About Lulzsec fiasco

[softwareseller]

HideMyAss.com, a VPN service that encrypts one's traffic to enable users to surf the web anonymously, was ordered by a U.K. judge, at the request of FBI agents, to release log information about an Arizona man who was arrested Thursday for his role in the Sony intrusion.
....
Meanwhile, U.S. prosecutors are asking that Kretsinger, who faces up to 15 years in prison, face trial in Los Angeles, the district in which he was charged. Source:http://www.scmagazine.com/hide-my-ass-service-not-as-secret-as-suspect-likely-believed/article/212884/

It first came to our attention when leaked IRC chat logs were released,...At a later date it came as no surprise to have received a court order asking for information relating to an account associated with some or all of the above cases

We have had a few queries as to our logging policies. We only log the time you connect and disconnect from our service, we do not log in any shape or form your actual internet traffic. Source:http://blog.hidemyass.com/2011/09/23/lulzsec-fiasco/

If hidemyass only provides the time used in VPN without any IP, how could the court know which account information to ask?(Hidemyass must have thousands of users online at the same time)
With only time, no IP , How could this log provides any evidence against Lulzsec ?

[xDan]

I can't believe these supposedly skilled hackers would solely rely on a US VPN service. Especially a massive and well known one such as that. It just beggars belief.

Anyway, notice HideMyAss use the term "you", this kind of implies they can identify "you" as an individual. So either some signup details (is this a pay service?), but most likely they do log IP despite not specifically admitting to it.

"The main type of logging is session logging – this is simply logging when a customer connects and disconnects from the server, this identifies who was connected to X IP address at X time, this is what we do and all we do."

Obviously they have a customer record that includes IP and other details. And if you read between the lines of that blog post, they make no bones about the fact they don't want anything illegal or grey area done through their system.

They probably can't really help being what they are though, since they are a US (or is it UK?) company. But it does render their service a little useless.

[Endgame]

We have had a few queries as to our logging policies. We only log the time you connect and disconnect from our service, we do not log in any shape or form your actual internet traffic. Source:http://blog.hidemyass.com/2011/09/23/lulzsec-fiasco/

If hidemyass only provides the time used in VPN without any IP, how could the court know which account information to ask?(Hidemyass must have thousands of users online at the same time) With only time, no IP , How could this log provides any evidence against Lulzsec ?

My understanding is that HMA does log IP addresses, regardless of whether they admit it or not. If they didn't keep logs, Kretsinger could not have been caught in the way he was. And I have to agree with xDan, these 'skilled hackers' have only themselves to blame for being caught after putting so much faith in a mainstream VPN service like HMA.