As Wired and Ars Technica have reported, Artem Vaulin was recently arrested for being the Kickass Torrents founder. There was lots of noise because KAT was stealing imaginary profit from movie companies, or something like that. In any case, what’s really interesting when such a thing happens, is how exactly he was identified; what was his mistake.
Though Wired and Ars Technica provide some information about his mistakes, it appears to differ, so let’s better read the actual complaint.
The Investigation
As one may think, somebody who owns a large torrent tracker should be extremely careful, sometimes even paranoid, since their actions make big companies unhappy. By not preventing users from using their service, they are being an accomplice in the unspeakable crime of file sharing.
Then there should be a fatal slip, where they get identified by a writing style, or by a small piece of information that accidently leaks to a server accessible by a law enforcement agency, or sold by a person they’ve trusted, or timing of their actions allowed to trace the packets to their ISP… well, nothing of that sort has taken place this time.
One day, using KAT, HSI special agents found, downloaded, and watched the following movies: Batman V Superman: Dawn of Justice, Captain America: Civil War, Central Intelligence, Deadpool, Finding Dory, Independence Day: Resurgence, Teenage Mutant Ninja Turtles: Out of the Shadows, X-Men Apocalypse, and Now You See Me 2. Apparently they liked the movies very much, concluded that those should cost at least a million dollars combined. Since Homeland Security had nothing better to do, they’ve opened an investigation.
A special agent, extensively using his or her training and experience, based on which he or she knows great many things, found the following subtle clues:
- KAT “people” page mentioned at least the owner’s nickname, which was also used for personal mail addresses, when real name wasn’t used (in addresses themselves; was still filled everywhere).
- KAT servers didn’t use any disk encryption, easily providing bits of identifying information and helpful evidence.
- A fake company was used as a front, with a LinkedIn presence, with real names and photos.
- Payments went through regular banks, with records available to the investigator.
- Public whois data of a KAT domain registered to Vaulin, with his phone number and address.
- Other KAT domains on the same GoDaddy account.
- Vaulin’s personal mailboxes on public mail services (Apple’s in particular), with unencrypted KAT-related letters, tons of private information filled, Vaulin’s passport, driver’s license, personal banking information.
- A Coinbase account for KAT donations, with real name, address, and that Apple email filled.
- Logs of access to the KAT facebook account from the same IP as to the Apple account with the mailbox that contained all the private information, as well as from the same IP that was used to access the Coinbase account.
That’s when special agent UC-1, by putting it all together, started becoming suspicious of Vaulin: “he might be involved into KAT!”, thought the agent. Further investigation and additional clues added to the suspicion, and Vaulin, despite all his security measures, was finally captured in Poland.
Though it’s not clear how exactly Artem was captured, but judging by his overall secrecy and preparation, one may guess how hard it was: he probably was running naked around a police station and screaming, so the authorities had to besiege the city, as well as to bring a couple of helicopters and a tank, while Poland was targeted by nuclear missiles as a plan B, yet was saved in the last moment, and the villian was finally captured. UC-1 rode a Harley into the sunset, got a promotion, and lived happily ever after.
Aftermath
Wired and Ars Technica call Artem an “alleged founder”, for it’s still to be proved in court. Indeed, perhaps the only way for all this to make sense is if it’ll turn out that Vaulin’s identity has been stolen and used for years by an actual founder, who is not mentally challenged. Yet it is likely that Vaulin will face a big sentence to learn how it feels when your property gets “illegaly shared”, getting an owner of his own instead of being one.
This is a lesson to us all: think twice before stealing priceless masterpieces.
As usual, random officials make bullshit statements.