Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping


This whole thing sounds like something straight out of CSI: Cyber with references to Drones, Tor, remailers, anonymous image sharing and the scrubbing of meta data. Pretty interesting reading, although it rather smells like a lot of exageration. A super high-tech kidnapping – gone wrong in the end.

Drones, Tor & Remailers - The Story Of A High-Tech Kidnapping

Whoever wrote tho e-mails sent to the police (be it Matther Muller or not) was smart and plugged in, with references to the Egotistical Giraffe exploit and onions within onions.

The press called it the “Gone Girl” kidnapping. But the bizarre story of a former Marine and Harvard-trained lawyer who allegedly masterminded the abduction of a California woman is notable for more than the twists and misdirections that made it fodder for CNN. It’s a rare kidnapping-for-ransom scheme that availed itself fully of the riches of the Internet age, providing a glimpse of a future where brutal, physical crime and its digital analog merge into one.

FBI court filings unsealed last week showed how Denise Huskins’ kidnappers used anonymous remailers, image sharing sites, Tor, and other people’s Wi-Fi to communicate with the police and the media, scrupulously scrubbing meta data from photos before sending. They tried to use computer spyware and a DropCam to monitor the aftermath of the abduction and had a Parrot radio-controlled drone standing by to pick up the ransom by remote control.

All the high-tech theatrics may be part of why the police concluded that the whole thing was a hoax, until the FBI linked the abduction to a former attorney who once made the Journal of the American Bar Association‘s list of “techiest lawyers” for his computer skills.


It makes for really good reading, and it really goes to show..truth really is often stranger than fiction.

The irony is, he was tripped up by technology..and really simple technology. The Target POS system + CCTV was enough to foil him, plus the fact he used a burner phone at home? (not smart AT ALL). Why didn’t he just pay some kid $5 to go into the store and buy the phone for him?

Rookie mistake.

It’s unclear how much of the elaborate backstory in last March’s anonymous emails is reality, and how much is fantasy. The FBI affidavit notes that many of the incidents of burglary, theft, and vandalism described in the messages align with actual incidents reported to the police. But the bureau also notes that the same incidents were described in postings to the Mare Island section of the community news site NextDoor. It’s possible that the author of the email assembled his story Usual Suspects-style from NextDoor bulletin board postings.

Perhaps the biggest unanswered question is whether Muller’s accomplices, mentioned at such length in the anonymous emails, really exist. In the Dublin attack, Muller is believed to have acted alone. But in the Mare Island kidnapping, both Quinn and Huskins told the police they heard multiple kidnappers talking among themselves. And in the 2009 case, the victim counted two perpetrators. “The victim reported to us that she had seen only one suspect, but she believed that she had heard a voice of a second male suspect,” says Lt. Zach Perron, a spokesman for the Palo Alto Police Department.

So far only Muller’s arrest has been announced. The FBI won’t say whether they’re looking for anyone else or if Muller is cooperating with the government against former associates. “This is a continuing investigation,” FBI spokeswoman Gina Swankie says. “The only reason the case was unsealed and made public was to further the identification of other victims who may have experienced a similar crime.”

So, did he really have accomplices? Do the FBI know more than they are letting on? Or was the illusion of accomplices another creation of Mullers twisted mind, perhaps he played back audio of muffled conversations to make the victims think there were multiple assailants.

Who knows? I’m not sure if anything more will come out of this story – but nevertheless it’s an interesting one.

Source: Wired

Posted in: Hacking News, Legal Issues, Privacy


Latest Posts:


tko-subs - Detect & Takeover Subdomains With Dead DNS Records tko-subs – Detect & Takeover Subdomains With Dead DNS Records
tko-subs is a tool that helps you to detect & takeover subdomains with dead DNS records, this could be dangling CNAMEs point to hosting services and more.
Arcane - Tool To Backdoor iOS Packages (iPhone ARM) Arcane – Tool To Backdoor iOS Packages (iPhone ARM)
Arcane is a simple script tool to backdoor iOS packages (iPhone ARM) and create the necessary resources for APT repositories.
SharpHose - Asynchronous Password Spraying Tool SharpHose – Asynchronous Password Spraying Tool
SharpHose is an asynchronous password spraying tool in C# for Windows environments that takes into consideration fine-grained password policies and can be run over Cobalt Strike's execute-assembly.
Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.


Comments are closed.