We reported last week on Lulzsec hacker Cody Kretsinger, aka ‘Recursion' who could be spending up to 15 years in jail. An interesting twist in the case came to light, in that UK company HideMyAss passed over his IP address to the Feds.
A report on news site Thinq shows that Kretsinger used HideMyAss to hide his IP address. The company issued a blog post on the matter and said.
“We have received concerns by users that our VPN service was utilized by a member or members of the hacktivist group ‘lulzsec’. Lulzsec have been ALLEGEDLY been responsible for a number of high profile cases.
- The hacking of the Sony Playstation network which compromised the names, passwords, e-mail addresses, home addresses and dates of birth of thousands of people.
- The DDOS attack which knocked the British governments SOCA (Serious Organised Crime Agency) and other government websites offline.
- The release of various sensitive and confidential information from companies such as AT&T, Viacom, Disney, EMI, NBC Universal, and AOL.
- Gaining access to NATO servers and releasing documents regarding the communication and information services (CIS) in Kosovo.
- The defacement of British newspaper websites The Sun & The Times.
- The hacking of 77 law enforcement sheriff websites.”
They then received a court order and subsequently passed over the information to law enforcement agencies.
“At a later date it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases. As stated in our terms of service and privacy policy our service is not to be used for illegal activity, and as a legitimate company we will cooperate with law enforcement if we receive a court order (equivalent of a subpoena in the US).
Our VPN service and VPN services in general are not designed to be used to commit illegal activity. It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences. This includes certain hardcore privacy services which claim you will never be identified, these types of services that do not cooperate are more likely to have their entire VPN network monitored and tapped by law enforcement, thus affecting all legitimate customers.”
It would appear that law enforcement agencies used the information from HideMyAss to locate Kretsinger.
KitGuru says: The moral of the story is, if you are using companies to hide your IP to commit illegal activities then be sure to read the small print.
Hm. Sucks for the guy, but since he was being an amateur…. Anyway, biggest loss here is Hide My Ass. I’m guessing a portion of their clientele won’t be refreshing their Subscription after this.
And not just the ones that might/might not be part of LulzSec. If they do it for LulzSec they can hand over an IP for someone who’s doing something as simple as “Copyright Infringement.”
Too bad for them really, and their accusations that VPNs who don’t collaborate with the Government have their entire Network under Surveillance is total bullshit. If any one of those companies is based outside of the US, its automatically outside of US Law Enforcement Jurisdiction, so tapping them would be Illegal for any US Law Enforcement Agency at all. And even within the US, it would be illegal for them to be tapped without a Warrant, since Warrant-less Wiretapping was ruled Un-Constitutional.
So yeah…. Fail statement. Although, I doubt the NSA really gives a shit. Not that they don’t have more important things to waste their budget on though anyway.
@HideMyAss
time for the Rapidshare effect.
Well, not really a surprise… I guess they are very cooperative with the authorities because they don’t want to bring too much attention, which is understandable, from a business point of view.