HMA VPN user arrested after IP handed over to the FBI

Cody Andrew Kretsinger, a 23 year old from Phoenix, Arizona (USA) is now facing 15 years in prison after being arrested by the FBI, an alleged member of malicious hacker group LulzSec in which he used the moniker “recursion”, he is believed to be involved in the hacking of Sony Pictures Entertainment servers using a SQL injection to obtain confidential information and post it on the Internet, British based Hide My Ass VPN  handed over his home IP on receiving a court order, according to the indictment Cody Kretsinger Hide My Ass VPN username was “recursion“, the same nickname he used in the hacking group, allegedly he also completely wiped clean his computer hard disk after hacking Sony Pictures.

On a side note, for LulzSec to launch a denial of service attack against the UK Serious Organised Crime Agency (SOCA) website and use a British based VPN service does not come across as the kind of idea that the brightest candle in the shop would have.

All VPNs keep connection logs 

Anyone believing a VPN can be used for criminal activities and get away with it, is living in cuckoo land, all VPNs keep logs, if they didn’t they would not be in business for long, law enforcement or their dedicated server provider would shut down their business, you need to cover your ass and so do VPN companies, legally VPNs do not have to keep any logs but if a VPN is continuously used to commit crimes and they do not take any action to stop it they could be the ones facing court, HMA can track you down if you break the law.

It is a common misconception that when a VPN claims “we do not keep logs” people assume they can not be tracked down, many users do not realize that there is no need for a VPN to know what sites they visit to track them down, all a VPN needs to protect their own ass is to know the user’s connection and disconnection time, for example if user A has been using IP 1.2.3.4 on Monday 25th Sept. at midnight and a company or LEA claims that IP 1.2.3.4 was used to carry out an illegal action on Monday 25th at midnight, all that the VPN needs to do is to look up who was using the IP at the time, the logs detailing the user bad deeds can be taken by the company owning the server where the hacking/posting occurred.

What a law enforcement agency, aka LEA, can not do is to pursue a VPN company and ask them what websites have been visited by user A, VPNs do not normally keep that data, it is impossible for the FBI to go on a  fishing expedition asking for a user Internet activities hoping to find something illegal, if the FBI asks for a VPN company logs, they already have evidence that a crime was committed otherwise no subpoena could be issued.

The next time you see a VPN claiming that they do not keep logs, always assume they are talking about visited websites logs, connection logs, the ones used to track you down, are always created on the VPN otherwise it wouldn’t work, privacy is a matter of how long do they keep connection logs for, in HMA VPN case, this can be found in their tiny terms and conditions, it used to be one week, then they changed it to 30 days (without notifying users of this change), then it changed a second time (without notifying users once again) and now it is at 30 days connections logs but do not be surprised if tomorrow this changes without notifying anyone like it has been done in the past.

Note: If you are looking for a Hide My Ass VPN alternative that does not keep logs might want to try VPN4ALL.