VPN logs helped expose man’s cyberstalking campaign against former roommate, claims FBI

PureVPN reportedly assisted law enforcement in identifying suspect.

David bisson
David Bisson

VPN logs helped expose man's cyberstalking campaign against former roommate, claims FBI

Law enforcement has arrested a man for having waged an “extensive, multi-faceted” cyberstalking campaign against his former roommate for more than a year.

On 6 October 2017, the U.S. Attorney’s Office for the District of Massachusetts announced the arrest of 24-year-old Ryan S. Lin of Newton. Lin is accused of harassing and stalking Jennifer Smith, a 24-year-old woman with whom he used to live.

Beginning in April 2016, Lin allegedly took it upon himself to make Smith suffer through a living hell. Among other things, he reportedly created a collage of sexually-themed photographs that appear to involve Smith and sent them to hundreds of people, including her roommates, co-workers, and 13-year-old sister. He is also said to have sent child abuse images to Smith’s family.

Sign up to our free newsletter.
Security news, advice, and tips.

Not only that, but Lin allegedly also doxxed Smith (including her passwords), posed as Smith on sexual encounter websites, and sent messages threatening to blow up local schools.

Needless to say, Waltham Police Chief Keith D. MacPherson was pleased to bring Lin to justice. As quoted in a statement released by the U.S. Attorney’s Office:

“I want to thank the Waltham Police Detectives and the FBI Investigators who worked so diligently to bring this party to justice. I also want to thank the Superintendent and the Waltham School Department for their efforts working in conjunction with law enforcement.  I also want to recognize the Waltham Police Department Safety Officer and the School Resource Officers for their hard work ensuring the safety of our school children and faculty.  This has been a lengthy and complex investigation involving many agencies and remains ongoing.  We appreciate the patience and understanding of those in our community who were affected by these criminal acts and thank those who have allowed us to work towards the best result possible in our attempts to put an end to these disruptions.”

Police arrived on Lin’s doorstep after connecting threats and harassing statements he had made to Smith in person with what the young woman reported to have experienced online.

The FBI has since analyzed Lin’s work computer, which he used for some of his targeted activities, and claims to have found several bits of incriminating evidence, including “artifacts” of bomb threats made to local schools, an artifact showing that someone with the username “RLin” had used an anonymous texting service called TextNow, and his use of PureVPN.

PurevpnLogs collected by PureVPN show that someone accessed two of Lin’s email accounts from the same WANSecurity IP address. Meaning? It’s not looking good for Lin.

If convicted, Lin could spend five years in prison and the subsequent three years on supervised release.

There’s something else to note here, too: PureVPN’s records helped the FBI build a case for Lin’s arrest.

That’s not to say all VPNs share their user logs with law enforcement on a regular basis. (PureVPN’s privacy policy makes it clear that it does so only under the presence of valid legal documents.) But it does go to show that a VPN can’t save you if you’re up to no good and if law enforcement is aware of your activities.

I can only hope that individuals considering cyberstalking another person read this story and reconsider their plans. One way or another, you would get caught. Even more poignantly, causing another person that much pain won’t fill whatever void with which you’re grappling. No matter how many people you might hurt, you’ll feel no better afterwards. You’ll probably feel a hell of a lot worse once you find yourself behind bars for several years.

So please realize that now and deal with those issues… before it’s too late.

David Bisson is an infosec news junkie and security journalist. He works as Contributing Editor for Graham Cluley Security News and Associate Editor for Tripwire's "The State of Security" blog.

5 comments on “VPN logs helped expose man’s cyberstalking campaign against former roommate, claims FBI”

  1. Jim

    WELL…. I know what VPN I'll never get within throwing distance of..

  2. Alex

    This is a case of mixed emotions. Like the glee of watching your worst enemy drive over the edge a cliff…. in your brand new car…..

    What Lin did is wrong on so many levels that he deserves no sympathy. However, for betrayal of customer trust, PureVPN deserves to lose every customer it has and no sympathy wasted there either.

    So Lin, I hope you rot in jail for awhile. But boo sucks to you, PureVPN. I hope you're out of business in a month.

    Looks like it's time to check out Proton Mail's VPN service. At least they have no obligation to turn logs over at any other nation's request.

    1. Sajo · in reply to Alex

      Actually, they do. A request from the court of Geneva and some other place(I don't remember, but it's somewhere on their website) can compel them to turn off any info.

  3. DR-L

    Only five years? Really?

  4. IanH

    (I too think Lin richly deserves his 5 year sentence.) But this is very interesting indeed and raises some questions, because PureVPN is HK-based and HK is not under US jurisdiction.
    1) So this is perhaps a case of the FBI being able to demand access to PureVPN's US servers?
    2) Is it also a case of PureVPN making the mistake of having user information to hand over?
    For me it is interesting because I use blackVPN, which is also HK based and which claims not to keep any info to be able to hand over.
    Obviously as a UK citizen I rarely use UK VPN servers for my activities – which are entirely legal and ethical (because the UK is now has mass-surveillance to rival China's), but it would be interesting to understand the answers to the 2 questions above.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.