Ξ welcome to cryptostorm's member forums ~ you don't have to be a cryptostorm member to post here Ξ
∞ take a peek at our legendary cryptostorm_is twitter feed if you're into that kind of thing ∞
Ξ we're rolling out voodoo network security across cryptostorm - big things happening, indeed! Ξ
Ξ any OpenVPN configs found on the forum are likely outdated. For the latest, visit GitHub Ξ

PureVPN keeping logs

Industry news items concerning VPNs, darknets, crypto, surveillance and secure computing.

Topic Author
alarm

PureVPN keeping logs

Postby alarm » Wed Oct 11, 2017 1:29 pm

Cyberstalking Suspect Arrested After VPN Providers Shared Logs With the FBI

VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity, but a recent criminal case shows that at least some, do store user activity logs.

Image

The case in question is of Ryan Lin, a 24-year-old man from Newton, Massachusetts, arrested on Thursday, October 5, on charges of cyberstalking.

According to an FBI affidavit published by the US Department of Justice, Lin is accused of harassing and cyberstalking an unnamed 24-year-old woman — referred to under the generic name of Jennifer Smith — between April 2016 and up until his arrest.
http://www.documentcloud.org/documents/ ... davit.html


https://www.bleepingcomputer.com/news/s ... h-the-fbi/

http://wccftech.com/cyberstalking-suspe ... -vpn-logs/

we need a comment from cryptostorm on this
Attachments
PureVPN.png


Topic Author
fgaff

Re: PureVPN keeping logs

Postby fgaff » Fri Oct 13, 2017 4:13 pm

Drexel University.. ho-hum.. where have I seen that before xD

No vpn provider can help those who do not Tor-over-VPN.
More so when the word "Protonmail" and "former employer's IT assets" are also mentioned.

The debate on the ''actual vs claimed'' privacy behind any vpn is premature as the affidavit also indicates several other suspects still at large.

Perhaps others will be brought in and charged later - and over more glaring opsec miscalculations.

My best bet is nobody wants ProtonVPN to also be singled out as another possible source of the cooperation with authorities. So only PureVPN took the fall (this time).

afaik, if the token model works there should be no easy way to correlate traffic to a particular entry IP.


Topic Author
gg

Re: PureVPN keeping logs

Postby gg » Fri Oct 13, 2017 4:38 pm

https://www.goldenfrog.com/blog/purevpn ... aims-false

amazing misdirection.

THEY SOUND AND OPERATE LIKE PROTONMAIL OMFG

xD


Topic Author
gargoyle

Re: PureVPN keeping logs

Postby gargoyle » Fri Oct 13, 2017 10:48 pm

"Investigators believe that the accused got access to passwords of some of Smith's online profiles because Smith didn't have a lock on her room door, and didn't password-protect her computer."

"The affidavit reveals that Smith had a document on her laptop (which wasn’t password protected) that carried passwords to all her accounts, including iCloud which was later used by accused to steal her private pictures."

Let us also cringe at what 'Jennifer Smith' perhaps failed to practice out of ignorance or complacency :

1. Absence of FDE of storage

2. No passwords, if any, to protect OS logon, and no documented use of password managers (which can have some measure of brute-force resistance given a good choice of passphrase)

3. No physical control over ''sensitive'' equipment (Anyone could have tampered or accessed the equipment belonging to Jennifer).

4. Minimal to zero utilization of GPG/ GnuPG to protect sensitive stuff. (if no FDE was used, the very least was having such documents GnuPG protected)


TBH, anyone this ''CLUELESS'' is an equally-likely victim of the same scale of harm/ harassment should a complete stranger (with malicious intent) gain access to her room and belongings / or even worse to have cloned her data, tampered stuff, added some cute key-loggers etc. Heck, I'd stuff some dope inside her Macbook xD coz she is this ''pleb'' for a Mac user.

As it is, the breach was done offline.

Slick, but the guy got burned and rightly has to serve time.

Also, two VPN providers snitched and not just the one mentioned in the above OP.

User avatar

parityboy
Site Admin
Posts: 1091
Joined: Wed Feb 05, 2014 3:47 am

Re: PureVPN keeping logs

Postby parityboy » Sat Oct 14, 2017 9:32 pm

gg wrote:https://www.goldenfrog.com/blog/purevpn-no-log-claims-false

amazing misdirection.

THEY SOUND AND OPERATE LIKE PROTONMAIL OMFG

xD


So exactly how was the FBI (working with PureVPN) able to ascertain these details? The answer is simple – PureVPN logs, and their logs tell a story. The logs revealed how within the span of minutes, the same VPN IP address had logged into Lin’s real Gmail address, another Gmail address used for some of the threats, and a Rover.com account Lin created. PureVPN was later able to link the activity with Lin’s home and work IPs – which would have been impossible if they did not have any logs.


err...what? So PureVPN's logs show one of their customers logging into to an email service that PureVPN do not own and have no access to? Riiiiigght...


Return to “crypto, VPN & security news”

Who is online

Users browsing this forum: No registered users and 8 guests

Login