It can happen to anyone…and when it does it usually catches everybody – the victim and his relatives – completely unprepared. I’m talking about kidnapping. Twice in my life I’ve been involved in helping the police track down and arrest gangs of kidnappers. The first case didn’t directly affect me or my family, but the second time a close friend of mine was kidnapped. And it turns out that our work in tackling cybercrime can also be useful to catch criminals who seem to have little connection with high-tech wrong-doing.
The Internet is not just a tool for cybercrime – it is also often used to communicate with the families and friends of kidnap victims, especially to demand a ransom. When this happens, our work can be vital: evidence collected on the Internet as well, as the errors made by criminals, can help to track them down, identifying their location via their IP address.
In some cases criminals use social networking sites – and my bitter experience proves that social networks are usually unwilling to help the law enforcement authorities and won’t disclose information about account holders, even at the request of the police or a prosecutor. I saw this myself after the prosecutor sent a request to one of the most popular social networks and got a reply stating it was impossible to provide the required data. This social network justified its refusal by the laws of the country where it is located and by the fact that from their point of view the kidnapped person was in no serious danger! Some kidnappers contact the victims’ families via mail services such as Gmail, which does not show the IP address in the properties of the email header. All this makes it much more difficult to uncover the IP address of the criminals. Fortunately, a number of very dangerous criminals, who otherwise would be almost impossible to catch, are not experts in information security. This is their Achilles heel.
In the case I was involved in, our methods enabled us to track down the criminals and arrest them right on the spot where they were using the Internet. I can’t disclose all details due to ongoing investigations, but in short, the tracker delivery was a mix of high social engineering combined with a specially prepared randomly changing GIF image. An embedded script reported User agent, OS version and IP address of anyone who clicked on it. I was able to make the criminals click on the specially prepared URL leading to the mentioned image, so we got all needed information. Local law enforcement was able to instantly get information about the owner of the IP address. The arrest was so quick that as I was chatting with the criminals, police arrested them with their hands on the keyboard. The victims returned home safe and sound. The rescue operation was a complete success!
Now it’s all over, I can confirm that we will continue to assist the police in catching any criminals. After all, in cases of kidnapping a person’s life may be at stake. The price is so much higher than a stolen credit card or a plundered bank account.
Because of the sensitive nature of this episode, we are not disclosing the author’s name.