Slashdot Mirror
Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI (bleepingcomputer.com)
An anonymous reader writes:
"VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity," writes Bleeping Computer, "but a recent criminal case shows that at least some do store user activity logs." According to the FBI, VPN providers played a key role in identifying an aggressive cyberstalker by providing detailed logs to authorities, even if they claimed in their privacy policies that they don't. The suspect is a 24-year-old man that hacked his roommate, published her private journal, made sexually explicit collages, sent threats to schools in the victim's name, and registered accounts on adult portals, sending men to the victim's house...
FBI agents also obtained Google records on their suspect, according to a 29-page affidavit which, ironically, includes the text of one of his tweets warning people that VPN providers do in fact keep activity logs. "If they can limit your connections or track bandwidth usage, they keep logs."
FBI agents also obtained Google records on their suspect, according to a 29-page affidavit which, ironically, includes the text of one of his tweets warning people that VPN providers do in fact keep activity logs. "If they can limit your connections or track bandwidth usage, they keep logs."
This is a good reminder that you shouldn't put much faith in the claims made by service providers.
This is something up for which we must not stand!
...for sure one VPN not to buy from.
So which VPN service is going out of business today?
... you'll be anonymous, they said.
I'm bookmarking this article for reference material for the VPN fanbois.
It little behooves the best of us to comment on the rest of us.
Alright then.
Half of America wonders when the FBI will arrest Twitler fo "grabbing 'em by the pussy", which is surely worse than mere stalking.
VPN vendors were PureVPN and WANSecurity.
He also used a secure email and Tor but no indication that logs or info was pulled from those.
--For the karma whoring.
Please don't post your sexual fantasies. There are forums where that may be appropriate but this isn't one.
What kind of idiot uses any VPN provider without first going through some intermediary like Tor. Well, fuck, why not just use Tor in the first place?
I'm pretty sure this is what hackers use because more than once my servers have been reconfigured to host Tor, I2P, or Freenet. They haven't seemed to do anything with the server itself, just start these network proxies. What the actual Fuck.
https://torrentfreak.com/vpn-s...
Never heard of these VPN services, but if you stick to VPNs that have been reviewed and tested for privacy over the years they are fine. See above link for good reviews..noticed PUREVPN was never reviewed?
I just looked over PureVPN's site and policies and they make no claim about logging one way or the other. Which means that they log everything.
VPNs are really only ever intended for general purpose anonymity any how. If you are compelled to engage in illegal activity you should be using non-repudiable uplinks and not those you pay for with your credit card then use everyday to log in to your email and the rest of your heavily logged web accounts.
Did this really happen? Or is Megol correct in saying that OP is shitposting?
It was his room mate. With physical access to the machine, if he can not get a key logger in or video tape log ins to capture credentials that idiot deserves everything that's coming to him. Jeez, people like him bring bad name to all evil people.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Most of the damning info came from a laptop, and all the VPNs did was confirm an IP address for his residence was used to connect to one of their IP addresses during the same time frame "someone" logged into both the victim's e-mail account and the abuser's e-mail account -- both from the same VPN address.
PureVPN lists what data it records and states it cooperates with investigations. The only thing I can find that they gave to investigators that wasn't explicitly stated in the TOS was that they gave the origin IP address for the connection. but... the TOS already says they store the name of the person on the account and connection times and bandwidth anyway, so that's pretty damning to begin with if requested by law enforcement.
Basically, Law Enforcement said:
"Hey we have a laptop with evidence that you have a VPN and have accessed both the victim's and the abuser's e-mail addresses. We just checked with the e-mail services and discovered a login to both from a VPN IP address within a short time period."
And the VPN provider upon court order said:
"That user was logged into our service from their residential IP address during that time and was connected to that same VPN IP address (along with many other users). Here's the amount of time they were on our system and the amount of bandwidth they used."
The VPN didn't rat out what site they went to -- but the sites they went to DID keep IP logs.
In short, the VPN service provided exactly what it said it would record and it just happened to correlate nicely with what the detectives found. It's not proof, but it's strong evidence.
Frankly, I'm a little surprised the victim's e-mail service allowed a connection to a VPN IP to begin with. I'm also surprised this moron thought that just because a VPN doesn't record every site you visit that the sites themselves wouldn't be recording every login and IP address along with cookies that might identify his specific hardware and/or tie into a social media profile or the like.
You could roll your own VPN by purchasing a VPS and routing your traffic through it but even that will only give you a little bit more privacy. At some point the data that you send will have to be decrypted in order to be sent out to the internet at large. Authorities can see the point at which the decryption is taking place and trace it back to that end-point IP address. It is a trivial matter to see who the IP address belongs to. The VPS provider could then be issued a subpoena to get your information. The whole VPN thing is really misunderstood. It's really a way to make it harder for an ISP to grab and monetize your browsing data or even a way to protect your identity on an untrusted network.
Special Agent in Charge of the Federal Bureau of Investigation, Boston Field Division. “This kind of behavior is not a prank, and it isn't harmless. He allegedly scared innocent people, and disrupted their daily lives, because he was blinded by his obsession. No one should feel unsafe in their own home, school, or workplace, and the FBI and our law enforcement partners hope today's arrest will deter others from engaging in similar criminal conduct.”
This jerk has degraded the trustworthiness of ALL bomb threat calls, ALL emergency distress calls. As incidents like this increase, as people figure out better ways to hide their tracks, more people will do such things. In the end the police and emergency services will take time to check veracity and trustworthiness of the caller before responding. False alarms will increase cost for all tax payers. Some stalking victims could actually be raped or violated due to such postings.
This guy is evil, he should be punished so severely others don't even fantasize doing such things.
sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
Why are you talking about yourself in the third person? Has that single remaining neuron in your head finally thrown in the towel?
This jerk has degraded the trustworthiness of ALL bomb threat calls, ALL emergency distress calls. As incidents like this increase, as people figure out better ways to hide their tracks, more people will do such things. In the end the police and emergency services will take time to check veracity and trustworthiness of the caller before responding. False alarms will increase cost for all tax payers. Some stalking victims could actually be raped or violated due to such postings.
This guy is evil, he should be punished so severely others don't even fantasize doing such things.
Agreed. And I also think we should prevent certain morons from mocking North Korea on Twitter, too.
AC comments get piped to
Sure you can write disparaging remarks, insult other people anonymously; but the moment you start performing malicious actions causing deliberate targeted harm, that mask can come off mighty fast.
I don't read AC
Adj.
1 almost or nearly as described, but not completely or according to strict definition.
Something doesn't sound quite right about this. From TFA:
The logs showed how within the span of minutes the same VPN IP address had logged into Lin's real Gmail address, another Gmail address used for some of the threats, and a Rover.com account Lin created to discover Smith's real phone number.
Gmail has forced HTTPS since 2014. What are we being asked to believe here?
VPN services are nice if you want to pretend to be in another geographically location, but the claims of security are pure marketing. Incidentally, anybody that cares to find out knows that. And no VPN service that is run commercially can say "no" when the Feds want logs to be recorded and handed to them. Lavabit is an extremely rare exception (and just did anonymous email, not VPN) and it can be seen nicely in their case what happens after such a "no". The CEO is lucky to not end up in prison.
At this time, the only VPN service with actual security is Tor and even there, you anonymity can be compromised by attacks on the client or making mistake while using it. And, of course, a large-scale traffic analysis can break even Tor. The thing with Tor is however, that nobody that can break it will admit so for a mere cyberstalking case. It would have to be something really, really large for anybody to admit that they can compromise Tor itself.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Please don't post your sexual fantasies. There are forums where that may be appropriate but this isn't one.
Those were the sexual fantasies of creimer's trolls. Slashdot has always had a fetish for fat porn.
From the FBI.
PureVPN was later able to link the stalking activity with Lin's home and work IPs .
From PureVPN website.
we do not keep any records of anything that could associate any specific activity to a specific user.
Assume that all VPN's have an share logs.
creimer is doing us a service by sacrificing his well-muscled leg for the trolls to hump.
Well, we know Slashdot banned the spammer shitposting with his Amazon affiliate links. So much for your million-dollar retirement plan, huh fat boy?
This guy was a major asshole. I hope when he gets out, his terms of parole include "never allowed to touch a computer for any reason."
Who fantasizes about a gigantic sexless virgin with a personality disorder (or fifteen)?
You do. Otherwise, you wouldn't be accusing every AC as being Chris.
Well, we know Slashdot banned the spammer shitposting with his Amazon affiliate links. So much for your million-dollar retirement plan, huh fat boy?
That didn't stop ACs from posting affiliate links. Even Slashdot management started putting Amazon ads on the front page. After all, creimer showed the way.
I for one am glad that the VPN chose to cooperate with the FBI. When someone is being victimized it takes all of us to pitch in and help.
And no VPN service that is run commercially can say "no" when the Feds want logs to be recorded and handed to them.
Sure they can. By "feds" I'm assuming you one of America's three letter agencies. The reality is that there are many countries in the world who don't play America's bullshit game.
does your VPN (website, Tor network, etc) hosts child pornography, Islamic State glorification materials, bomb making manuals?
If yes, then the website is private.
I do not believe in karma. "Funny"=-6. Do good and forbid evil. Yours, Oft-Offtopic Flamebaiting Troll.
You are openly violating the rules and terms of Slashdot. You're not welcome. Fuck off and find some other site to spam. Now fuck off.
Not enough caps or bangs but the coloured links ... that's not you is it APK?
Real APK, fake APK, real and fake cdreimer/creimer plus associated trolls snapping round their feet, it's all getting far too complicated. Are there websites which explain this stuff?
Chris,
This is strange, our psychologists have extensively surveyed Slashdot and they came to the conclusion that you were responsible for 99.9% of all affiliate links posted on Slashdot, whether you post as AC or from some of your fake accounts. You are such a miracle poster!
For the valuable /. users that might already have read the following, please note that there is an important update.
IMPORTANT UPDATE:
Special Education for the Santa Clara County Office of Education has invested money to buy Chris a new chair:
http://www.keynamics.com/image...
Information about Christopher Dale Reimer and autistic people:
Autistic people have obsessions about things normal people don't care. For example, one of our autistic patient went haywire when he realized that there was a penny missing in his pocket change.
To calm him down, one of our educator pretended to have found it on the floor and gave a penny to him.
The autistic patient condition went even worse because he realized it wasn't the same penny!
Chris has an obsession with budgeting every penny. He doesn't understand that most people do not budget to the penny and have a flexible amount they allow for miscellaneous items.
I am Nancy Guerrero and I am Director of Special Education for the Santa Clara County Office of Education. We use Chris' (a.k.a. creimer,cdreimer) picture in our document because he is the hardest case we have ever had to handle:
http://www.sccoe.org/depts/stu...
Our artists were inspired by the low carb diet that Christopher follows scrupulously for the small lunch box and by the picture linked below for the rest. I am sure that you will notice the similarities such as the bump on the side of his chest and more:
https://ibb.co/gVad65
Please be easy on Christopher although, I am aware that some of our staff handling Chris post joke comments here and obvoiusly, the Santa Clara County Office of Education disapprove that behavior vehemently:
https://school.discoveryeducat...
But it isn't Chris' fault if he is the way he is. We do the best we can do with him and he is partially integrated into society. We try to cure his abnormal need for attention but he is kind of stubborn and won't listen to anybody.
Thank You dear users,
-Nancy Guerrero
See subject "quagmire" (fake name for your fake life = mud, lol) before I spank your do-nothing dumb ass again https://slashdot.org/comments.pl?sid=10606043&cid=54411703/ - Unbelievable!
* You have the NERVE to even TRY "put down" my work (which 1,000's worldwide like & use) when YOUR LAME "ne'er-do-well" ass never EVER did anything of that caliber...
APK
P.S.=> Go back to the BOG & MUD, "quagmire" (it's where "your kind" belongs - that, or a sewer)... apk
I read TFA for once, and the thing that stood out is that even though he wiped his drive apparently there were "Google Chrome Artifacts" of websites he had visited. What the hell is this?
Also, now that I read TFA it also says that PureVPN did NOT keep logs of what he did online. What happened was that the some PureVPN IP address logged into his gmail and then logged into his stalking email during the same session.
Good luck with that. Sure, in some countries they may just shoot you if you refuse to hand over the logs, but in most countries refusing a court order will get you just under threat of being locked up. This "bullshit game" is played all over the globe.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
The "virtual" thing being referred to is the network (physical link/media access hardware), not the privacy. The "privacy" of the network is real. That data was obtained within the network, which is why they needed service provider participation.
VPN isn't an advertising term. It's been around and in use forever. The fact that someone has productized it doesn't change anything.
Sure, in some countries they may just shoot you if you refuse to hand over the logs
No you misunderstand. Most countries don't give a flying fuck about the USA or USA problems, and especially don't give a flying fuck about the moaning of the USA corporate welfare.
The point of VPN endpoints is to appear somewhere outside the reach of those trying to persecute you. A Chinese person will be just fine using a Ukrainian VPN with a Swedish endpoint to escape from China's watch, regardless of how much is logged. Likewise the USA can't even get basic enforcement against known criminals in other countries, let alone persecute someone using a foreign VPN service with an even more foreign endpoint.
Not every corporation or country is beholden to the not-as-far-reaching-as-you-think eyes of the USA's TLAs. You just need to not commit a crime in the country where your VPN is hosted or end-pointed. That is pretty easy to do. Bonus points if you pick a country that actively hates the one you're trying to avoid.
Well, good luck with that.
Most ACs are not even worth the keystrokes to insult them. Be generically insulted by this and ignored otherwise.
Creimer, it's obvious that it's you
PROTIP: When you call them "russian schoolboys" it sounds like a tell that some overweight gay pedo would make as he sweated though his Acapulco shirt while talking about his overseas ministry work. It's just barely less creepy than when you talked about old engineers going to 3rd world countries to shack up with some "Underage Sweet Thing" and then defended the practice as good for bringing wealth into far off impoverished communities.
A normal person would say "posted CP" or "posted child porn" or something like that. Even though you've told me about your russian schoolboys a dozen times I failed to recognize this as meaning child porn until you said you reported it to the FBI.
The only person I ever see mentioning APK is you. I haven't seen any of his posts on the site in ages. Your "trolls" are yours and yours alone *(If someone yours and yours alone. why not show them how special they are to you with a gift from kay jewelers?)*. I don't like APK or 01001100010101 but you are in fact the only person I want to leave the website. Why? *(Why pay more? See what you COULD be paying with a refi quote from WELLS FARGO)*
Well sure you're annoying but if everyone on the internet acted like you it would be a much much much less enjoyable experience. *(You're special so why wear clothes made for someone else? Tailored suits from men's warehouse will have you looking your best no matter what size and shape you're in. You're going to like the way you look I guarantee it)*
You pretty much sealed your fate on this site when you started trying to monetize your posts. We hate any attempt to monetize anything so badly we've almost let the site go under. If you were a normal person you could just get a new nick but you have way too many tells and other things that "you think are perfectly normal"
Cheers.