VPN Use Did Not Hide Cyber Abuser Who Is Now Charged With Federal Crime

Back in 2013 when I was bombarded with vile, harassing comments sent to my other blog through proxy IP addresses, I learned that those sites are hosted by companies that provide server computers.

I also learned that although some promise that those using the proxy IP address service will not be traceable, that is not true.  Users enter the site through an IP address that is generally the one provided by their internet service provider.  Law enforcement has authority to obtain the logs that provide online fingerprints.

This case is similar where a man assumed that his use of VPN’s would hide him online as he went about violating laws.

(Boston, Ma 100617) Courtroom sketch of Ryan Lin (center) and his attorney Francis Doran (R), in the Moakley Federal Court House. Judge is David Hennessy. October 6, 2017 Sketch by Jane Flavell Collins

Ryan Lin of Massachusetts used VPN services, an encrypted email service and Tor to conceal his identity.  He hacked into his targeted victim’s email account and sent emails to others, which is called “spoofing”.  Through spoofing email, he also made bomb threats to local schools.

Documents by authorities use the name “Smith” in reference to the target victim  to keep her identity anonymous.  For over a year, local police investigated Smith’s crimes.  Then they called in the FBI for assistance. The trail of evidence led to Ryan Lin.

Ryan Lin rented a room in a house with Smith and her roommates.  Subsequently, he gained access to Smith’s personal devices.  Smith did not have a lock on her door and did not password protect her computer.  According to Smith, Lin was such a bad roommate that she moved out two months after Lin moved in.

The FBI got a hold of Lin’s old work computer.  Google Chrome artifacts detailed that it was Lin who sent bomb threats against local schools and that Lin was using VPN’s on his work computer.

According to an FBI criminal complaint and accompanying affidavit published by the U.S. Department of Justice, 24 year-old Ryan Lin is accused of harassing and cyber-stalking Smith.  He carried out his dirty work between April 2016 and his arrest on October 5, 2017.

According to the criminal complaint, Lin has been charged with violation of 18 U.S.C. Sec. 2261A(2)(B).  That is the federal stalking statute.

The 29 page criminal complaint and accompanying affidavit alleges that Lin, directly and indirectly, engaged in an extensive, multi-faceted campaign of computer hacking, online harassment, and privacy intrusions against Smith, her family, friends, and institutions and individuals associated with her.

The affidavit accompanying the criminal complaint says that between March and May of 2017, Smith was doxed.  Several people associated with her were also doxed, and their personal information was posted online. While identifying Lin as the primary operative, conduct after the Spring of 2017 might not have been done by Lin, but by someone who obtained the personal information that Lin posted, or someone who did so at Lin’s direction.  The probable cause falls on Lin since he originated the course of conduct.

Lin also allegedly sent Smith’s private journal to others that detailed her past medical, psychological and sexual history.  He spoofed the journal, making it appear like Smith emailed it to her friends, relatives and associates.

Prosecutors allege Lin sent threatening messages to the victim, her family, friends and other associates, encouraging the victim to kill herself and threatening to rape and/or kill her and her friends.

The most conclusive evidence came from logs obtained from PureVPN and WANSecurity; two VPN providers used by Lin. The logs disclosed that Lin, within minutes of conducting a spate of abuse, logged into his Gmail address, another Gmail account used for the same threats, and an account on a pet-sitting service which he used to discover Smith’s phone number. PureVPN was also able to link some abusive activities with Lin’s home and work IPs.

Lin also had a Twitter account where he wrote about using VPN’s.

According to the affidavit, several times Lin attempted to reconnect with Smith by using Facebook.  At the same time, he continued to conduct harassment elsewhere.

Harold H. Shaw is Special Agent in Charge of the FBI’s Boston Field Division.   He said:

“As alleged, Mr. Lin orchestrated an extensive, multi-faceted campaign of computer hacking and online harassment that caused a huge amount of angst, alarm, and unnecessary expenditure of limited law enforcement resources”.

The agent added:

“This kind of behavior is not a prank, and it isn’t harmless.  He allegedly scared innocent people, and disrupted their daily lives, because he was blinded by his obsession. No one should feel unsafe in their own home, school, or workplace, and the FBI and our law enforcement partners hope today’s arrest will deter others from engaging in similar criminal conduct.”

Assistant Attorney General Kenneth A. Blanco of the Justice Department’s Criminal Division had the following to say;

“Those who think they can use the Internet to terrorize people and hide behind the anonymity of the net and outwit law enforcement should think again.  The Department of Justice will be relentless in its efforts to identify, arrest, prosecute, and punish the perpetrators of these horrendous acts and seek justice on behalf of their victims.”

If convicted, Lin faces up to 5 years in prison and up to three years of supervised release.




This entry was posted in Cases, Cyber Abuse and tagged , , , , , , . Bookmark the permalink.

1 Response to VPN Use Did Not Hide Cyber Abuser Who Is Now Charged With Federal Crime

Comments are closed.