Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Outsmart Malicious Hackers


This whole thing sounds like something straight out of CSI: Cyber with references to Drones, Tor, remailers, anonymous image sharing and the scrubbing of meta data. Pretty interesting reading, although it rather smells like a lot of exageration. A super high-tech kidnapping – gone wrong in the end.

Drones, Tor & Remailers - The Story Of A High-Tech Kidnapping

Whoever wrote tho e-mails sent to the police (be it Matther Muller or not) was smart and plugged in, with references to the Egotistical Giraffe exploit and onions within onions.

The press called it the “Gone Girl” kidnapping. But the bizarre story of a former Marine and Harvard-trained lawyer who allegedly masterminded the abduction of a California woman is notable for more than the twists and misdirections that made it fodder for CNN. It’s a rare kidnapping-for-ransom scheme that availed itself fully of the riches of the Internet age, providing a glimpse of a future where brutal, physical crime and its digital analog merge into one.

FBI court filings unsealed last week showed how Denise Huskins’ kidnappers used anonymous remailers, image sharing sites, Tor, and other people’s Wi-Fi to communicate with the police and the media, scrupulously scrubbing meta data from photos before sending. They tried to use computer spyware and a DropCam to monitor the aftermath of the abduction and had a Parrot radio-controlled drone standing by to pick up the ransom by remote control.

All the high-tech theatrics may be part of why the police concluded that the whole thing was a hoax, until the FBI linked the abduction to a former attorney who once made the Journal of the American Bar Association‘s list of “techiest lawyers” for his computer skills.


It makes for really good reading, and it really goes to show..truth really is often stranger than fiction.

The irony is, he was tripped up by technology..and really simple technology. The Target POS system + CCTV was enough to foil him, plus the fact he used a burner phone at home? (not smart AT ALL). Why didn’t he just pay some kid $5 to go into the store and buy the phone for him?

Rookie mistake.

It’s unclear how much of the elaborate backstory in last March’s anonymous emails is reality, and how much is fantasy. The FBI affidavit notes that many of the incidents of burglary, theft, and vandalism described in the messages align with actual incidents reported to the police. But the bureau also notes that the same incidents were described in postings to the Mare Island section of the community news site NextDoor. It’s possible that the author of the email assembled his story Usual Suspects-style from NextDoor bulletin board postings.

Perhaps the biggest unanswered question is whether Muller’s accomplices, mentioned at such length in the anonymous emails, really exist. In the Dublin attack, Muller is believed to have acted alone. But in the Mare Island kidnapping, both Quinn and Huskins told the police they heard multiple kidnappers talking among themselves. And in the 2009 case, the victim counted two perpetrators. “The victim reported to us that she had seen only one suspect, but she believed that she had heard a voice of a second male suspect,” says Lt. Zach Perron, a spokesman for the Palo Alto Police Department.

So far only Muller’s arrest has been announced. The FBI won’t say whether they’re looking for anyone else or if Muller is cooperating with the government against former associates. “This is a continuing investigation,” FBI spokeswoman Gina Swankie says. “The only reason the case was unsealed and made public was to further the identification of other victims who may have experienced a similar crime.”

So, did he really have accomplices? Do the FBI know more than they are letting on? Or was the illusion of accomplices another creation of Mullers twisted mind, perhaps he played back audio of muffled conversations to make the victims think there were multiple assailants.

Who knows? I’m not sure if anything more will come out of this story – but nevertheless it’s an interesting one.

Source: Wired

Posted in: Hacking News, Legal Issues, Privacy


Latest Posts:


StaCoAn - Mobile App Static Analysis Tool StaCoAn – Mobile App Static Analysis Tool
StaCoAn is a cross-platform tool which aids developers, bug bounty hunters and ethical hackers performing mobile app static analysis on the code of the application for both native Android and iOS applications.
snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.


Comments are closed.