Alleged cyberstalker unmasked by VPN logs

A Massachusetts man was arrested on cyberstalking charges after the online activities he tried to hide through VPN use were revealed by logs provided by PureVPN.

cyberstalker unmasked PureVPN

“It is alleged that [24-year-old Ryan Lin] engaged in an extensive, multi-faceted campaign of computer hacking and cyberstalking that began in April 2016 and continued until the date of his arrest, against a 24-year-old female victim, her family, friends and institutions associated with her. Lin, the victim’s former roommate, allegedly hacked into the victim’s online accounts and devices, stealing private photographs, personally identifiable information, and private diary entries that contained highly sensitive details about her medical, psychological and sexual history. It is alleged that Lin then distributed the victim’s private photographs and diary entries to hundreds of others,” states the press release announcing his arrest.

“Lin allegedly created and posted fraudulent online profiles in the victim’s name (with her photographs and home address) and solicited rape fantasies, including ‘gang bang’ and other sexual activities, which in turn caused men to show up at her home. In addition, it is alleged that Lin falsely and repeatedly reported to law enforcement that there were bombs at the victim’s Waltham residence. Lin also allegedly created a false social media profile in the name of the victim’s roommate in Waltham and posted that he was going to ‘shoot up’ a school in a nearby town. These threats were part of a larger pattern of threats to local schools and other institutions in her community.”

The case was first investigated by the Waltham Police, but later the FBI took over.

Use of anonymizing tool and services

According to the FBI affidavit, Lin allegedly used anonymizing services and other online tools to avoid attribution, but law enforcement managed to tie him to his criminal online activities after they’ve had the chance to examine his work computer.

Even though he had been let go from the firm and the OS on the computer had been reinstalled, the FBI managed to find some artefacts on it that showed that Lin used anonymous texting service TextNow, encrypted email service Proton Mail, PureVPN, and Gmail.

From Lin’s Google account, the feds extracted screenshots of his iPhone, which showed he used a number of apps for anonymous texting, emailing, and apps that provide temporary, anonymously assigned telephone numbers. Postings on his Twitter account indicate that he knew that he had to use anonymizing services and VPNs to remain anonymous.

He also set up a number of email accounts to open bogus online accounts he used to harass the woman.

PureVPN was able to determine that one of these email accounts and Lin’s main Gmail account were accessed from the same customer from two originating IP addresses, which were those assigned to his home and the software company where Lin was employed at the time.

Despite the prominent claim that the company does not keep logs that “can identify or help in monitoring a user’s activity,” PureVPN says in its privacy policy that they will share specific information about specific activity (if they have it) “with authorities having valid subpoenas, warrants, other legal documents or with alleged victims having clear proof of any such activity.”