Torrent sites have been well-known for facilitating illegal downloading of movies, music, literature and software for some time now. Kick Ass Torrents (KAT) is one such website that has in recent times stolen the crown from The Pirate Bay, as the most popular with the largest number of unique visitors each day.
The site has however received a major setback with the arrest of its alleged owner by US authorities.
Artem Vaulin, the alleged owner from Ukraine, was arrested in Poland in late July. The most interesting aspect of the arrest is the role that Apple and Facebook played.
Vaulin was arrested on the grounds of suspicion of reproducing and distributing copyrighted content worth approximately $1 billion and has been charged with conspiracy to commit money laundering. The authorities believe that he has been distributing and reproducing the content for more than eight years.
Details that led to his arrest are rather shocking. Events leading to his arrest all started when an agent from Internal Revenue Service purchased advertising on the site whilst posing as a business owner.
The US authorities discovered that an email address associated with the domain of Kickass torrents was also associated with a Facebook account. Apple later provided the authorities with records that show the purchasing activities of Vaulin on iTunes from an email address @me.com.
The information provided by Apple revealed that the IP address of the user logging into Apple iTunes, was the same IP address that logged into the official KAT Facebook Fanpage.
Police were also able to track Bitcoin donations to a San Francisco-based Bitcoin exchange company by the name Coinbase. Coinbase also released information that showed that the KAT Bitcoin Donation Address sent Bitcoins to an account at Coinbase that belonged to Artem Vaulin. The account also used firstname.lastname@example.org as its backup email address.
To add to the woes of KAT the court also granted the seizing of its domain names and one of Kickass torrents bank accounts.
Vaulin had put every effort to avoid the long arm of the law by having several servers in different countries and frequently changed his domain names. He also had bank accounts in Latvia and Estonia.
The seizing of the domain KAT.com and .tv by Verisign is expected to happen soon. There are, however, other domain names such as KAT.cr for which warrants for seizure have not yet been given. It is believed that under the MLAT treaty, the warrants will be released soon.
Some of the proxies remain operational. However, it is questionable how long KAT can continue to avoid authorities.
This is a reminder to cybercriminals that spreading infrastructure and financial resources across numerous jurisdictions to avoid authority is becoming increasingly difficult – due to the ever-increasing cooperation between countries’ law enforcement agencies and companies.
Companies such as Apple and Facebook are only legally compelled to provide details of users’ online activities to authorities if the police either have a subpoena or a warrant. However, according to Facebook’s guidelines police can request information on a person’s account without a warrant if there is “imminent harm to a child or risk of death or serious physical injury to any person and requiring disclosure of information without delay.