Cyberstalker arrested by FBI after VPN provider shared User Logs

Many VPN providers claim that they don’t keep any logs of their customers’ activities and when you set up a subscription, you are trusting that the company is true to its claims. In a recent case, the logging practices of a popular VPN were exposed after the FBI arrested a cyberstalker, apparently thanks to the information obtained from the provider. While the fact that the criminal was caught is good news, the VPN’s reliability has become questionably, particularly since they state that they don’t monitor user activity and that no logs are kept.

Cases like this prompt people to wonder if their VPN can be really trusted. The majority of VPNs claim to offer solid protection against eavesdroppers and they promise to help you to stay anonymous online. The problem is that many of them are not as safe as they want you to believe. Unfortunately, when you select a VPN, there is no immediate way of knowing that their “no logs” claims are to be trusted. While reading reviews and comments from customers can help you to get an idea of how reliable a company is, in the end, you have no choice but to trust that they will live up to their claims.

What happened?

Ryan Lin, from Massachusetts was arrested in a Cyberstalking case after PureVPN, one of the most popular providers in the VPN industry, handed over information to the FBI. The data provided by PureVPN helped the US organization to establish a link between Lin and the alleged cyber crimes. Lin has been accused of stalking and harassing his housemates and former roommates online. In order to avoid detection, 24-year-old Lin used Tor, VPNs and other services. In the course of a year and half, Lin targeted his former housemate Jennifer Smith, after stealing his logging credentials and personal files such as photos from her Google Drive and iCloud accounts.

According to an affidavit released by the FBI, Lin released her personal details and even posted nude photographs without showing her face, but suggesting that they were of Smith. He sent Smith’s private data to her family and colleagues via email. It is also alleged that Lin created fake profiles with Smith’s information on websites focused on sexual encounters and prostitution. The affidavit also mentions that Lin shared Smith’s medical background details that she had kept to herself and he sent images that could be considered as child pornography to her relatives and friends.

Ryam Lin is also accused of using Smith’s identity to make bomb threats to schools and to send death and rape threats to individuals. In one instance, one of her friends called the police. To carry out these actions without being traced, Lin used a variety of privacy tools including Tor, VPNs, ProtonMail and anonymous international text messaging applications.

However, there was one mistake that helped authorities to get to him and that was the fact that he used a work computer in some occasions. Al;though Lin had been fired and the OS had been reinstalled on the device, the FBI was able to recover some forensic evidence from Lin’s work computer. The FBI found evidence in the unallocated space of the system’s hard drive, which referred to bomb threats against local schools. They also found his name on ProtonMail, username for TextNow, which is the anonymous text messaging service he used. They also identified that PureVPN was used during his cyberstalking activities.

How was the case investigated by the FBI

The document from the FBI mentions that information was obtained from PureVPN. The provider helped the FBI with logs that linked Lin to the cyberstalking activities that targeted his former roommate. It was established that the same WANSecurity IP address was used to access Lin’s Gmail account and the teleportfx Gmail account. In the complaint, it is also mentioned that PureVPN could determine that its service was accessed by the same customer from two different IP addresses. The RCN IP address from the place where Lin was living at the time and the software company where he was working.

The fact that PureVPN is one of the leading names in the VPN industry and that this provider based in Hong Kong has a large user-base around the world, has caused concern. Although this is an extreme case and it is likely that regular customers who only use PureVPN to browse the internet securely and bypass restrictions don’t have anything to worry about, it is still disappointing to know that there are reasons to question the commitment of PureVPN to privacy. Of course, it is good that criminals like Lin are not getting away with their actions. Also, PureVPN only claims that no activity logs are kept and in this case, it seems like it was the IP address what helped investigators to make a connection to identify Lin, who faces up to 5 years in prison if found guilty. Still, it is worth to take a moment to think about how much can you trust your VPN’s no logs claims.