Data Security, Network Security

Tech Companies Assist the FBI in Criminal Takedown

By Katherine Teitler

I’ll be there

After last winter’s frosty standoff, Apple and Facebook are now making headlines for being in cahoots with the FBI. For a few years, the bureau has been tracking Kickass Torrents, a very popular file sharing site, and trying to link illegal reproduction and distribution of online media, including movies, TV shows, music, and video games. 

It was the apparent site owner’s use of Facebook and Apple—an email address and iTunes—that eventually led the FBI to file a criminal complaint and make an arrest for copyright infringement and money laundering. The two tech companies reportedly had no problem handing over information on a suspected individual when asked since doing so didn’t put the companies’ other users at risk (as is the argument in the encryption battle). It also shows, fairly clearly, that it’s not tech companies vs. law enforcement, “all or nothing” when it comes to apprehending criminals.

You and I must make a pact

In the Kickass Torrents (KAT) case, the alleged site owner, Artem Vaulin, a 30 year old Ukrainian national, was a little sloppy with his online usage, leaving behind a trial of digital breadcrumbs for the DHS to find. The formal investigation began in November 2015 when an undercover IRS Special Agent with Homeland Security Investigations sent a request to KAT through [email protected], the email address listed on the torrent site for press inquiries (even dubious operations can be media-savvy). The agent also sent a private message to a KAT forum admin, which was answered from the email address [email protected], and a later email exchange resulted in a reply from [email protected]. During these communications, the agent posed as a potential advertiser wanting to list an advertisement on the torrent site. KAT’s site admins helped facilitate the transaction. After receiving instructions on where to send payment—a Latvian-based account in the name of “GA Star Trading Ltd.”—and explicit instructions to “please make sure you don’t mention KAT anywhere,” the phony ad was posted.  

The various email correspondences with KAT personnel helped unearth more email addresses, showing that site administrators frequently changed domains; seven different domains were specifically identified. One of the email addresses and corresponding domain led agents to the “official.KAT.fanclub” page on Facebook, on which several helpful hints appeared, including notices about the vacillating domains (some of which stemmed from successful copyright infringement cases in the UK, Ireland, Italy, Denmark, Belgium, and Malaysia, among others, after which ISPs in those countries were ordered to block internet access to KAT). Having found this information, agents brought a warrant to Facebook, which handed over gobs of log data, revealing that whomever was acting as the Facebook fan page admin was using the Apple email address, [email protected].

We must bring salvation back

Apple complied with a served search warrant which allowed the agent to subsequently find—coincidentally, ironically, or stupidly, you pick—that Vaulin used [email protected] to not only conduct Kickass’s business, but also execute a fully legitimate purchase on iTunes (no one has yet to report on the suspect’s musical tastes). Vaulin either didn’t know or didn’t care that every iTunes purchase triggers a record of the buyer’s IP address. Unfortunately for Vaulin, the IP address used to purchase music was the same one used to login to KAT’s Facebook page, and was connected to alerts from Kickass Torrent’s admin account.

Much more juicy evidence is included in the 52 page affidavit that led to Vaulin’s arrest.

I’ll reach out my hand to you

A few lessons can be learned from this case: 1) Some criminals, even when they’re in the business of tech, aren’t very tech-savvy, 2) Don’t mess with Apple when it comes to digital media revenue, and 3) Anyone trying to pit tech companies as “bad guys” who want to thwart law enforcement efforts needs to take a closer look and examine multiple aspects. It’s not good enough to present one side of the story and claim that’s the entire book. Yes, the encryption debate is more convoluted and, itself, includes many facets, but the media hype painting tech companies as aiding and abetting criminals is just hype. While Apple did have a monetary stake at taking down Kickass Torrents, both Apple and Facebook (the latter’s revenue model only loosely depends on media and file sharing) were perfectly compliant with all requests; they helped catch a criminal who caused estimated damages of more than $1 billion to media and entertainment companies around the globe. That’s pretty kickass helpful, if you ask me.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.