British virtual private network company Hide My Ass has said that it turned over logs on a suspected LulzSec member to the FBI in response to a UK court order.
The court order requested information related to an account associated with a number of attacks on computer systems, Hide My Ass said in a blog post on Friday. Cody Andrew Kretsinger, 23, of Phoenix, Arizona, was arrested last week over alleged attacks on Sony Entertainment.
"Our VPN service and VPN services in general are not designed to be used to commit illegal activity," said Hide My Ass. "It is very naive to think that by paying a subscription fee to a VPN service you are free to break the law without any consequences."
Hide My Ass realised its services may have been used during alleged Anonymous attacks after IRC chatlogs were published by the Guardian. Kretsinger was arrested after being identified through his use of Hide My Ass's proxy service to connect to the Sony Pictures site, the Guardian said in a story on Monday.
Kretsinger allegedly used the name 'Recursion' when communicating via chatlogs. A second member of the group, 'Neuron', may also be identifiable through Hide My Ass logs, the Guardian added.
Hide My Ass said that it would not turn over logs on people in countries such as Egypt, which at the beginning of 2011 experienced an internet crackdown during popular protests which led to the resignation of president Hosni Mubarak. Hide My Ass said it would only turn over details of users of its anonymity services in response to a UK court order, and contested that many VPN providers retain logs which can be used by law enforcement.
Hide My Ass logs when a customer connects and disconnects from the server, and the IP addresses used by its customers, "to locate abusive customers", said the company.
"Being able to locate abusive users is imperative for the survival of operating a VPN service, if you cannot take action to prevent abuse you risk losing server contracts with the underlying upstream providers that empower your network," said Hide My Ass. "Common abuse can be anything from spam to fraud, and more serious cases involve terrorism and child porn."
Other VPN providers said that they did not keep logs on customers. On Friday, AirVPN said that it could not identify users for technical reasons.