car leaving, bank withdrawals for the exact amount of money used to buy the phones in cash, and 3 separate sets of recordings. Walmart security(who seem to be pretty on the ball, surprisingly) even got a picture of his license plate when he visited a second time.
They also have the phones geolocated when they were used, they checked that he went to the closest walmart to his house, they found 2 chargers in his car for the phones, the username and password for a PIA account listed in his wallet, cell tower locations to his home and work...pretty solid.
I didn't see any of the gaps I normally see when I read about police investigations, it almost sounds like the Feds made sure they had the right man. Really, the only fault I have with the authorities is the hysterical response to bomb threats. Evacuating a building because some random made an anonymous threat? That's no way to run a railroad. Most of the damage he did was because the authorities fucked up.
I find the tone of the comment at the end odd. While not condoning the actions, I'd figure Slashdot and its readers would be much more interested in the de-anonymysing dimension of the story than the he got what he deserves mentality of that comment.
First, I'm glad PIA passed the warrant test. A lot of my friends use this service.
Secondly, we should all recognize that passing an FBI warrant test is *not* the same thing as passing an NSA backdoor / secret court test. PIA is based in the United States, so all bets are off that the service is safe from NSA nonsense.
Thirdly, someone has put together a fascinating table (https://docs.google.com/spreadsheets/d/1FJTvWT5RHFSYuEoFVpAeQjuQPU4BVzbOigT0xebxTOw/htmlview?usp=sharing&sle=true) comparing >100 VPNs in a variety of ways using publicly available information. PIA probably isn't the best available.
A subpoena was sent to London Trust Media
So the U.S. had jurisdiction to serve subpoenas outside of its territory? Note that this is not a summons, and the company is not being accused of any wrongdoing.
So the FBI can be clever and persistent. Good.
Of course there are some operatives who make them look like knobheads. Why don't law enforcers stick to being the good guys?
Power induces moral blindness and complete WTF
And all of that is circumstantial evidence. The thing they don't have is direct evidence that he made the posts.
- two search warrants against Twitter and Facebook ... arriving in his own car
- CCTV at Walmart
- responses from [email provider] 1&1, Facebook, Twitter, and Tracfone have been traced by IP address back to a company named London Trust Media [doing business as] PrivateInternetAccess.com
- subpoena was sent to London Trust Media and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United State
I mean it's good that federal law enforcement agencies are catching people who do this shit, but holy fucking shit is this scary. Corporations have become components in the government's surveillance network. Google and Facebook can track you via your friend posting a photo of you with GPS data (supposedly your face doesn't even have to be visible).
The government has already tipped their hand on what their position is toward criticizing corruption with extremely harsh treatment toward whistleblowers. There's also the case of the FBI demanding on-demand warrantless access to all mobile devices with the president using a 'for the childrens' bullshit plea.
How long is it going to be before people with power start re-interpreting the first amendment to only apply toward speech they agree with, and utilizing this surveillance organism to go after people?
Airtight circumstantial evidence is indistinguishable from parallel construction.
--
With age comes a modicum of cynicism.
I for one would rather be evacuated from a building for a hoax than be left in a building that one time in a thousand it isn't. Whats that old saying? Better an ounce of prevention than pounds of flesh splatted all over the street, or something like that :)
Evacuation is the leading cause of bomb threats.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
I was thinking the same thing while reading the laundry list. But circumstantial evidence is apparently good enough in a country where ambush media have turned "innocent until proven guilty" into "guilty per allegation."
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
Kid-proof tablet..
I've been amazed how basically any prosecution isn't neutered simply by the presence of parallel construction.
We know the gov is doing this. How is any charge not immediately suspect? Reasonable doubt would seem to be met....
People in cars cause accidents....accidents in cars cause people
The FBI and other police are all well aware of course that serious bombers with actual plans and devices almost never make THREATS.
No, they act. They attack. They detonate their device and then later take credit for it, if at all. They do not phone ahead.
People who phone ahead are making empty threats or they are late for work or out sick and want to be away from their job for the day without penalty. There is a LOT of "hey I don't want to have THAT meeting with my boss today so I'll just phone in a bomb threat and then I won't have to deal with the boss!" bullshit.
Sig for hire.
The IP of the phone used to make those posts traces to a tracphone that the man is known to have purchased with cash. They know he bought the phone because of the bank withdrawals, the car used, and the walmart video.
So, a twitter acount makes threats. Twitter gives the IP of the computer posting the messages and the phone number of the phone used for the account. Phone number goes to a tracphone. Tracphone bought at walmart, on the same day the man withdrawals the exact amount of cash used to puchase the phones and someone looking like them buys stuff at walmart and drives the same car with the same license plate and has the same phone chargers in his car for a phone he doesn't have any more.
This is pretty close to "direct" evidence...
You can certainly give up on legitimate uses of encryption, but criminals aren't going to quit using it themselves.
Therefore, the choice is not whether to give up freedom in return for safety, but whether to give up freedom in return for nothing of value at all. Unless you're a totalitarian sociopath, it's an easy choice!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
The problem is that a judge and/or jury has to (a) understand what parallel construction is, and (b) care.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
Anyone could have been holding the phone at the time. Ever give your phone to someone so they could make a quick check of something? Tons of people do.
This is the very definition of circumstantial. It's enough to justify further investigation, at best.
You haven't presented evidence that he made those posts with that phone that he was seen purchasing. For all you know, he could have lost it or had it stolen right after leaving Walmart, or lent it to someone, or it might not have even been his phone at all and he's just unlucky. This is why circumstantial evidence isn't nearly sufficient for conviction. Coincidences happen all the time.
If the phones that made those posts were not in his possession when they searched his things, all the evidence you've presented so far means nothing.
Higher Logics: where programming meets science.
"Thankfully"? Not only, that it's not neutral, but it's even against freedom. A VPN is there to protect your privacy and freedom of speech. If the cannot protect the guilty, they cannot protect the innocent, either. Read the Tor Projects's summary on why anonymity needs to be universal and why the "bad guys" will always have ways to be anonymous, while the good ones trust software like tor or providers like PIA, i.e. instead of using hacked windows pcs to cloak their origin. So a logging vpn only encourages the bad guys to use more illegal ways, while the good ones may be at risk to get caught by their regime. And you won't think america doesn't hunt the good ones, do you? Then think of the name snowden and rethink your position how good guys can be at risk because of anonymity providers not providing anonymity. No wonder, snowden had more then one measure to communicate privately.
Even if he didn't use the VPN, or the VPN handed over logs, if they can't prove the phone was in his hands, then it is still circumstantial.
Did someone say they had 3 voice recordings? That might nail him.
Used to work as a security guard at a local skyscraper years ago. We actually had forms printed for bomb threats. Complete with questions to ask in order of importance. You would be surprised how many people will answer with their name or address when asked.
Enough circumstantial evidence will secure a conviction (without something exculpatory in defense), at some point it stops being a just series of coincidences. People do get convicted on nothing but circumstantial evidence all the time. The standard is "beyond a reasonable doubt", not "beyond all doubt".
No, it's not close to direct evidence. It is circumstantial evidence. Words have meaning.
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
If Ben Franklin or Thomas Jefferson could see and understand what we have become, they would be deeply disappointed. The wisdom that began the American democratic experiment is now all but spent. Today we are the lesser children of greater sires.
If nothing else, this is great marketing for them - assuming it turns out to be true. I'll watch and consider changing/adding them.
"So long and thanks for all the fish."
And will still all be decided by 12 people who were too thick to get out of jury service :|
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
This is why circumstantial evidence isn't nearly sufficient for conviction.
You're wrong. If a jury decides that enough circumstantial evidence exists to prove guilt "beyond a reasonable doubt", then that's enough for conviction.
You were probably around during the Hans Reiser trial. No body, but plenty of circumstantial evidence. The prevailing Slashdot mood was defending Reiser, but based on the evidence I figured he was guilty as hell and was glad when he got convicted. It was even sweeter when he took a deal, admitted to the crime, and disclosed the location of the body.