HideMyAss.com, the anonymous VPN service, has admitted that it handed over the details of one of the alleged Lulzsec hackers who attacked systems belonging to Sony Picture Entertainment.
The HideMyAss service is based in the UK and provides a free proxy that tell users they can “surf anonymously online, hide your IP address, secure your internet connection, hide your internet history, and protect your online identity.”
Last week the alleged Lulzsec hacker known as ‘Recursion’, aka Cody Andrew Kretsinger, 23, of Phoenix, Arizona, was arrested by the FBI.
HideMyAss explained that it had complied with a court order to disclose Kretsinger’s IP address that he had used to log into the HideMyAss service.
That hack was part of the attack earlier this year on Sony that exposed the the names, birth dates, addresses, emails, phone numbers and passwords of thousands of people who had entered contests promoted by Sony.
And HideMyAss defended its role in handing over the IT address to the FBI in a blog posting.
“We have received concerns by users that our VPN service was utilised by a member or members of the hacktivist group ‘lulzsec’,” it wrote. “It first came to our attention when leaked IRC chat logs were released, in these logs participants discussed about various VPN services they use, and it became apparent that some (Lulzsec) members were using our service.”
“No action was taken, after all there was no evidence to suggest wrongdoing and nothing to identify which accounts with us they were using,” HideMyAss said. “At a later date it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases.”
HideMyAss went on to explain that as stated in its terms of service and privacy policy, its service is not to be used for illegal activity, and as a legitimate company it would co-operate with law enforcement if it receive a court order (equivalent of a subpoena in the US).
“Our VPN service and VPN services in general are not designed to be used to commit illegal activity,” it said. “It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences.”
It said its service was designed to be used by people wishing to bypass censorship, such as the recent Egyptian revolution “for which our service played a key role for protesters gaining access to websites such as Twitter which were blocked by the government.”
However it seems that Kretsinger may not be the only Lulzsec hacker that used HideMyAss.
According to the Guardian newspaper, HideMyAss may also be close to revealing the IP details of another alleged hacker with the online tag of ‘Neuron’, who may also be facing imminent arrest.
The newspaper cited the Pastebin logs, which show that “Neuron” and “Recursion” are not the same person, as the two were in the same chatroom at the same time, and on one occasion addressed each other directly. Recursion then apparently quit the group after it attacked an FBI-related site early in June, but Neuron remained.
Predictably the decision by HideMyAss to reveal Recursion’s IP address has not gone down well in the hacker community.
“Question @HideMyAssCom: Was it worth to rat out one guy who allegedly hacked #PSN in exchange for all your business? You will find out soon,” AnonymousIRC tweeted.
Meanwhile one of HideMyAss’s rivals lost little time in touting for business.
AirVPN said in a statement that it does not keep logs in the way that HideMyAss does: “we would like to reassure our users and our customers that nothing like that [handover of logs] may happen with AirVPN, for a series of legislative.”
It also said that it was based in the EU, not in the USA, and that it does not recognise American jurisdiction.
Welcome to Silicon UK: AI for Your Business Podcast. Today, we explore how AI can…
Japanese tech investment firm SoftBank promises to invest $100bn during Trump's second term to create…
Synopsys to work with start-up SiMa.ai on joint offering to help accelerate development of AI…
Start-up Basis raises $34m in Series A funding round for AI-powered accountancy agent to make…
Data analytics and AI start-up Databricks completes huge $10bn round from major venture capitalists as…
Congo files legal complaints against Apple in France, Belgium alleging company 'complicit' in laundering conflict…
View Comments
"Was it worth to rat out one guy who allegedly hacked #PSN in exchange for all your business? You will find out soon,”
What cowards. What are they going to do besides put on their V masks and DDOS a website while eating cheeto's? Nothing worth a damn.
This won't end well
@Nevermore-
You're an idiot if you think people will not flee HideMyAss in droves now that they know the company is lawful evil. They blantantly lied about their data retention policies, saying they do not log when they clearly do and now they showed their willingness to turn in their customers when a government comes knocking. And contrary to their statement, providing access around a regime's censorship apparatus is facilitating illegal activity within that country. So why can the American Feds come knocking for info but Syria, China, etc. cannot? If you were a dissident in a censorship-laden country, would you trust your life with HideMyAss knowing that they blatantly lie about the data they keep on their customers and will turn you in at the drop of a hat? Who gives HideMyAss the authority to ignore one country's laws just because they consider censorship immoral and unjust? And when the American-backed copywrong regime comes knocking, the data they claim not to retain on their users will be turned over at will even though they claim to want to help people route around regime censorship. If you really think a company that called themselves "HideMyAss" can survive this, without changing their name to WeWillTurnYourAssIn.com, then you are truly naive. I give HideMyAss 2 months before they either cease to exist altogether, or they reinvent themselves under a different name as to get rid of the negative connotation that every one of their customers now associates HideMyAss with.
Interesting post. Hidemyass will be all over the forums, and people wont use this service anymore. This is the worst they could do.
Cyberghost VPN guarantees anonymity! I use this, I'm not a hacker, but it's safer than HMA!
hi.baidu.com/http://www.diyssh.com
i used HMA While i was overseas.As a refrence, I have very little programing experience but had no problem installing and using Hidemyass i'd highly recomend it especially if you can get the holidays special rate
Hidemyass is the best one vpn provider it is best among the all providers and its best thing its interface is very easy i never had problem using it,. I highly recomended Hidemyass vpn
There is a update on the Cody Kretsinger case.Likely 15 years in prison.
There are a score of vpn provider that claims they provide the best vpn service. The question now is, how can we be sure that these vpn services aren't used in underground activities? The very thing we thought would protect us is also the thing that would be used to harm us.