Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping

Use Netsparker


This whole thing sounds like something straight out of CSI: Cyber with references to Drones, Tor, remailers, anonymous image sharing and the scrubbing of meta data. Pretty interesting reading, although it rather smells like a lot of exageration. A super high-tech kidnapping – gone wrong in the end.

Drones, Tor & Remailers - The Story Of A High-Tech Kidnapping

Whoever wrote tho e-mails sent to the police (be it Matther Muller or not) was smart and plugged in, with references to the Egotistical Giraffe exploit and onions within onions.

The press called it the “Gone Girl” kidnapping. But the bizarre story of a former Marine and Harvard-trained lawyer who allegedly masterminded the abduction of a California woman is notable for more than the twists and misdirections that made it fodder for CNN. It’s a rare kidnapping-for-ransom scheme that availed itself fully of the riches of the Internet age, providing a glimpse of a future where brutal, physical crime and its digital analog merge into one.

FBI court filings unsealed last week showed how Denise Huskins’ kidnappers used anonymous remailers, image sharing sites, Tor, and other people’s Wi-Fi to communicate with the police and the media, scrupulously scrubbing meta data from photos before sending. They tried to use computer spyware and a DropCam to monitor the aftermath of the abduction and had a Parrot radio-controlled drone standing by to pick up the ransom by remote control.

All the high-tech theatrics may be part of why the police concluded that the whole thing was a hoax, until the FBI linked the abduction to a former attorney who once made the Journal of the American Bar Association‘s list of “techiest lawyers” for his computer skills.


It makes for really good reading, and it really goes to show..truth really is often stranger than fiction.

The irony is, he was tripped up by technology..and really simple technology. The Target POS system + CCTV was enough to foil him, plus the fact he used a burner phone at home? (not smart AT ALL). Why didn’t he just pay some kid $5 to go into the store and buy the phone for him?

Rookie mistake.

It’s unclear how much of the elaborate backstory in last March’s anonymous emails is reality, and how much is fantasy. The FBI affidavit notes that many of the incidents of burglary, theft, and vandalism described in the messages align with actual incidents reported to the police. But the bureau also notes that the same incidents were described in postings to the Mare Island section of the community news site NextDoor. It’s possible that the author of the email assembled his story Usual Suspects-style from NextDoor bulletin board postings.

Perhaps the biggest unanswered question is whether Muller’s accomplices, mentioned at such length in the anonymous emails, really exist. In the Dublin attack, Muller is believed to have acted alone. But in the Mare Island kidnapping, both Quinn and Huskins told the police they heard multiple kidnappers talking among themselves. And in the 2009 case, the victim counted two perpetrators. “The victim reported to us that she had seen only one suspect, but she believed that she had heard a voice of a second male suspect,” says Lt. Zach Perron, a spokesman for the Palo Alto Police Department.

So far only Muller’s arrest has been announced. The FBI won’t say whether they’re looking for anyone else or if Muller is cooperating with the government against former associates. “This is a continuing investigation,” FBI spokeswoman Gina Swankie says. “The only reason the case was unsealed and made public was to further the identification of other victims who may have experienced a similar crime.”

So, did he really have accomplices? Do the FBI know more than they are letting on? Or was the illusion of accomplices another creation of Mullers twisted mind, perhaps he played back audio of muffled conversations to make the victims think there were multiple assailants.

Who knows? I’m not sure if anything more will come out of this story – but nevertheless it’s an interesting one.

Source: Wired

Posted in: Hacking News, Legal Issues, Privacy


Latest Posts:


Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.
CTFR - Abuse Certificate Transparency Logs For HTTPS Subdomains CTFR – Abuse Certificate Transparency Logs For HTTPS Subdomains
CTFR is a Python-based tool to Abuse Certificate Transparency Logs to get subdomains from a HTTPS website in a few seconds.
testssl.sh - Test SSL Security Including Ciphers, Protocols & Detect Flaws testssl.sh – Test SSL Security Including Ciphers, Protocols & Detect Flaws
testssl.sh is a free command line tool to test SSL security, it checks a server's service on any port for the support of TLS/SSL ciphers, protocols as well as recent cryptographic flaws and more.
Four Year Old libSSH Bug Leaves Servers Wide Open Four Year Old libssh Bug Leaves Servers Wide Open
A fairly serious 4-year old libssh bug has left servers vulnerable to remote compromise, fortunately, the attack surface isn't that big as neither OpenSSH or the GitHub implementation are affected.
CHIPSEC - Platform Security Assessment Framework CHIPSEC – Platform Security Assessment Framework For Firmware Hacking
CHIPSEC is a platform security assessment framework for PCs including hardware, system firmware (BIOS/UEFI), and platform components for firmware hacking.
How To Recover When Your Website Got Hacked How To Recover When Your Website Got Hacked
The array of easily available Hacking Tools out there now is astounding, combined with self-propagating malware, people often come to me when their website got hacked and they don't know what to do, or even where to start.


Comments are closed.