[ocdtrekkie]

It sounds like he got caught because his VPN dropped during some sort of outage. It's funny because I feel like "don't do crime from your home network" should be an incredibly obvious concept.

[anonu]

He also used keys as the "attacker" that were known to be his as a regular employee. That seems like a n00b move.

[blitzar]

So he litterally signed the attack with his PGP key.

[kadoban]

I can't imagine just using some random VPN is really going to help much anyway. When the cops come knocking they're just going to give you up right?

[Hamuko]

Surfshark VPN advertises "strict no-logs policy", "independently audited" and "obfuscated, RAM-only servers". Of course, advertising is just advertising, reality may be different.

[astrange]

Paypal, and apparently this guy's email server, don't have a no-receipts policy though.

[stjohnswarts]

some services drop your payment information after something like 45 days, -supposedly-. Who knows if they actually do.

[kadoban]

Yeah, so many say that, but I do find it very hard to believe.

If nothing else, wouldn't they want to keep some information about customers that in the past have abused the service? You need some way to ban assholes, right? How would you do that if you have no idea who anyone is?