Australian bomb hoax suspect tracked across internet and arrested in Kentucky, USA

Filed Under: Featured, Law & order

For the last two weeks, the media in Sydney, Australia, have been fascinated with a police investigation into a most peculiar crime committed in one of Sydney's most prestigious suburbs.

If you've heard the name of the victim, Madeleine Pulver, you've probably heard the story behind the crime.

Imagine the scene.

Pulver is a final-year school student who will sit her school-leaving exams at the end of the year. She's studying at her parents' home in top-of-the-market Mosman in Sydney's Lower North Shore on the afternoon of 03 August.

A man clad in a balaclava and carrying a baseball bat bursts into her room and chains a plastic box to her neck. He puts a lanyard round her neck with some printed documentation and a USB key attached to it. Then he vanishes.

Pulver looks at the printout. She reads these words: "Powerful new technology plastic explosives are located inside the small black combination case delivered to you. The case is booby trapped. It can ONLY be opened safely, if you follow the instructions and comply with its terms and conditions."

The printout continues by saying, "You will be provided with detailed Remittance Instructions to transfer a Defined Sum once you acknowledge and confirm receipt of this message." A Gmail address is provided for future communications.

In the curious grammar used these days by New South Wales (NSW) Police on charge sheets, a whole battery of crimes have just taken place: aggravated break and enter with intent to commit a serious indictable offence; demand property by force with intent to steal; kidnap.

Hats off to the NSW cops. They've put in the investigative work on this one, identified a suspect, tracked him to Kentucky, and had him arrested in the USA. Now they'll apply to have him extradicted back to their jurisdiction.

The investigation makes a great story, too, and you can read it online thanks to documents tendered in court to prepare for the suspect's arrest in Kentucky.

Here's the brief version of what's claimed so far.

* Trace the PC used to create the Gmail account mentioned in the extortion message to Chicago airport.

* Trace all subsequent uses of that email account to a small town on the NSW Central Coast. Get CCTV footage from the vicinity.

* Identify a Range Rover of an identifiable vintage arriving and leaving at the right time. Check NSW vehicle registrations for vehicles which fit the age and the location.

* Cross-check the name of the closest registered owner againt recent border control records.

'Ello, 'ello! The owner of the perfectly-placed Range Rover flew to Chicago shortly after the crime. Then he flew to Kentucky.

* Move on to credit card records. The owner of the Range Rover also made purchases at an office supply store and a sports shop on the Central Coast about a month before the crime.

* Check with the shops to see what he bought in those transactions. Hmmm. A USB key. A baseball bat. [Note: baseball is a minority sport in Australia, like cricket in the USA.]

* Check whom he'd remitted money to in recent years. Ha! A woman with the same surname living in La Grange, Kentucky. Find that house up for sale.

* Get the Kentucky cops to drive by. Spot a bloke hanging out behind the house looking at least somewhat similar to the guy who boarded that Chicago flight, owned the Range Rover on the Central Coast, and bought the baseball bat.

And that was enough for the Kentucky court. The suspect was arrested and taken into custody.

In today's society, most of us leave digital breadcrumbs wherever we go. When the cops can use this information appropriately, as they have done in this case, most us us agree that this amounts to a good result.

But there are three important issues this brings to the fore:

* This isn't a cybercrime case. It's a case of person-on-person crime involving intimidation, extortion and a bomb threat. Yet much of the investigation has required cyberskills by the investigators.

So when you read that the cops are being given more money "for cybercrime", don't expect them to start busting pure-play cybercrooks such as spammers and scammers immediately. Almost every modern crime has a cyber-element.

CSI* This didn't play out like it does on CSI or Hawaii-Five-O. There, the cops get results in seconds, where satellites orbiting directly overhead can mysteriously get clear images of vehicle registration plates from low angles, and where warrants magically appear at all hours of day and night.

There are many hoops which the cops have to jump through to be able to pursue an enquiry of this sort - a due process which means they can't always and immediately get access to anything they want.

And that is exactly as it should be. Most of us are law-abiding, and our privacy and security is too important to be eroded merely to make the Orwellian nonsense of Hawaii-Five-O into a reality.

* Pure-play cybercrooks don't play by the rules. They don't have to show due cause to retrieve information from immigration. They don't bother with a warrant before they install surveillance software on your PC. And they don't leave an obvious trail like the apparently inept suspect in the Pulver case.

Of course, there's a fourth matter, too:

* All the evidence so far is circumstantial, and the suspect is innocent until proved guilty beyond reasonable doubt.

In a case which is as perplexing, and which has provoked as much media commentary and as much speculation as this one, it's important to keep that in mind.

Now you've heard the story, stop and think how much this suspect gave away without intending to.

Think about how much you give away - for example on social networking sites - entirely willingly.

Having just the tiniest amount less fun online can make you enormously more secure.

, , , , , , , , , ,

You might like

One Response to Australian bomb hoax suspect tracked across internet and arrested in Kentucky, USA

  1. Antony · 1129 days ago

    Amazing detective work right there haha

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Paul Ducklin is a passionate security proselytiser. (That's like an evangelist, but more so!) He lives and breathes computer security, and would be happy for you to do so, too. Paul won the inaugural AusCERT Director's Award for Individual Excellence in Computer Security in 2009. Follow him on Twitter: @duckblog