VPN providers often advertise their products as a method of surfing the web anonymously, claiming they never store logs of user activity, but a recent criminal case shows that at least some, do store user activity logs.
The case in question is of Ryan Lin, a 24-year-old man from Newton, Massachusetts, arrested on Thursday, October 5, on charges of cyberstalking.
According to an FBI affidavit published by the US Department of Justice, Lin is accused of harassing and cyberstalking an unnamed 24-year-old woman — referred to under the generic name of Jennifer Smith — between April 2016 and up until his arrest.
The two met after Lin answered a Craigslist ad and moved in with Smith and her two other roommates. The FBI says that soon after Lin moved in with Smith, she was the victim of multiple hacking, harassing, and cyberstalking incidents.
Investigators believe that Lin got access to passwords of some of Smith's online profiles because Smith didn't have a lock on her room door, and didn't password-protect her computer.
Authorities say that Lin allegedly accessed Smit's Apple iCloud account from where he downloaded personal photos, and also her Google Drive account from where he took her private journal.
According to the affidavit, Lin is the prime suspect behind a multi-faceted and unyielding harassment campaign that spanned months. In no particular order, below are some of the FBI's accusations:
Smith told authorities the abusive behavior began soon after Lin moved in, and continued even if she moved out two months later, scared by his actions.
Lin's abusive behavior was then redirected to the other two roommates, and following complaints to the landlord and police, Lin was kicked out from the shared apartment in August 2016. The cyberstalking and harassing behavior continued, again, mainly directed at Smith.
For all of these actions, the suspect used ProtonMail, VPN clients, and Tor to hide his identity. After local police investigated all the victim's complaints for almost a year, they called in the FBI to help.
The FBI found their first evidence at one of Lin's former employers. The company had reinstalled Lin's work computer after he left, but the FBI was able to find various artifacts in the hard drive's unallocated disk space. Evidence includes:
Yet, the most conclusive evidence came after the FBI managed to obtain logs from two VPN providers — PureVPN and WANSecurity.
Ironically, FBI agents also found tweets in which Lin was warning other users that VPN providers store activity logs, advice he didn't follow himself.
Investigators became sure they identified the right man after they interviewed some of Lin's past classmates, who recounted a similar pattern of harassment and cyberstalking from a man they described as a computer "genius."
"As alleged, Mr. Lin orchestrated an extensive, multi-faceted campaign of computer hacking and online harassment that caused a huge amount of angst, alarm, and unnecessary expenditure of limited law enforcement resources," said FBI Special Agent in Charge Shaw.
"This kind of behavior is not a prank, and it isn’t harmless. He allegedly scared innocent people, and disrupted their daily lives, because he was blinded by his obsession," the agent added. "No one should feel unsafe in their own home, school, or workplace, and the FBI and our law enforcement partners hope today’s arrest will deter others from engaging in similar criminal conduct."