Real Life or Horror Movie? How VPN Logs Helped FBI Unmask a Cyberstalking Suspect


We often turn to proxy and VPN services for protecting our identities online. But are these products actually hiding your late night searches? Perhaps not. Criminals increasingly use these anonymizing services to hide their tracks, however, a recent arrest, while creating questions about the authenticity of VPN services, could also help in deterring similar heinous criminal activities.

The Federal Bureau of Investigation (FBI) was able to track down a vicious internet stalker using logs provided by paid VPN services. In an announcement, the US Department of Justice said that the arrest of Ryan Lin, a 24-year-old from Massachusetts, was possible thanks to VPN logs provided by PureVPN. He was arrested on charges of cyberstalking a former roommate and harassing her family, her employers, friends, and her community.

NVIDIA May Have Understated Crypto Revenue By More Than A Billion Dollars

"Those who think they can use the Internet to terrorize people and hide behind the anonymity of the net and outwit law enforcement should think again," Acting Assistant Attorney General Kenneth A. Blanco of the DoJ's Criminal Division said.

"The Department of Justice will be relentless in its efforts to identify, arrest, prosecute, and punish the perpetrators of these horrendous acts and seek justice on behalf of their victims."

Bomb threats, doxing, harassment - a cyberstalking campaign right out of Hollywood's horror genre

The complaint filed against Lin in the Massachusetts District Court reveals that he stalked his former roommate (referred to as Jennifer Smith in court documents to protect her identity), who said the abusive online campaign against her began soon after Lin moved in and continued even after she had moved out two months later.

The charges against Lin include doxing, posting intimate photos suggesting they were Smith's, sending "images that likely constitute child pornography” to her family and friends, among others. Private information, including Smith's birth date, address, phone numbers, and passwords of accounts repeatedly showed up online. Lin is also alleged to have made a series of false police reports, sending anonymous tips of bombs and drugs at Smith's residence.

Smith's unprotected MacBook carried a document containing all her passwords

The affidavit reveals that Smith had a document on her laptop (which wasn't password protected) that carried passwords to all her accounts, including iCloud which was later used by Lin to steal her private pictures.

To cover his tracks, Lin used various privacy services, including Tor, anonymized international texting services, overseas encrypted email services, and VPN services. But what made it relatively easy for the FBI to track him down was his work computer that he had used for some of his cyberstalking campaign.

Intel Q4 2018 Quarterly Earnings: Record EPS, Net Income And Full Year Revenue But Missed Q1 Guidance

After being terminated from work, his employers had reinstalled Windows to have the system reassigned to a new employee. However, FBI was able to follow the crumbs left by Lin, including the following:

The logs from PureVPN and footprints left on his work computer helped the agents prove that it was indeed Lin who had been targeting Smith, her colleagues, friends, and her family with a year-long harassment campaign. The logs showed that the same VPN IP address that had logged into Lin's Gmail account was used to log into another account that was used for making threats against her. PureVPN was also able to link the stalking campaign with Lin's home and work IPs.

In its affidavit, the FBI has shared how Lin had ironically tweeted about VPN services keeping logs.

"There is no such thing as VPN that doesn't keep logs. If they can limit your connections or track bandwidth usage, they keep logs."

Investigators further became sure that Lin was the one behind this campaign after they were able to connect him to a Rover account that was used to get Smith's new phone number. Lin had signed up on Rover using the name "Ashley Piano" where Smith was offering pet sitting services. Using Rover, Lin was able to get Smith's new number since she had changed her previous one after being harassed.

"As alleged, Mr. Lin orchestrated an extensive, multi-faceted campaign of computer hacking and online harassment that caused a huge amount of angst, alarm, and unnecessary expenditure of limited law enforcement resources," Harold H Shaw, FBI Special Agent in Charge of the FBI Boston Field Division, said.

"This kind of behavior is not a prank, and it isn’t harmless."

FBI agent who oversaw the campaign added that "no one should feel unsafe in their own home, school, or workplace, and the FBI and our law enforcement partners hope today’s arrest will deter others from engaging in similar criminal conduct".

Lin faces up to five years in prison and up to three years of supervised release.