Artem Vaulin, 30, was arrested in Poland by local police on July 20, 2016. The federal government of the United States charged the Ukrainian man four criminal counts including money laundering and on-line piracy. Homeland Security Special Agent, Jared Der-Yeghiayan, led the investigation.
In a formal complaint presented by the authorities meticulously describes the criminal activities of the site, the operation and how the Ukrainian man, also known as “Trim,” is connected to all of it. This case has everything a spy movie fan loves including hacking, deception and behind-doors collaboration between the government and pages companies like Facebook and Apple.
Kickass Torrent, or KAT, is the most famous torrent website in the world. There, users can freely download or upload media content. The page’s staff will prepare categories, rank the and so on. Around 50 million people regularly visit KAT to download and upload media content including movies, songs and video games among many other things. With such a heavy traffic is no wonder that the page’s total net worth is around $50,000,000 according to siteprice.org. The latter is a website specializing in estimating the real value of a domain.
KAT collects around $16 million in advertising revenue per year
There are thousands of torrent pages, but none like KAT. The guys from Alexa.com created an accurate method to determine the popularity of a portal, and they place Kickass Torrent as the 69th most popular website in the whole internet which is incredible.
People usually forget that everything that is on the web has a real house, and with such a huge traffic, there must be a massive operation including a complete staff and numerous servers somewhere. However, the authorities have said nothing about the physical process.
— Selcuk Askin (@SelcukAskin) July 22, 2016
Few things can generate that much traffic, but nothing beats free stuff. Yes, the website allows people to download and upload thousands of movies, songs, and others without paying a penny. The government punishes this as the willing infringement of the copyright law, more commonly known as piracy. Everybody knows it’s illegal, yet a lot of people do it.
What is not commonly known is that there are different degrees of the crime. If for example, someone illegally downloads a movie for personal entertainment, it is no big deal. The authorities will probably issue a fine and in extreme cases, a couple of months in jail. However, when somebody establishes a pirate network where media content worth more than a billion dollars is freely distributed, the consequences are far greater.
Artem Vaulin is Poland right now, and the United States’ federal government wants to bring him to America where he could end up sentenced to 20 years behind bars and most definitely a fine. The FBI already seized the money found in two international banks, but that is probably just the beginning.
Shedding light on the people behind the operation
Special Agent Jared Der-Yeghiayan from Homeland Security has been working with the agency since 2010. There, he mostly investigates cyber-crime, copyright violations and other kinds of intellectual offenses.
Proving KAT is involved in criminal activities is not necessary, the staff brags about it on the website, the tricky part is to catch the people on the site. To do this, Special Agent Jared and the investigation team created a strategy worthy of a CSI chapter.
First, the team contacted KAT staff with the excuse of purchasing advertisement services, and a person only known as Mr. White handled the sell. The undercover agent told the handler he wanted to place a button on the website disguised as a study program in the United States. The man agreed to provide the service for $300 a day. Then, another representative using the e-mail address firstname.lastname@example.org gave the undercover agent the banking information of an account from a bank in Latvia called Regional Investiciju Banka. The report was subjected to GA Star Trading, and the man specified that during the operation, the “client” couldn’t name KAR or use the word “advertisement.”
After a couple of months, the undercover team asked for the services for the second time, and a person using the same e-mail address provided the agents with a different bank account, this time, from the AS Eesti Krediidipank in Estonia.
— UPROXX (@UPROXX) July 22, 2016
Facebook and Apple played a significant role in the investigation
The officials used a process called WHOIS to investigate KAT’s websites. It is simple, the program identifies a site’s IP, and then what company is providing it. WHOIS confirmed Artem Vaulin registered the websites with an address in Kharkiv, Ukraine using email@example.com as the e-mail contact. The logs provided by GoDaddy not only backed up the information but also showed that Vaulin pre-ordered the www.kickasstorrents.net domain in 2009.
Also, the authorities monitored Vaulin’s e-mail activity and found many messages sent to his associates regarding KAT, specifically, suggestions on how to build the page’s interface. Another important note was found, one where Vaulin told a person he had changed his e-mail address to firstname.lastname@example.org, the same one used to provide the undercover agents with the bank information.
Agent Jared connected the Ukrainian man to an Apple e-mail account, email@example.com. The authorities checked the purchase records and found the man had bought a couple of items. Then, they tracked down the IP used for the transactions. The same IP was used to access KAT’s Facebook account which the investigators associated with the torrent website.
That piece of information worked as the final nail in the coffin after checking the site’s post history. One of the posts described the organization’s organigram, and a name stood out from the rest.
— Swati Khandelwal (@Swati_THN) July 21, 2016
The leader was known as Trim, and he was an active admin in the beginnings of the website. The investigation proves beyond reasonable doubt the Apple account is Vaulin’s. Several data including his name, Ukraine address and a backup e-mail address firstname.lastname@example.org, shows the man owns the account. In fact, Cryptoneat is a company founded by the Ukrainian, and the authorities believe it was used to cover the operation partially.
Without any doubt, the investigation team did a great job, and all they have to do now is wait for Poland to extradite the man to Chicago where the operation started.