How Apple and Facebook helped to bust the world’s biggest torrent site, KickassTorrents
KickassTorrents (KAT), one of the most popular websites for illegal file sharing was shut down after the alleged 30-year-old Ukranian owner and operator, Artem “Tirm” Vaulin was arrested in Poland on Wednesday at the behest of the U.S. government. The U.S. authorities also seized seven of the site’s domains, all of which are now offline.
Vaulin has been charged for criminal copyright infringement and money laundering. He has also been accused of illegally reproducing and distributing hundreds of millions of copies of movies, video games, TV shows and music albums totalling more than $1 billion. The U.S. is now waiting to extradite him.
So, what led to the downfall of KickassTorrents? Apparently, it turns out that a couple of purchases on iTunes and email helped to bring down the mastermind behind KickassTorrents. It is also said Apple and Facebook were among the companies that handed over data to the U.S.
The U.S. Department of Homeland Security initially exposed information about Vaulin by tracing the IP addresses used to host the KickassTorrents domains, according to a 48-page criminal complaint (PDF) filed with the U.S. District Court in Chicago.
That led investigators to a Canadian ISP (Internet service provider), which turned over server data that disclosed numerous files, including emails and user information about KickassTorrents’ operators.
Not only was he operating a KickasssTorrents Facebook page, but was doing so with a personal email address.
How personal? It was a ‘@me.com’ address, which is owned by Apple (and is the forerunner to @icloud.com). The account was used to make iTunes purchases from two IP addresses — both of which also accessed a Facebook account promoting KickassTorrents.
His email was discovered when authorities sent Facebook a warrant for information having to do with the site’s page. For example, Facebook handed over IP-address logs from the KAT fanpage to the U.S. authorities. From there, the U.S. Government turned to Apple. They were then able to cross-reference this with an IP-address Vaulin used for an iTunes transaction.
“Records provided by Apple showed that firstname.lastname@example.org conducted an iTunes transaction using IP Address 220.127.116.11 on or about July 31, 2015. The same IP Address was used on the same day to login into the KAT Facebook Account,” Homeland Security Investigations (HSI) agent Jared Der-Yeghiayan said. His IP addresses linked to KAT’s Facebook page was also used to access Vaulin’s Coinbase account, suggesting that the Bitcoin wallet also assisted in the investigation.
By handing over user data to the government, Apple and Facebook were acting within the legal limits, and probably there was nothing about the government’s requests that raised any red flags. It is just a normal routine.
The fact that Vaulin was using a single, personal email address for so many features and services is absurd. To just have one single email linked to something as personal as your Apple ID, which is directly applicable to you is just unbelievably unwise. This is likely going to seal his fate.
While KickassTorrents itself is dead, a clone of the file-sharing site has already appeared online, which may shut down shortly. Whether KickassTorrents or Vaulin will make a Pirate Bay-style comeback, only time will tell.