As widely reported, the second LulzSec suspected hacker – Cody Kretsinger – was arrested late last week, but the Guardian newspaper says that a third suspect known as `Neuron' could now be traceable.
Neuron is reportedly traceable after s/he used the appropriately-named HideMyAss service, which apparently co-operated with law enforcement officials without the need for a court order. This is how, the paper says, Kretsinger was tracked by officials prior to his arrest last week.
HideMyAss, Infosecurity notes, has posted a defence of its actions on its blog after the news emerged, claiming that it had to retain logs of users in order to protect its own systems.
“Our VPN service and VPN services in general are not designed to be used to commit illegal activity. It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences. This includes certain hardcore privacy services which claim you will never be identified, these types of services that do not cooperate are more likely to have their entire VPN network monitored and tapped by law enforcement, thus affecting all legitimate customers”, says the firm.
“We would also like to clear up some misconceptions about what we do and what we stand for. In 2005 we set up HMA primarily as a way to bypass censorship of the world-wide-web whether this be on a government or a corporate/localized scale. We truly believe the world-wide-web should be world-wide and not censored in anyway. A prime example of this would be the Egyptian revolution for which our service played a key role for protesters gaining access to websites such as Twitter which were blocked by the government, we experienced record traffic during this time”, it adds.
The firm went on to say that, although our web proxy account for a high percentage of its traffic, the VPN service accounts for almost all of its revenue.
“Our main customer base use our VPN service to ensure their sensitive web traffic cannot be intercepted on insecure networks, though there are many other legitimate uses such as the ability to unblock GEO-restricted websites” it says, adding that if you look through the company's review database, readers will be be able to gain an understanding of who uses our service and why.
Despite these comments, the Guardian reports that some users have questioned whether HideMyAss – which says that it helped people in Egypt to evade crackdowns during the Arab spring protests – would hand over details of individuals to repressive regimes such as Syria.
“A rival service, AirVPN, put out a statement saying that it does not keep logs in the way that HideMyAss does: "we would like to reassure our users and our customers that nothing like that [handover of logs] may happen with AirVPN, for a series of legislative (we are based in the EU, not in the USA, and we don't recognize USA jurisdiction, obviously) and above all technical reasons."