Artem Vaulin: swashbuckling criminal genius, or just a dumb guy?

Planet Earth (TFC) –  Just weeks ago, the most recent major attempt to fight online piracy came in the form of yet another arrest of a so-called “mastermind”.

On July 20th, The U.S. Department of Justice issued a press release stating they had detained a 30-year-old Ukrainian man in Poland by the name of Artem Vaulin. Charging him with money laundering and multiple piracy related charges tied to the allegations of Vaulin owning and operating the world’s leading BitTorrent website, Kickass Torrents.

Vaulin, more commonly known online by his username “tirm”,  probably isn’t a “dumb guy” at all. Running the 69th most visited website in the world wouldn’t typically be on the resume of a dumb guy. Though, considering what little effort he made to conceal his ongoings and affiliations with KAT, he may be a bit absent minded.

Starting in 2009, Vaulin registered numerous KAT domain names after buying them through GoDaddy. Homeland Security Investigators dug through the hosting records of Kickass Torrent’s former domains and found that ending in January 2016 the primary domain was hosted out of Chicago for approximately three and a half years. For that reason, Vaulin’s case is currently being prosecuted out of the Northern District of Illinois. The same day “tirm” was arrested, federal authorities in Chicago formally charged him with one count of conspiracy to commit money laundering, one count of conspiracy to commit criminal copyright infringement, and two counts of criminal copyright infringement.

HSI agent Jared Der-Yeghiayan wrote the 50-page affidavit against Vaulin and assisted other agencies in conducting investigations. Der-Yeghiayan recently graced headlines as a key witness in the trial of Silk Road founder Ross Ulbricht, as well.

Within his affidavit, Der-Yeghiayan estimated that as of approximately June 20, 2016, Kickass Torrents was generating nearly $17 million in annual advertising alone, sourcing siteprice.org for his figure. His statement identifies the company “Cryptoneat” as KAT’s money laundering front. The Cryptoneat.com domain was not so discreetly registered in Vaulin’s name, and LinkedIn even lists several employees of the company who were involved in the early development of Kickass Torrents. Clearly, there was no concern for hiding he or his comrade’s affiliations, uncommon behavior for a “criminal mastermind”.

Der-Yeghiayan then goes on to describe how financial information was almost effortlessly obtained by using an undercover IRS agent. Referred to only as “UC-1”, the IRS agent exchanged emails with a Kickass Torrents page admin about purchasing advertisement space on the site’s most popular domain, kat.cr.  After an agreement had been made upon price, the page admin provided UC-1 with account details to a Latvian bank responsible for processing payments on rented ad space. According to the affidavit, after providing the bank information for the account, the KAT representative wrote: “Please pay attention to the bank details. They should be entered correctly. Also please don’t mention KAT and ‘for advertising anywhere.” This warning suggests that at the time, this particular representative was aware of possible implications.

As time went on, increasingly expensive advertising purchases were made as part of this sting operation. The IRS agent learned of yet another set of banking details in Estonia. Then by Implementing the Mutual Legal Assistance Treaty [MLAT] process, US investigators had no trouble obtaining the bank records for both accounts. HSI agents also determine that Kickass was using a hosting service located in Canada. Once again, the agencies used the MLAT process to obtain an image of the Canadian server.

During the investigation, agents unquestionably determined that the email address “tirm@me.com” belonged to Artem Vaulin simply by chasing a few IPs. Linking Vaulin to this was almost comically easy, for several reasons. First, Vaulin himself was running the Kickass Torrents Facebook fan page. For someone operating what many would call a massive illegal enterprise, this was an extraordinarily careless oversight.  When authorities contacted Facebook with a warrant for the Kickass Torrents fan page, they supplied the log data for that page without hesitation, as per their policy. While reviewing the log data, officials discovered that the “tirm@me.com” email address was used to sign into Facebook and access the fan page.

Who owns the “@me.com” email addresses? None other than Apple.

It wasn’t that long ago at all that Apple had a lengthy battle with the FBI to unlock the iPhones of one of the San Bernardino attackers and a suspected Brooklyn drug dealer. Apple stood firm against the FBI, explaining that it refused to violate the privacy of its users, a seemingly admirable move, but is customer privacy their number one priority? Protecting the privacy of their users may be important to Apple, but apparently, it takes a back seat to increasing profit. In past cases with the FBI, Apple had no financial incentive to share their encryption. Though, with the iTunes Store being the largest music store in the world since 2010, in the instance of Vaulin and his file sharing website, Apple gladly and hastily handed over all data in regards to “tirm@me.com” which contained scans of his passport and driver’s license.

There were alerts relating to administration tasks on the Kickass Torrents website emailed to this address and used it to make an iTunes purchase. The thing is, with each purchase on iTunes, your IP address is logged. Following this IP address agents then determined Vaulin’s online bitcoin account.

kickass-torrentsAll of these oversights and misguided decisions are factors that have ultimately led to his arrest. By just utilizing one of the many darknet services that allow a person to have what is essentially a disposable email, he could have made it significantly harder to be caught. So how much of a “criminal genius” can he possibly be?

Since his arrest, Vaulin has retained the services of Ira Rothken, the California lawyer who has successfully kept Kim Dotcom, founder of Megaupload, out of custody and comfortably in New Zealand since charges were filed against him in early 2012. Speaking to Ars Technica Rothken said:

“This case by the US is an attack, using the criminal laws, on BitTorrent technology generally,” Rothken continued. “The US is involved in experimental criminal litigation, and it’s designed to have a chilling effect on people using BitTorrent technology. If one were to go out and spider all the BitTorrent files they could find online and give a search engine, the same allegations could be made against that search engine, and we believe that’s improper use of the prosecutorial power. We believe that this case will ultimately be dismissed.”

Vaulin’s lawyer also doesn’t expect him to be extradited anytime soon saying:

 “It does appear to require dual criminality, like New Zealand, and we have taken a preliminary view that this theory, this criminal theory of secondary copyright infringement, does not exist in Poland and does not exist in the US, and we think that if a dual criminality analysis ever gets done, an extradition would have to be rejected.”

On August 1st, Vaulin’s Legal defense team issued a letter to The Department of Justice requesting they drop all charges against their client and release him from custody immediately. Theorized charges such as “indirect” or “secondary” copyright infringement do not exist in the US, nor in Poland where tirm was arrested. The legal team’s primary argument is Vaulin cannot be held accountable for users of the site participating in potentially infringing activities.

https://torrentfreak.com/images/katdismiss.png

The report prepared by Der-Yeghiayan is lacking any specific examples that link site operators or Vaulin to direct downloads that would qualify as copyright infringement under international law or otherwise. As a matter of fact, the one germane infringement that was quoted within the report against Vaulin was committed by a Homeland Security Investigations agent.

According to the defense team, the affidavit contains “incorrect, misleading and irrelevant allegations” regarding Kickass Torrents’ site operations, and the use of BitTorrent telecommunications. The defense’s letter to the DOJ requests that they allow the defense team to speak with him while in custody to better assist with his defense, and also calls for prosecutors to refrain from questioning, interrogating, or interviewing tirm for any reason.

Based upon past endeavors to prosecute and imprison alleged “pirate masterminds” being largely unsuccessful, I’m inclined to believe that the piracy charges against Artem Vaulin will soon be dismissed. He may avoid any lengthy stays in the big house due to piracy, but he may not get so lucky escaping the laundering charges. Only time will tell, but one thing is for sure: Incarcerating operators of glorified search engines and implementing new laws and regulations cannot and will not thwart online piracy.

This report written by Clint Peterson for The Fifth Column.