Can FBI know any ip connecting to any vpn server ??

[DogeX 8]

I was just searching the internet about AirVPN and went across this article. 

"Another IP address used to steal filings, several FBI agents explained, was from an Italian-run VPN, AirVPN. The FBI used a pen register to show that someone accessed AirVPN from the M-13 IP address during the same period when the AirVPN IP was stealing records from the filing companies. The FBI also showed that Klyushin had accessed his bank at the same time from that same IP address. The FBI also showed that eight common IP addresses had accessed Ermakov’s iTunes account and the AirVPN IP address (in this case, the access was not at the same time because the FBI only had a pen register on the VPN for two months in 2020). While FBI witnesses couldn’t show that the specific activity tied to an AirVPN IP at the victim companies tied back to M-13, they did show that both Klyushin and Ermakov routinely used AirVPN."

So if I understand correctly, the FBI or any three-letter agency can put a "Pen" without going inside the data centre or anything and know all the ip addresses connecting to the server, at what time, etc. etc.?

 

Is using Tor in front of the VPN the only way to mitigate this ? 

Would it be crazy to think that all vpn ip addresses are behind actively monitored like that ?

[Staff 10267]

Hello!

Yes, this is a famous trial. It is obvious if you think about it and does not require any AirVPN co-operation. If you read all the court papers (publicly available) the alleged criminal was already a primary suspect so FBI worked to show in court that each time a crime was perpetrated through an IP address assigned to AirVPN infrastructure, the suspect was connected to some IP address of AirVPN (even though different, of course). To make things definitely worse for the suspect, he mixed identities, infringing one of the few "golden rules" (stating that you must NEVER mix identities), by connecting to his own bank account and his own iTunes account with real identity from the same AirVPN IP address (the same exit address the crimes were committed from, with strong time correlations)! Compelling clues which, together with another key finding, convinced the court that the suspect was indeed the culprit.

Luckily for the justice (and unfortunately, under his point of view!) this criminal committed serious fundamental errors.
 

Quote

Is using Tor in front of the VPN the only way to mitigate this ? 

Yes. But if one mixes identities the hazard remains high. 
 

Quote

Would it be crazy to think that all vpn ip addresses are behind actively monitored like that ? 

In this case, it was totally unnecessary. It would have been a huge effort to monitor traffic in 24 different jurisdictions and even more datacenters (normally they do not have access to top NSA tech, as far as we know, and anyway the data collection needed to be admissible in court). In reality, once they had a restricted pool of suspects, they just needed to correlate connections to bank, iTunes (+ social media and any service tied to a real identity of the primary suspects) and victims, and the line (usually residential) used by this pool of suspects.

Kind regards

[iwih2gk 96]

In my case I connect to a very close Air server and its connected almost 24/7, so that is what my ISP continually observes.  From there I can connect to hundreds of servers as "connection two or three" in my chains on
VM's.  I only want my ISP to see that one close safe server and I NEVER CONNECT to workspace using that specific server from my host machine.  Therefore no websites will ever get that server IP from my activities.  I like this setup for me.  Usually I prefer to use TOR after server two except for those times TOR won't fly with a certain website or two.  YES - I know TOR is the better multi hop mode, but on occasion I need to use 3 Air servers where TOR is blocked.  Speeds are pretty decent and the speed loss is acceptable in exchange for security/privacy.    My .02

[PANDABOY 1]

10 hours ago, iwih2gk said:

In my case I connect to a very close Air server and its connected almost 24/7, so that is what my ISP continually observes.  From there I can connect to hundreds of servers as "connection two or three" in my chains on
VM's.  I only want my ISP to see that one close safe server and I NEVER CONNECT to workspace using that specific server from my host machine.  Therefore no websites will ever get that server IP from my activities.  I like this setup for me.  Usually I prefer to use TOR after server two except for those times TOR won't fly with a certain website or two.  YES - I know TOR is the better multi hop mode, but on occasion I need to use 3 Air servers where TOR is blocked.  Speeds are pretty decent and the speed loss is acceptable in exchange for security/privacy.    My .02

iwih2gk Security Though obscurity. AirVPN don't log users. but they have tokens on the users, so people like Three letter words. Can pull shit up and see all about the metadata. I use Whomnix style AirVPN with my gateway in read only mode in proxmox, then have it start from snapshot. I hope in your setup your not running all the chains from 1 server I get you trying to go for a strong elliptical curve crypto. all it takes is one compromised system then it can 100% strip back all the layers. If you really want privacy just get a, Yagi Wifi antenna to boost the signal to connect to starbucks from a distance. just remember they got Ross because he was directly connected in a library. they can follow down the chain no matter where you start. so have burner locations.