How Apple and Facebook Helped To Take Down KickassTorrents

Reader itwbennett writes (edited): Artem Vaulin, the alleged owner of the torrent directory service KickassTorrents, was arrested in Poland earlier this week, charged with copyright infringement and money laundering. As we dig deeper as to what exactly happened, it turns out Apple and Facebook were among the companies that handed over data to the U.S. in its investigation. Department of Homeland Security investigators traced IP addresses associated with KickassTorrents domains to a Canadian ISP, which turned over server data, including emails. At some point, investigators noticed that Vaulin had an Apple email account that was used to make iTunes purchases from two IP addresses -- both of which also accessed a Facebook account promoting KickassTorrents.if you're wondering where exactly iTunes came into play, here's a further explanation. It all started in November 2015, when an undercover IRS Special Agent reached out to a KickassTorrents representative about hosting an advertisement on the site. An agreement was made and the ad, which purportedly advertised a program to study in the United States, was to be placed on individual torrent listings for $300 per day. When it finally went live on March 14th 2016, a link appeared underneath the torrent download buttons for five days. Sure it was a short campaign, but it was enough to link KAT to a Latvian bank account, one that received $31 million in deposits -- mainly from advertising payments -- between August 2015 and March 2016. Upon further investigation of the email accounts, and corresponding reverse lookups, it was found that the account holder had made a purchase on iTunes.

Re: If this is true...

[fliptw]

Remember Al Capone got done in by not paying his taxes.

Re:

[Hognoxious]

I legitimately wanted to know if there was any way for Mr Capone to have not been put away for tax evasion, that did not immediately give the feds all the info they needed to put him away for another reason.

Of course. Funnel his ill-gotten gains through a bunch of legitimate businesses, i.e. money laundering.

Re:

[Nehmo]

Multiple accounts with new advertisers going into a new account each quarter that he doesn't touch the funds of for 2 years. At the end of the two years they get folded into one of his primary accounts, of which he'd want at least 3. Any legit pocket money purchases like fucking iTunes come out of a sub-$5000 account.

Does that period of time, 2 years, have any basis? Or is it just a period you think would be long enough to let the money cool off?

Re:

[known_coward_69]

yeah, all he had to do was make the site free to use with no advertising and not make any money off it

Re:

[angel'o'sphere]

Perhaps you should read copyright law?
Money has absolutely nothing to do wether there is an infringement or not.
Otherwise everyone had allhis books, videos and music as a free download on his web page. Facepalm.

Re:

[JackieBrown]

Perhaps you should read copyright law?
Money has absolutely nothing to do wether there is an infringement or not.

I think you missed the poster's point. The guy was tracked and found by the ads.

Re:

[angel'o'sphere]

But that was not the point he wanted to make.

He basically claimed if the guy had run his torrents add free and made no money it would not be a copyright infringement. At least that is how I understood it.

Re:If this is true...

[GameboyRMH]

More seriously, he made a large number of enormous mistakes, here are the biggest:

1. Looks like his real name was on the goddamn hosting for KAT. Perfect job for an anonymous shell company held by a Russian lawyer, but instead he left a business card on a neat little stand at the crime scene.

2. Not separating his real name completely from his identity as KAT admin OR his casual pseudonym. He should've created a completely new identity for the KAT admin that doesn't touch any others with a 30-foot pole.

3. Apparently he thought Canada was a good place to host the servers safe from the reach of US lawmen. Such a US-unfriendly place this is, that he felt confident storing incriminating info on the server for some reason.

4. Insufficient money laundering. He even could've accepted ad payments in Bitcoin. Really, he put less effort into laundering criminal proceeds than your average 1%er puts into not paying taxes.

5. Being on Facebook never helps.

In short, he was running this operation almost completely in the open, relying only on the assumption that he couldn't be extradited and the obfuscation of naming the company Cryptoneat instead of KickassTorrents Inc. to keep his ass out of prison. Ross "You'll take payment in Bitcoin without a second thought, Mr. Mob Boss? Seems Legit." Ulbricht looks like a genius in comparison.

Re:

[jdavidb]

Insufficient money laundering. He even could've accepted ad payments in Bitcoin. Really, he put less effort into laundering criminal proceeds than your average 1%er puts into not paying taxes.

He was a complete nerd and had to look up "money laundering" in a dictionary.

Re:

[Nehmo]

He was a complete nerd and had to look up "money laundering" in a dictionary.

There's a coin laundry right by my house! I can't believe this goes on right in front of everybody!

Re:

[Nehmo]

More seriously, he made a large number of enormous mistakes, here are the biggest:

1. Looks like his real name was on the goddamn hosting for KAT. Perfect job for an anonymous shell company held by a Russian lawyer, but instead he left a business card on a neat little stand at the crime scene.

2. Not separating his real name completely from his identity as KAT admin OR his casual pseudonym. He should've created a completely new identity for the KAT admin that doesn't touch any others with a 30-foot pole.

3. Apparently he thought Canada was a good place to host the servers safe from the reach of US lawmen. Such a US-unfriendly place this is, that he felt confident storing incriminating info on the server for some reason.

4. Insufficient money laundering. He even could've accepted ad payments in Bitcoin. Really, he put less effort into laundering criminal proceeds than your average 1%er puts into not paying taxes.

5. Being on Facebook never helps.

In short, he was running this operation almost completely in the open, relying only on the assumption that he couldn't be extradited and the obfuscation of naming the company Cryptoneat instead of KickassTorrents Inc. to keep his ass out of prison. Ross "You'll take payment in Bitcoin without a second thought, Mr. Mob Boss? Seems Legit." Ulbricht looks like a genius in comparison.

So, his real sin was being ignorant. Remember that, gang. Do your crimes in such a way so that you won't be embarased on /. post arrest.

I don't know if they actually 'helped'

[trawg]

The article doesn't seem to say it, but it looks like Apple and Facebook probably just replied to standard (presumably well-formed) requests from law enforcement to hand over information about a suspect in a criminal copyright case.

Regardless of how you feel about criminal copyright as a thing (and if this bloke was making $31m in your months it's hard to think of him as a brave fighter for copyright reform :), if this is what happened then at least I feel ok about it. He wasn't caught in a massive dragnet that invaded the piracy of millions; it was a targeted search done lawfully with due process.

There might be more info in the full complaint but it's a bit much reading for me so I'll make do with this somewhat inflammatory headline and my uninformed opinion!

Re:I don't know if they actually 'helped'

[ColdWetDog]

There might be more info in the full complaint but it's a bit much reading for me so I'll make do with this somewhat inflammatory headline and my uninformed opinion!

Classic Slashdot.

And people complain about how this site has changed.

Re: I don't know if they actually 'helped'

[Anonymous Coward]

Why does Apple even record the IP address of iTunes purchases. Data mining.

Re: I don't know if they actually 'helped'

[Timothy Hartman]

Fraud.

Re:

[Falos]

Why WOULDN'T everyone record everything? Every possibly loggable metric in your service, software, app, whatever.

Even if the data isn't useful, even if you haven't (yet) hired analytics to "leverage further growth", you scoop everything up and dump it in a box.

I'm not here to say it's malicious or even a bad thing, I'm here to make it clear that expecting otherwise is naive at best. "It's just good business."

Jurisdiction

[Luthair]

If the servers operated outside the US, and the owner lived outside the US, how does the USA think they have jurisdiction to charge him? Are all American companies subject to laws in every other country as their websites are accessible to users in those countries?

Re:

[Anonymous Coward]

"in need". The Polish people should be furious about this.

Re:

[JackieBrown]

No. Obama would never tell Poland how it should run its country.

Oh shit
"We now have a continuous presence of U.S. troops in Poland with our aviation detachment at Lask Air Base...
I recognized that Parliament is working on legislation to take important steps, but more needs to be done.”"

http://www.nytimes.com/2016/07... [nytimes.com]

Re:

[Anonymous Coward]

yep it's called extradition treaties and they've been doing it for years. Team America: World Police

Re:Jurisdiction

[Frosty Piss]

it's called extradition treaties and they've been doing it for years. Team America: World Police

Many countries have such treaties, not just the United States, and not just with the United States.

Re:

[Luthair]

Typically with extradition you've committed crimes in that country. It seems to be one of the flaws with the agreements that the person has limited avenues for appeal within their residing country.

Re:

[fustakrakich]

The entire globe is subject to US law. That thing in Ireland was just a small glitch. That judge will be dispatched post haste.

Re:

[Luthair]

Apparently this guy was not in the US, didn't use a US bank, and had a .cr domain (czech?). Sounds more like the american investigator was doing business in eastern Europe.

Re:

[Megol]

The servers didn't for at least a period of time. And that's all it takes.

Happens All The Time

[Frosty Piss]

American companies are sued all the time in other countries. For example, Brizillian authorities arrested Google's top executive in Brazil after officials said he violated the South American country's election law when he didn't take down online videos that allegedly slandered a political candidate.

So, it's not just the United States, and indeed it happens quite often all over the world.

Re:Happens All The Time

[Nemyst]

Keyword: "top executive in Brazil." They didn't go fetch Larry Page in his cozy home in the US to make him face justice in Brazil, and the US would've laughed at their face if they asked for that.

Re:

[thegarbz]

They didn't have to. In large multi-national companies with local presence the most effective means of punishment is on a local level. Attempting to prove that Larry Page, was directly in control would be borderline impossible so it's a waste of effort.

The buck stops somewhere, and for most things it's rarely the top level unless there was a massive global case to answer for.

Re:Happens All The Time

[swb]

But presumably the Brazilian Google exec was just that -- a Brazilian living and working in Brazil, and presumably under the jurisdiction of their justice system (no matter how non-local the video hosting was).

What I as an American find kind of unappealing is the jurisdictional claims that US law enforcement makes against a foreign national living in a foreign country whose actions took place in a foreign country and only tangentially involved the US, like the guy happened to have a dollar bill in his pocket at the time, so therefore all US laws apply.

I think it's serious overreach and it makes me wonder how safe I am from the reverse situation, some foreign prosecutor who decides that because I said "boo" on the Internet and it breaks some law in Fuckedupistan that they should get to prosecute me.

Re:

[Frosty Piss]

But presumably the Brazilian Google exec was just that -- a Brazilian living and working in Brazil, and presumably under the jurisdiction of their justice system (no matter how non-local the video hosting was).

Are you saying that I, an American citizen am not under the jurisdiction of the Brizilian justice system when in Brazil?

Re:

[sjames]

He's saying that you as an American citizen who is not in Brazil are not under the jurisdiction of Brazilian justice system.

Re:

[drinkypoo]

I think it's serious overreach and it makes me wonder how safe I am from the reverse situation, some foreign prosecutor who decides that because I said "boo" on the Internet and it breaks some law in Fuckedupistan that they should get to prosecute me.

That's not really a realistic concern as long as the US is the big swinging dick in the room. We get everyone else to extradite to us because we have both military and economic might. We're the world's biggest arms dealers, too, so we have all kinds of leverage.

Re:

[Ramze]

Mostly because it's over the internet, and the charges were for conspiracy. If any party of the conspiracy is within the jurisdiction, they can charge the whole group or any member of the group and extradite as long as there are treaties to allow it. Also, if they're facilitating a crime within the USA and/or people within the USA have access to the website, it's under Federal jurisdiction because the internet is a forum for national and international commerce. It's possible if KAT had blocked all acces

Re:

[JustAnotherOldGuy]

I don't know about companies, but from the other perspective Americans are in fact subject to some laws in other countries. I know that some countries have laws regarding fish and wildlife that you can actually run afoul of without ever setting foot outside the US.

https://www.fws.gov/internatio... [fws.gov]

You can buy things in the US which are technically prohibited from trade or sale in other countries, and if caught here you'll face penalties based on the laws in those countries. It's very convoluted to say the le

Nope

[ArchieBunker]

The dumbass had a server located in the USA. Read the fucking article.

Re:

[Actually, I do RTFA]

(1) Copyright laws are governed by treaties, extradition and otherwise.

(2, and more importantly) He took $300 in the US. That payment was the "doing business in the US" required for extradition. That's also how those FIFA officials got picked up.

(3) Yes, US companies are usually subject to laws in countries where they have offices or do business. See also, the EU's right to be forgotten/Google; India's net neutrality/FaceBook; The great firewall payments/Apple; Irish Tax laws/All.

iTunes purchase?

[andy1307]

The guy running the torrent site is buying stuff on iTunes?

Re:iTunes purchase?

[wasteoid]

I guess he faithfully follows the "if you enjoy it, support the creators" mantra.

Re:iTunes purchase?

[pz]

The guy running the torrent site is buying stuff on iTunes?

Yes, I get the irony of that question. But a better question is why does the guy who is running a company that is seriously illegal in the eyes of interests who have deep pockets not have absolute separation between his personal and corporate activity? He used the same IP address? Really? Isn't he smarter than that? Isn't he (rightfully) paranoid about every single action in his daily life?

Re:

[thegarbz]

He used the same IP address? Really?

It may surprise you but a large portion of criminals or people attempting to hide activity which may be considered criminal by some are caught on technicalities, stupidities, or outright mistakes.

It only takes one.

Re:

[Anonymous Coward]

do they not have prepaid itunes cards in europe?

Re:iTunes purchase?

[jandrese]

There have been studies that show that people who pirate also happen to buy the most music. It seems crazy, but really they are the people most interested in music so it's maybe not so surprising.

Re:

[Actually, I do RTFA]

The also have a strong desire to own, not rent, content. Or, better phrased to match the legality - have copies of, not stream, content. People who don't just have Spotify accounts.

Irony

[DarthVain]

That was my 2nd thought. Really, the guy that runs KAT has an iTunes account and thought that was a good idea? He had to know that Apple would be one of the main groups gunning for him. Kinda ballsy, or stupid.

My first thought was what "Canadian ISP" gave up his personal information? We are supposed to have strong privacy laws in Canada, what exactly happened here? A Canadian ISP would be legally obligated if given a Canadian Warrant, not an American one. The US (RIAA/MPAA) has in the past repeatedly tried

Re:

[fishwallop]

The ISP appears to be these guys [netelligent.ca]

Re:

[DarthVain]

Montreal eh? Somehow I find that less surprising than most answers that could have been...

Though as an ISP they're more of a business/corporate solution than personal/individual. Probably used the guise of a company or something I guess. As far as their network goes, "BELL" is the only thing I would recognize as a personal ISP and even then it is likely their B2B type function.

Anyway it seems a lot less exciting than if it was actually something most people might know or even use commonly as an ISP. So not

Re:Irony

[DarthVain]

For those not willing to sort though the links/doc:

Name of the Canadian ISP seems intentionally omitted, as it is repeatedly referred to only as that (Canadian ISP).

As to the details, it is really only referred to as a "request" and doesn't really get into exactly what information was used. I suspect most of what is in the criminal compliant (up to that particular point), which is quite long and you'd probably have to be a lawyer to figure if that was adequate justification or not. Below is the quote from the 48 page document:

On or about April 12, 2016, in response to a Mutual Legal Assistance
Treaty request to the Central Authority of Canada, the Royal Canadian Mounted
Police received the business records and made a forensic image of the original hard
drives associated with the KAT Canadian IP Addresses. Thereafter, those records
and forensic images were turned over to HSI.

Would still like to know exactly which ISP was involved regardless. Was it one of the big guys like Bell or Rogers, or one of the small independents? Privacy (or lack thereof) works both ways I suppose as one could probably do an FOI request to actually find out...

The IRS ?

[gosand]

I went so far as to look into the IRS Criminal Investigation manual, and I will admit it was a challenge to take it all in. But I found it quite curious that the IRS were the ones who initiated this investigation. (see page 21 of https://www.justice.gov/usao-ndil/file/877591/download [justice.gov]) Not much more is said about it, but I have to question why was the IRS investigating a torrent site? Is it because someone running it may have been in the US, and may have been profiting from it? That is the only thing

Re:

[BitterOak]

I went so far as to look into the IRS Criminal Investigation manual, and I will admit it was a challenge to take it all in. But I found it quite curious that the IRS were the ones who initiated this investigation. (see page 21 of [justice.gov] https://www.justice.gov/usao-n... [justice.gov] ) Not much more is said about it, but I have to question why was the IRS investigating a torrent site? Is it because someone running it may have been in the US, and may have been profiting from it? That is the only thing I can think of, but that leads to all kinds of other questions.

Apparently one of the charges against him is money laundering and that falls under the purview of the IRS. Remember, they put Al Capone away for tax evasion.

Re:

[gosand]

But why was the IRS involved in catching him? Because I am pretty sure there were no charges until after this investigation.
And Al Capone was a US Citizen, in the US.

Re:

[Actually, I do RTFA]

It's a lot easier to give someone $300 in the US, and see they launder it/don't report it, than detecting any other crime.

But apple will not help the FBI unlock phones

[Joe_Dragon]

But apple will not help the FBI unlock phones

Re:

[cdrudge]

I would imagine the difference here is that Apple didn't have to unlock anything, decrypt anything, or write utilities to bypass existing protections to look up an email or IP addresses for a iTunes transaction.

Re:

[gnasher719]

Apple isn't supposed to be able to read what's on your phone. But Apple is very much supposed to be able to access information about purchases made on their store.

Re:

[Joe_Dragon]

They just wanted software to turn off the auto wipe and let an ext keyboard punch in codes

Re:

[clonehappy]

It had fuck all to do with the IRS, either, considering this guy wasn't a US citizen. He wasn't even Polish, he was a Ukrainian living in Poland.

As to why the US government is involved at all, if you don't know the answer to that then you just haven't been paying attention.

Re:

[jratcliffe]

It had fuck all to do with the IRS, either, considering this guy wasn't a US citizen. He wasn't even Polish, he was a Ukrainian living in Poland.

As to why the US government is involved at all, if you don't know the answer to that then you just haven't been paying attention.

1. Non-US citizens can violate US tax laws.
2. You'd really have to be "not paying attention" to know that countries routinely attempt to extradite and prosecute people for committing violations of the prosecuting country's law.

Re:

[clonehappy]

Give me a fucking break. He had no assets in the United States, was not operating a company in the United States, seems to have had no ties to the United States.

And by your definition, a Mexican citizen who commits murder in Mexico should be extradited and tried under US laws? Explain that to me, please, I'll be waiting there, friendly.

Re:

[jratcliffe]

And by your definition, a Mexican citizen who commits murder in Mexico should be extradited and tried under US laws?

1. He's charged with infringing on the copyrights of US entities, so the victims are Americans. If you mastermind a bank robbery in NYC, but do it from Poland, you can still be charged in the US and extradited (the converse is true as well, of course).
2. He took ad revenue from US entities, creating another link to the US, (and the grounds for the money laundering charge, I believe).
3. He's not actually charged with violating US tax laws - I believe the IRS involvement is primarily that their investigators

Re:

[clonehappy]

So, let me get this straight:

2. Selling ads == money laundering.
3. He's not violating tax laws, yet the IRS is still involved.
4. Purchasing email services from a US provider somehow makes you subject to all laws of the United States?

You're really grasping at straws, here.

As for 1...I agree that his service enabled users of that service to infringe on the copyrights of US entities, but are those copyrights valid in Poland or Ukraine? Do the laws of those countries spell out the punishment for copyright in

Re:

[gnasher719]

Give me a fucking break. He had no assets in the United States, was not operating a company in the United States, seems to have had no ties to the United States.

He was selling to people in the United States and made money from that. There's your connection.

More Globalist US Government Overreach

[clonehappy]

Don't think we have a Global Government? Think Again!! You can run a site that's perfectly legal in the jurisdiction in which you operate it, make money off it which is perfectly legal in the jurisdiction in which it operates, not even be a US Citizen, or even a citizen of the country you reside in, but the friendly US Government will still come kick your door down and cart you off to the inner empire to a kangaroo court where you'll be railroaded into pleading guilty to charges you have no chance of fighting against.

I mean if the United States INTERNAL Revenue Service can investigate a Ukranian citizen living in Poland for "conspiracy" to launder money, does any nation on this planet, save Iran or North Korea, really have any sovereignty from the United States?

Apple and FB didn't "Help"

[jjn1056]

Apple and Facebook were served with warrants that required them to turn over the information. They did not. This isn't 'help', its just following the law.

enemies of Free Culture

[jmcvetta]

Facebook and Apple are notorious enemies of Free Culture, and they acted accordingly. This is not surprising.

What law was broken?

[real gumby]

I have read the complaint and the seem to be charging him with not getting permission to link to a file and for putting ads on his site, neither of which is, as far as I know, a crime in any jurisdiction. Which might explain why he didn't try to "hide his tracks" -- why should he? Oh yes, they do say he "stole" over a billion dollars, but that's like saying High TImes sold billions of dollars worth of pot. They don't claim he actually receieved any of this mythical billion, which makes "stole" hard to un

KickAss used to follow the DMCA

[zedaroca]

They used to remove content when receiving DMCA letters from supposed copyright holders, just like google.
It seems (to me) that the reason why he was not hiding much is that he was complying with DMCA.
This means that:
1. the Department of Homeland Security is part of the copyright police, as is the IRS (these are new for me - used to think it was just the FBI);
2. complying with the DMCA won't save you from trouble;
3. they will make up charges to get you extradited and harsher punishment (money laundering???)