Here’s how using Facebook and Apple easily brought down KickassTorrents

Bradley Wint
Jul 22, 2016 2:17am AST
Photo: Unknown

When running a massive torrent website, using sites like Facebook and Apple (among many others) can be a deadly mistake.

If you haven’t heard by now, the U.S. Government arrested Artem Vaulin, KickassTorrent’s alleged owner, after tracing back his social media usage on Facebook.

They first identified two email addresses, “email hidden; JavaScript is required” and “email hidden; JavaScript is required”.

Vaulin used “email hidden; JavaScript is required” to make a few iTunes purchases, which resulted in his IP address being logged along the way.

As the address belongs to Apple, the company was required to fork up login data (and they did so without any hesitation), providing login access dates, times, and IP addresses (among other relevant information)

The link was then made when they discovered that Vaulin was running a Facebook page, which he occasionally used to post updates about the website.

Records provided by Apple showed that email hidden; JavaScript is required conducted an iTunes transaction using IP Address on or about July 31, 2015. The same IP Address was used on the same day to login into the KAT Facebook Account. Then, on or about December 9, 2015, email hidden; JavaScript is required used IP Address to conduct another iTunes transaction. The same IP Address was logged as accessing the KAT Facebook Account on or about December 4, 2015.

They continued monitoring his Apple email address, which he used quite often to receive website based bug reports like the one below.

On or about June 23, 2010, Vaulin received an alert with the subject line, “[KickassTorrents – Bug#159] (Resolved)  Create post page for blogs.”

The email identified a task which “Artem Vaulin” authored and stated:

Issue #159 has been updated by [Individual A].
-Status changed from New to Resolved
-Assigned to changed from [Individual A] to [Individual B]
-% Done changed from 0 to 100
In revision 6741

Feature #159: Create post page for blogs
-Author: Artem Vaulin
-Status: Resolved
-Priority: Normal
-Assigned to: [Individual B]
-Target version: Sprint 2

Using emails from his Apple-based account, they were able to find a Coinbase Bitcoin account which he used to collect donations via the website.

After the feds sifted through Coinbase records, they were able to discover that the website’s donation account was owned by Artem Vaulin in Kharkov, Ukraine. His Apple address was also set as a backup for recovery purposes.

IP addressed used to access the Facebook page were also linked to those in a number of Bitcoin transactions, which stacked even more evidence against Vaulin.

Based on the DOJ report, it’s safe to say that Vaulin was reckless and careless when it came to privacy. While his website was big, it’s still always a huge risk to use services like Facebook, Google, Twitter, and Apple (among many others) when it comes to site related activities.

Try Modern is a blog about the latest tech, finance, lifestyle and web trends. Keep up with us on Facebook and Twitter.