Slashdot Mirror
VPN Provider's No-Logging Claims Tested In FBI Case (torrentfreak.com)
An anonymous reader writes from an article published on TorrentFreak: [A] criminal complaint details the FBI's suspicions that 25-year-old Preston McWaters had conveyed "false or misleading information regarding an explosive device." The FBI started digging and in February 2016 two search warrants against Twitter and Facebook required them to turn over information on several accounts. Both did and the criminal complaint makes it clear that the FBI believes that McWaters was behind the accounts and the threats. With McWaters apparently leaving incriminating evidence all over the place (including CCTV at Walmart where he allegedly purchased a pre-paid Tracfone after arriving in his own car), the FBI turned to IP address evidence available elsewhere. "During the course of the investigation, subpoenas and search warrants have been directed to various companies in an attempt to identify the internet protocol (IP) address from where the email messages are being sent," the complaint reads. "All the responses from [email provider] 1&1, Facebook, Twitter, and Tracfone have been traced by IP address back to a company named London Trust Media [doing business as] PrivateInternetAccess.com. A subpoena was sent to London Trust Media and the only information they could provide is that the cluster of IP addresses being used was from the east coast of the United States," the FBI's complain reads. "However, London Trust did provide that they accept payment for their services through credit card with a vendor company of Stripe and/or Amazon. They also accept forms of payment online through PayPal, Bitpay, Bit Coin, Cash You, Ripple, Ok Pay, and Pay Garden."
While McWaters is yet to be found guilty, it's a sad fact that some people will use anonymizing services such as VPNs, pre-paid phones and anonymous email providers to harass others. And thankfully, as this case shows, they'll need to hide a lot more than their IP address to get away with that level of crime.
While McWaters is yet to be found guilty, it's a sad fact that some people will use anonymizing services such as VPNs, pre-paid phones and anonymous email providers to harass others. And thankfully, as this case shows, they'll need to hide a lot more than their IP address to get away with that level of crime.
Looks to me like they have nothing for the FBI. No logs, nothing identifying anyone in particular.
This is what they promised.
1. It protects your freedoom to have your information private and not snooped on by others, or the government.
2. It protects criminals' freedom to have their information private and not snooped on by others, or the government.
Can't have one without the other, people. If you give up one, you give up both.
"And thankfully, as this case shows, they'll need to hide a lot more than their IP address to get away with that level of crime."
Yes, they have to go to a local starbucks.
Love their service.
Especially their API, which allows you to script stuff like port forwarding.
Got a nice little cronjob that automates the whole thing.
Highly recommended
In some places, you can buy a burner phone at a liquor store counter along with a pack of philly blunts (or Skoal) and a five-hour energy drink.
There are Mobil stations that sell burner phones for cash in Chicago.
You are welcome on my lawn.
I read the affidavit for a warrant for the guy's arrest.
To summarize : He used PIA, but bought 2 tracfones that he used to make harassing twitter posts. They have surveillance of someone looking like him at the register, his car leaving, bank withdrawals for the exact amount of money used to buy the phones in cash, and 3 separate sets of recordings. Walmart security(who seem to be pretty on the ball, surprisingly) even got a picture of his license plate when he visited a second time.
They also have the phones geolocated when they were used, they checked that he went to the closest walmart to his house, they found 2 chargers in his car for the phones, the username and password for a PIA account listed in his wallet, cell tower locations to his home and work...pretty solid.
I didn't see any of the gaps I normally see when I read about police investigations, it almost sounds like the Feds made sure they had the right man. Really, the only fault I have with the authorities is the hysterical response to bomb threats. Evacuating a building because some random made an anonymous threat? That's no way to run a railroad. Most of the damage he did was because the authorities fucked up.
Maybe it's time for government to protect citizens and regulate corporations instead of the other way around.
You are welcome on my lawn.
I find the tone of the comment at the end odd. While not condoning the actions, I'd figure Slashdot and its readers would be much more interested in the de-anonymysing dimension of the story than the he got what he deserves mentality of that comment.
London Trust Media is an Indiana corporation with mailing addresses in Los Angeles, CA and Grandville, MI.
Thanks to the War on Drugs, it's easier to buy meth than it is to buy cold medicine!
Because corporations do most of the data collection.
You are welcome on my lawn.
If you think about it a second, you'll see why having a security camera at the point of sale does not tell you who is using a phone. Is there a law against me buying a burner phone and giving it to someone else?
You are welcome on my lawn.
Because corporations do most of the data collection.
Pretty much the only group that's more likely to abuse personal information than your governors.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
but might one day want to be bad.
I don't want to be bad. I just want to negotiate business plans with people and not have some fucking legislator front-running my deals.
Have gnu, will travel.
No law against it, however you'll be charged with a dozen different terrorism related crimes until you break.
Only the State obtains its revenue by coercion. - Murray Rothbard
Duh. What part of Team America: World Police don't you understand?
Only crack the nuts that crack. You don't put the ones that don't crack in the sack.
No law against it, however you'll be charged with a dozen different terrorism related crimes until you break.
I assumed that the people with something to hide just ask the homeless guy in the alley to go in and buy the phone in return for a few bucks.
So the FBI can be clever and persistent. Good.
Of course there are some operatives who make them look like knobheads. Why don't law enforcers stick to being the good guys?
Power induces moral blindness and complete WTF
And all of that is circumstantial evidence. The thing they don't have is direct evidence that he made the posts.
Airtight circumstantial evidence is indistinguishable from parallel construction.
--
With age comes a modicum of cynicism.
I for one would rather be evacuated from a building for a hoax than be left in a building that one time in a thousand it isn't. Whats that old saying? Better an ounce of prevention than pounds of flesh splatted all over the street, or something like that :)
Evacuation is the leading cause of bomb threats.
Don't waste your vote! Vote for whoever you want, unless you live in a swing state it won't matter anyways
Liberal democrats ARE bad guys. The only variable is "how bad" they are.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.
Kid-proof tablet..
I've been amazed how basically any prosecution isn't neutered simply by the presence of parallel construction.
We know the gov is doing this. How is any charge not immediately suspect? Reasonable doubt would seem to be met....
People in cars cause accidents....accidents in cars cause people
It's "over the internet", so it's a whole new thing. We need a whole new set of laws specifically for this, with more significant penalties [of course, we will also charge you under the old laws as well].
Sleep your way to a whiter smile...date a dentist!
The FBI and other police are all well aware of course that serious bombers with actual plans and devices almost never make THREATS.
No, they act. They attack. They detonate their device and then later take credit for it, if at all. They do not phone ahead.
People who phone ahead are making empty threats or they are late for work or out sick and want to be away from their job for the day without penalty. There is a LOT of "hey I don't want to have THAT meeting with my boss today so I'll just phone in a bomb threat and then I won't have to deal with the boss!" bullshit.
Sig for hire.
The IP of the phone used to make those posts traces to a tracphone that the man is known to have purchased with cash. They know he bought the phone because of the bank withdrawals, the car used, and the walmart video.
So, a twitter acount makes threats. Twitter gives the IP of the computer posting the messages and the phone number of the phone used for the account. Phone number goes to a tracphone. Tracphone bought at walmart, on the same day the man withdrawals the exact amount of cash used to puchase the phones and someone looking like them buys stuff at walmart and drives the same car with the same license plate and has the same phone chargers in his car for a phone he doesn't have any more.
This is pretty close to "direct" evidence...
You can certainly give up on legitimate uses of encryption, but criminals aren't going to quit using it themselves.
Therefore, the choice is not whether to give up freedom in return for safety, but whether to give up freedom in return for nothing of value at all. Unless you're a totalitarian sociopath, it's an easy choice!
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
The problem is that a judge and/or jury has to (a) understand what parallel construction is, and (b) care.
"[Regarding the 'cloud,'] ownership was what made America different than Russia." -- Woz
This is the very definition of circumstantial. It's enough to justify further investigation, at best.
You haven't presented evidence that he made those posts with that phone that he was seen purchasing. For all you know, he could have lost it or had it stolen right after leaving Walmart, or lent it to someone, or it might not have even been his phone at all and he's just unlucky. This is why circumstantial evidence isn't nearly sufficient for conviction. Coincidences happen all the time.
If the phones that made those posts were not in his possession when they searched his things, all the evidence you've presented so far means nothing.
Higher Logics: where programming meets science.
"Thankfully"? Not only, that it's not neutral, but it's even against freedom. A VPN is there to protect your privacy and freedom of speech. If the cannot protect the guilty, they cannot protect the innocent, either. Read the Tor Projects's summary on why anonymity needs to be universal and why the "bad guys" will always have ways to be anonymous, while the good ones trust software like tor or providers like PIA, i.e. instead of using hacked windows pcs to cloak their origin. So a logging vpn only encourages the bad guys to use more illegal ways, while the good ones may be at risk to get caught by their regime. And you won't think america doesn't hunt the good ones, do you? Then think of the name snowden and rethink your position how good guys can be at risk because of anonymity providers not providing anonymity. No wonder, snowden had more then one measure to communicate privately.
That's not really the point.
Do you remember the case of the student doing terror threats against the university via tor? They did not have any more evidence than he was the only tor user on campus. But they did not need to. They visited him, asked him and he did not resist, but conceded. ...
When somebody already comes to ask you about the things, even when this is not the rubberhose type of interview, you probably will tell, if you're not a full grown criminal prepared to lie to the police / agencies /
mod parent up
Used to work as a security guard at a local skyscraper years ago. We actually had forms printed for bomb threats. Complete with questions to ask in order of importance. You would be surprised how many people will answer with their name or address when asked.
Enough circumstantial evidence will secure a conviction (without something exculpatory in defense), at some point it stops being a just series of coincidences. People do get convicted on nothing but circumstantial evidence all the time. The standard is "beyond a reasonable doubt", not "beyond all doubt".
The difference is that a university has 100% domination over its students. There is no legal framework, appeals system, or "right to study" that will allow you to defend yourself against the administration. If the university decides to boot you, for whatever reason, you are out. Period.
Luckily, "real life" is not like that. We have a set of laws to protect people and the right to be regarded as innocent until proven guilty is a very significant part of that. In **EVERY** case the prosecution must make a compelling, correct, watertight case against an individual.
If I was caught up in something like this I wouldn't say a word. I would wait (yes, it may take 6-12 months) until they get their shit together, I would review their evidence, and I would see where it goes. If I lost in court then there is a chance I may receive a harsher penalty than if I had confessed at an earlier time, however, personally I would never do so. I'm not talking about remorse here. What I mean is, lenience for "not wasting the court's time with a non-guilty plea" is a morally bankrupt concept. It can be easily seen in the rampant misuse of "plea deals" in the US, which ultimately destabilizes and corrupts of the judicial system.
No, it's not close to direct evidence. It is circumstantial evidence. Words have meaning.
If nothing else, this is great marketing for them - assuming it turns out to be true. I'll watch and consider changing/adding them.
"So long and thanks for all the fish."
And will still all be decided by 12 people who were too thick to get out of jury service :|
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
This is why circumstantial evidence isn't nearly sufficient for conviction.
You're wrong. If a jury decides that enough circumstantial evidence exists to prove guilt "beyond a reasonable doubt", then that's enough for conviction.
You were probably around during the Hans Reiser trial. No body, but plenty of circumstantial evidence. The prevailing Slashdot mood was defending Reiser, but based on the evidence I figured he was guilty as hell and was glad when he got convicted. It was even sweeter when he took a deal, admitted to the crime, and disclosed the location of the body.
The main problem is another: The police stands in your door, sounds angry and you admit everything. No need for further investigation, they are witness in court and the decision is only what penalty you will get.
Okay, some people may have a pokerface and be prepared. But most are not.