Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI

An anonymous reader writes: "VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity," writes Bleeping Computer, "but a recent criminal case shows that at least some do store user activity logs." According to the FBI, VPN providers played a key role in identifying an aggressive cyberstalker by providing detailed logs to authorities, even if they claimed in their privacy policies that they don't. The suspect is a 24-year-old man that hacked his roommate, published her private journal, made sexually explicit collages, sent threats to schools in the victim's name, and registered accounts on adult portals, sending men to the victim's house...
FBI agents also obtained Google records on their suspect, according to a 29-page affidavit which, ironically, includes the text of one of his tweets warning people that VPN providers do in fact keep activity logs. "If they can limit your connections or track bandwidth usage, they keep logs."

Re:Get a VPN they said ...

[AmiMoJo]

It also forces the security services to actively target you and expend some extra effort to get your data.

In some countries, e.g. the UK, ISPs are required to log and hand over such data pretty much on demand to the police, and of course you have outfits like GCHQ and the NSA doing mass surveillance.

A VPN increases to cost to spy on you from nearly zero to something that will discourage casual snooping and a lot of abuse. It's not perfect but it's a useful line of defence.

Misleading

[Ramze]

Most of the damning info came from a laptop, and all the VPNs did was confirm an IP address for his residence was used to connect to one of their IP addresses during the same time frame "someone" logged into both the victim's e-mail account and the abuser's e-mail account -- both from the same VPN address.

PureVPN lists what data it records and states it cooperates with investigations. The only thing I can find that they gave to investigators that wasn't explicitly stated in the TOS was that they gave the origin IP address for the connection. but... the TOS already says they store the name of the person on the account and connection times and bandwidth anyway, so that's pretty damning to begin with if requested by law enforcement.

Basically, Law Enforcement said:

"Hey we have a laptop with evidence that you have a VPN and have accessed both the victim's and the abuser's e-mail addresses. We just checked with the e-mail services and discovered a login to both from a VPN IP address within a short time period."

And the VPN provider upon court order said:

"That user was logged into our service from their residential IP address during that time and was connected to that same VPN IP address (along with many other users). Here's the amount of time they were on our system and the amount of bandwidth they used."

The VPN didn't rat out what site they went to -- but the sites they went to DID keep IP logs.

In short, the VPN service provided exactly what it said it would record and it just happened to correlate nicely with what the detectives found. It's not proof, but it's strong evidence.

Frankly, I'm a little surprised the victim's e-mail service allowed a connection to a VPN IP to begin with. I'm also surprised this moron thought that just because a VPN doesn't record every site you visit that the sites themselves wouldn't be recording every login and IP address along with cookies that might identify his specific hardware and/or tie into a social media profile or the like.