" No logs " EarthVPN user arrested after police finds logs

[SSJ]

Slightly more interesting than the Harvard Hoax Bomb threat this shows what can happen when you rely on a VPN as your only OPSEC mechanism.
The operative (a 16yr high school kid) wanted to avoid school, so he sent in a bomb threat using a “no logs” VPN service… with a server located in the same country he resides in (effectively reducing it to a local proxy). The police seized the server used by the VPN service (they claim there were no logs to recover from there); but they also (apparently) seized the traffic logs of the data centre hosting the VPN server.
With the logs of the traffic to the data centre, rather than the logs of the VPN service, they were able to identify the operative. Simple traffic analysis would allow them to correlate the connection from the operative’s house to the VPN service. From there, it was no doubt a matter of simple police work, the most likely suspects being those with the motive to disrupt the target (i.e. the kid who goes to that school is more likely to be the operative than an international connection).
Lessons Learned:

1. A VPN is not an anonymity enabling service, it is a privacy enabling service. They are different. Don’t get them confused or you’ll make a fatal error.
2. Traffic analysis is a powerful capability. Do whatever you can to compromise its utility to the adversary. Originate your actions from a connection that is not associated directly with you. Operate during peak hours when your traffic will be masked by other people’s — “go with the flow, blend in” (Moscow Rules).
3. Law enforcement officials have resources to devote to solving crime. One of those resources is time. Optimise your OPSEC practices to exhaust the time resources of your adversary. Don’t make it easy for them. “Wars are won by logistics”.
4. Police work is not limited to the realm of technical possibility and plausible deniability. If you are the most likely suspect, they will question and interrogate you. You will, most likely, fail to survive this interrogation. Interrogators use: isolation, fear and rapport. Unless you are trained to handle these tactics, you will confess. Do not become the most likely suspect. Keep to the crowds.

A final reminder: DO NOT use a VPN for anonymity!


Hacker Tradecraft : "€œNo logs" EarthVPN user arrested after police finds logs

 

[Rox]

I only have two feelings after reading this:

:rofl: and :facepalm:

 

[msk19994]

I Am Sexy And I Know It
And That Kid Was Stupid U Know It

 

[Spartan]

Height Of Stupidity :facepalm:

 

[smartboy]

poor kid

so guys will search for anonymous no log datacenter, but it's impossible..lolz

 

[blkhtr007]

VPN's are only part of an anonymous solution.

1. Internet connection that can't be traced to you
2. VPN A - Set in a different country and no logs
3. Tor
4. VPN B set in another country and no logs
5. Proxy in yet another country.

Also don't do anything high attention and you will pretty much be 100% anonymous on the internet.

 

[thongus]

You can't hide if you get Big Brother on your back, unlimited resources & the power to find you no matter how much you try to mask yourself.. Stay under the radar & blend in..

 

[Mostarac]

LOL i used it before and they spam my email with invoice, use this Buy VPN with High speed! Anonymous USA VPN China VPN UK VPN physical VPN locations and is located offshore (real privacy and no logs).

 

[infoman]

I still use a vpn...better to be safe than really sorry

 

[Mostarac]

what a scamers

We are happy to announce that we have upgraded our network infrastructure to 114 locations worldwide.Now we offer multiple routing optimized servers for P2P and also routing optimized servers for the same location as well as new city locations.We are planning to expand to 52 Countries in 2014, new country and location suggestions are welcomed !

You can use our speedtest application via below link to check which locations are performing best for you while VPN is not connected.Then you can try connecting to best performing locations with different vpn protocols , PPTP, L2TP, SSTP and OpenVPN with different TCP and UDP ports in order to optimize your speed.You can use our VPN client software or setup manually following our setup tutorials for different VPN protocols.

EarthVPN New Locations​

​

• Rome, Italy
• Lausanne, Switzerland
• Pune, India
• Jurong, Singapore
• Chai Chee, Singapore
• Changi, Singapore
• Pioneer Walk, Singapore
• Wanchai, Hong Kong
• Kowloon, Hong Kong
• Tsuen Wan, Hong Kong

 

[JoomlaZ]

IMO so what is the big deal now, a vpn service with no logs it claimed but got caught and seized with logs or an idiot kid who relied on vpn and sent a BOMB THREAT to avoid SCHOOL lmfao where the world is going :p

 

[blkhtr007]

It wasn't the vpn service that got caught with logs it was the data center, and even if the data center didn't keep logs the ISP(s) that provide service to the data center keeps logs as well.

 

[filenuke]

They probably all keep logs but say they don't. Even in the thread on lowendbox.com in the second page the kid said his lawyer told him they got the logs from PPTPd. No vpn is gonna save your ass and risk getting fucked just over your $10 a month subscription.

 

[Yashraj]

This is damn scrwed up. This just shows how unprofessional the VPN company is. They need to take adequate steps to ensure that there is no way to trace back the user. And damn the kid, he should know better then to send a bomb threat

 

[jure12]

The best VPN (for me) is: "ibVPN".

All the best!

 

[Djlatino]

Solution: get a vpn switcher.

Simple.

 

[inject0r]

thanks, gonna use that next time I send spam

 

[DDoS-Host]

Solution: get a vpn switcher.

Simple.

mmmmm... a VPN switcher... Sounds good.

 

[ravim]

That's why I use no-ip.com on my RDP which I bought from a Pakistani guy.