Original ties to Pitt threats led to suspect
An Ohio man left enough digital fingerprints on a video and other messages to enable FBI agents to find and charge him with threatening University of Pittsburgh officials.
Alexander Waterland, 24, of Loveland denies he is the person who on April 26 posted a YouTube video and related comment threatening to release personal data stolen from the school. He denies sending an email to university police making the same threat.
Waterland, who lists “hacking” as his occupation on a MySpace page, is charged in making threats that demanded Chancellor Mark Nordenberg apologize for failing to safeguard students during the spring-semester bomb scares. He faces a hearing on Wednesday in Pittsburgh.
The FBI used Internet Protocol addresses to track the video and messages back to Waterland, according to an arrest affidavit filed by Special Agent Joseph Ondercin.
An IP address is a unique number assigned to each device that connects to the Internet. Much like a street address, it allows messages intended for that device to reach it.
Martin Lindner, principal engineer at Carnegie Mellon University's Software Engineering Institute, said tracking the addresses is “standard stuff” when tracing the origin of Internet communications.
“That's what they do all the time,” he said.
Lindner isn't involved with the investigation and couldn't say whether YouTube and Google recorded the IP addresses or whether the FBI found them another way.
Websites don't have to track IP addresses, but nothing prevents them from recording addresses that access the sites, he said.
The YouTube video by AnonOperative13 was posted five days after the last of a series of more than 45 bomb threats repeatedly forced evacuations of buildings at Pitt in March and April.
Sifting through the IP addresses that accessed that YouTube user account and a related AnonOperative@gmail account, FBI agents found three associated with Waterland.
One was a unsecured wireless system in the apartment building where Waterland lives.
One of Waterland's neighbors said the FBI recently searched his computer and told him he should set a password for his Wi-Fi network to prevent other people from using it.
The other two addresses led to the home of Waterland's sister in Indian Head, Md., and a mobile Wi-Fi device at the Express Scripts in Mason, Ohio, just outside Cincinnati, where he was working, the affidavit says.
An Express Scripts spokesman confirmed the company is cooperating in the FBI investigation.
The first set of bomb threats was posted on restroom walls, but the second set was emailed. Whoever made the second set of threats used a “remailing” program that specifically hides the IP address from which it came.
“Remailers make it much more complicated,” Lindner said. “The idea behind a remailer is to anonymize your activity. Some do it better than others.”
Because using remailers doesn't require expertise, the fact that the bomb threats were sent that way doesn't provide clues to the technical expertise of whomever sent the threats, Lindner said.
Brian Bowling is a staff writer for Trib Total Media. He can be reached at 412-325-4301 or firstname.lastname@example.org