FBI can know any ip connecting to any vpn server ??

[DogeX 8]

I was just searching the internet about AirVPN and went across this article. 

"Another IP address used to steal filings, several FBI agents explained, was from an Italian-run VPN, AirVPN. The FBI used a pen register to show that someone accessed AirVPN from the M-13 IP address during the same period when the AirVPN IP was stealing records from the filing companies. The FBI also showed that Klyushin had accessed his bank at the same time from that same IP address. The FBI also showed that eight common IP addresses had accessed Ermakov’s iTunes account and the AirVPN IP address (in this case, the access was not at the same time because the FBI only had a pen register on the VPN for two months in 2020). While FBI witnesses couldn’t show that the specific activity tied to an AirVPN IP at the victim companies tied back to M-13, they did show that both Klyushin and Ermakov routinely used AirVPN."

So if I understand correctly, the FBI or any three-letter agency can put a "Pen" without going inside the data centre or anything and know all the ip addresses connecting to the server, at what time, etc. etc.?

 

Is using Tor in front of the VPN the only way to mitigate this ? 

Would it be crazy to think that all vpn ip addresses are behind actively monitored like that ?

[Staff 10225]

Hello!

Yes, this is a famous trial. It is obvious if you think about it and does not require any AirVPN co-operation. If you read all the court papers (publicly available) the alleged criminal was already a primary suspect so FBI worked to show in court that each time a crime was perpetrated through an IP address assigned to AirVPN infrastructure, the suspect was connected to some IP address of AirVPN (even though different, of course). To make things definitely worse for the suspect, he mixed identities, infringing one of the few "golden rules" (stating that you must NEVER mix identities), by connecting to his own bank account and his own iTunes account with real identity from the same AirVPN IP address (the same exit address the crimes were committed from, with strong time correlations)! Compelling clues which, together with another key finding, convinced the court that the suspect was indeed the culprit.

Luckily for the justice (and unfortunately, under his point of view!) this criminal committed serious fundamental errors.
 

Quote

Is using Tor in front of the VPN the only way to mitigate this ? 

Yes. But if one mixes identities the hazard remains high. 
 

Quote

Would it be crazy to think that all vpn ip addresses are behind actively monitored like that ? 

In this case, it was totally unnecessary. It would have been a huge effort to monitor traffic in 24 different jurisdictions and even more datacenters (normally they do not have access to top NSA tech, as far as we know, and anyway the data collection needed to be admissible in court). In reality, once they had a restricted pool of suspects, they just needed to correlate connections to bank, iTunes (+ social media and any service tied to a real identity of the primary suspects) and victims, and the line (usually residential) used by this pool of suspects.

Kind regards