It can happen to anyone…and when it does it usually catches
everybody – the victim and his relatives – completely unprepared.
I’m talking about kidnapping.
Twice in my life I’ve been involved in helping the police track down
and arrest gangs of kidnappers. The first case didn’t directly
affect me or my family, but the second time a close friend of mine
was kidnapped. And it turns out that our work in tackling cybercrime
can also be useful to catch criminals who seem to have little
connection with high-tech wrong-doing. The Internet is not just a
tool for cybercrime – it is also often used to communicate with the
families and friends of kidnap victims, especially to demand a
ransom. When this happens, our work can be vital: evidence collected
on the Internet as well, as the errors made by criminals, can help
to track them down, identifying their location via their IP address.
In some cases criminals use social networking sites – and my bitter
experience proves that social networks are usually unwilling to help
the law enforcement authorities and won’t disclose information about
account holders, even at the request of the police or a prosecutor.
I saw this myself after the prosecutor sent a request to one of the
most popular social networks and got a reply stating it was
impossible to provide the required data. This social network
justified its refusal by the laws of the country where it is located
and by the fact that from their point of view the kidnapped person
was in no serious danger! Some kidnappers contact the victims’
families via mail services such as Gmail, which does not show the IP
address in the properties of the email header. All this makes it
much more difficult to uncover the IP address of the criminals.
Fortunately, a number of very dangerous criminals, who otherwise
would be almost impossible to catch, are not experts in information
security. This is their Achilles heel.
In the case I was involved in, our methods enabled us to track down
the criminals and arrest them right on the spot where they were
using the Internet. I can’t disclose all details due to ongoing
investigations, but in short, the tracker delivery was a mix of high
social engineering combined with a specially prepared randomly
changing GIF image. An embedded script reported User agent, OS
version and IP address of anyone who clicked on it. I was able to
make the criminals click on the specially prepared URL leading to
the mentioned image, so we got all needed information. Local law
enforcement was able to instantly get information about the owner of
the IP address. The arrest was so quick that as I was chatting with
the criminals, police arrested them with their hands on the
keyboard. The victims returned home safe and sound. The rescue
operation was a complete success!
Now it’s all over, I can confirm that we will continue to assist the
police in catching any criminals. After all, in cases of kidnapping
a person’s life may be at stake. The price is so much higher than a
stolen credit card or a plundered bank account.