Drones, Tor & Remailers – The Story Of A High-Tech Kidnapping


This whole thing sounds like something straight out of CSI: Cyber with references to Drones, Tor, remailers, anonymous image sharing and the scrubbing of meta data. Pretty interesting reading, although it rather smells like a lot of exageration. A super high-tech kidnapping – gone wrong in the end.

Drones, Tor & Remailers - The Story Of A High-Tech Kidnapping

Whoever wrote tho e-mails sent to the police (be it Matther Muller or not) was smart and plugged in, with references to the Egotistical Giraffe exploit and onions within onions.

The press called it the “Gone Girl” kidnapping. But the bizarre story of a former Marine and Harvard-trained lawyer who allegedly masterminded the abduction of a California woman is notable for more than the twists and misdirections that made it fodder for CNN. It’s a rare kidnapping-for-ransom scheme that availed itself fully of the riches of the Internet age, providing a glimpse of a future where brutal, physical crime and its digital analog merge into one.

FBI court filings unsealed last week showed how Denise Huskins’ kidnappers used anonymous remailers, image sharing sites, Tor, and other people’s Wi-Fi to communicate with the police and the media, scrupulously scrubbing meta data from photos before sending. They tried to use computer spyware and a DropCam to monitor the aftermath of the abduction and had a Parrot radio-controlled drone standing by to pick up the ransom by remote control.

All the high-tech theatrics may be part of why the police concluded that the whole thing was a hoax, until the FBI linked the abduction to a former attorney who once made the Journal of the American Bar Association‘s list of “techiest lawyers” for his computer skills.


It makes for really good reading, and it really goes to show..truth really is often stranger than fiction.

The irony is, he was tripped up by technology..and really simple technology. The Target POS system + CCTV was enough to foil him, plus the fact he used a burner phone at home? (not smart AT ALL). Why didn’t he just pay some kid $5 to go into the store and buy the phone for him?

Rookie mistake.

It’s unclear how much of the elaborate backstory in last March’s anonymous emails is reality, and how much is fantasy. The FBI affidavit notes that many of the incidents of burglary, theft, and vandalism described in the messages align with actual incidents reported to the police. But the bureau also notes that the same incidents were described in postings to the Mare Island section of the community news site NextDoor. It’s possible that the author of the email assembled his story Usual Suspects-style from NextDoor bulletin board postings.

Perhaps the biggest unanswered question is whether Muller’s accomplices, mentioned at such length in the anonymous emails, really exist. In the Dublin attack, Muller is believed to have acted alone. But in the Mare Island kidnapping, both Quinn and Huskins told the police they heard multiple kidnappers talking among themselves. And in the 2009 case, the victim counted two perpetrators. “The victim reported to us that she had seen only one suspect, but she believed that she had heard a voice of a second male suspect,” says Lt. Zach Perron, a spokesman for the Palo Alto Police Department.

So far only Muller’s arrest has been announced. The FBI won’t say whether they’re looking for anyone else or if Muller is cooperating with the government against former associates. “This is a continuing investigation,” FBI spokeswoman Gina Swankie says. “The only reason the case was unsealed and made public was to further the identification of other victims who may have experienced a similar crime.”

So, did he really have accomplices? Do the FBI know more than they are letting on? Or was the illusion of accomplices another creation of Mullers twisted mind, perhaps he played back audio of muffled conversations to make the victims think there were multiple assailants.

Who knows? I’m not sure if anything more will come out of this story – but nevertheless it’s an interesting one.

Source: Wired

Posted in: Hacking News, Legal Issues, Privacy


Latest Posts:


Axiom - Pen-Testing Server For Collecting Bug Bounties Axiom – Pen-Testing Server For Collecting Bug Bounties
Project Axiom is a set of utilities for managing a small dynamic infrastructure setup for bug bounty, basically a pen-testing server out of the box with 1-line.
Quasar RAT - Windows Remote Administration Tool Quasar RAT – Windows Remote Administration Tool
Quasar is a fast and light-weight Windows remote administration tool coded in C#. Used for user support through day-to-day administrative work to monitoring.
Pingcastle - Active Directory Security Assessment Tool Pingcastle – Active Directory Security Assessment Tool
PingCastle is a Active Directory Security Assessment Tool designed to quickly assess the Active Directory security level based on a risk and maturity framework.
Second Order - Subdomain Takeover Scanner Tool Second Order – Subdomain Takeover Scanner Tool
Second Order Subdomain Takeover Scanner Tool scans web apps for second-order subdomain takeover by crawling the application and collecting URLs (and other data)
Binwalk - Firmware Security Analysis & Extraction Tool Binwalk – Firmware Security Analysis & Extraction Tool
Binwalk is a fast and easy to use Python-based firmware security analysis tool that allows for firmware analysis, reverse engineering & extracting of firmware.
zBang - Privileged Account Threat Detection Tool zBang – Privileged Account Threat Detection Tool
zBang is a risk assessment tool for Privileged Account Threat Detection on a scanned network, organizations & red teams can use it to identify attack vectors


Comments are closed.