Share This Page

Original ties to Pitt threats led to suspect

| Saturday, June 23, 2012, 12:03 a.m.

An Ohio man left enough digital fingerprints on a video and other messages to enable FBI agents to find and charge him with threatening University of Pittsburgh officials.

Alexander Waterland, 24, of Loveland denies he is the person who on April 26 posted a YouTube video and related comment threatening to release personal data stolen from the school. He denies sending an email to university police making the same threat.

Waterland, who lists “hacking” as his occupation on a MySpace page, is charged in making threats that demanded Chancellor Mark Nordenberg apologize for failing to safeguard students during the spring-semester bomb scares. He faces a hearing on Wednesday in Pittsburgh.

The FBI used Internet Protocol addresses to track the video and messages back to Waterland, according to an arrest affidavit filed by Special Agent Joseph Ondercin.

An IP address is a unique number assigned to each device that connects to the Internet. Much like a street address, it allows messages intended for that device to reach it.

Martin Lindner, principal engineer at Carnegie Mellon University's Software Engineering Institute, said tracking the addresses is “standard stuff” when tracing the origin of Internet communications.

“That's what they do all the time,” he said.

Lindner isn't involved with the investigation and couldn't say whether YouTube and Google recorded the IP addresses or whether the FBI found them another way.

Websites don't have to track IP addresses, but nothing prevents them from recording addresses that access the sites, he said.

The YouTube video by AnonOperative13 was posted five days after the last of a series of more than 45 bomb threats repeatedly forced evacuations of buildings at Pitt in March and April.

Sifting through the IP addresses that accessed that YouTube user account and a related AnonOperative@gmail account, FBI agents found three associated with Waterland.

One was a unsecured wireless system in the apartment building where Waterland lives.

One of Waterland's neighbors said the FBI recently searched his computer and told him he should set a password for his Wi-Fi network to prevent other people from using it.

The other two addresses led to the home of Waterland's sister in Indian Head, Md., and a mobile Wi-Fi device at the Express Scripts in Mason, Ohio, just outside Cincinnati, where he was working, the affidavit says.

An Express Scripts spokesman confirmed the company is cooperating in the FBI investigation.

The first set of bomb threats was posted on restroom walls, but the second set was emailed. Whoever made the second set of threats used a “remailing” program that specifically hides the IP address from which it came.

“Remailers make it much more complicated,” Lindner said. “The idea behind a remailer is to anonymize your activity. Some do it better than others.”

Because using remailers doesn't require expertise, the fact that the bomb threats were sent that way doesn't provide clues to the technical expertise of whomever sent the threats, Lindner said.

Brian Bowling is a staff writer for Trib Total Media. He can be reached at 412-325-4301 or bbowling@tribweb.com

TribLIVE commenting policy

You are solely responsible for your comments and by using TribLive.com you agree to our Terms of Service.

We moderate comments. Our goal is to provide substantive commentary for a general readership. By screening submissions, we provide a space where readers can share intelligent and informed commentary that enhances the quality of our news and information.

While most comments will be posted if they are on-topic and not abusive, moderating decisions are subjective. We will make them as carefully and consistently as we can. Because of the volume of reader comments, we cannot review individual moderation decisions with readers.

We value thoughtful comments representing a range of views that make their point quickly and politely. We make an effort to protect discussions from repeated comments either by the same reader or different readers

We follow the same standards for taste as the daily newspaper. A few things we won't tolerate: personal attacks, obscenity, vulgarity, profanity (including expletives and letters followed by dashes), commercial promotion, impersonations, incoherence, proselytizing and SHOUTING. Don't include URLs to Web sites.

We do not edit comments. They are either approved or deleted. We reserve the right to edit a comment that is quoted or excerpted in an article. In this case, we may fix spelling and punctuation.

We welcome strong opinions and criticism of our work, but we don't want comments to become bogged down with discussions of our policies and we will moderate accordingly.

We appreciate it when readers and people quoted in articles or blog posts point out errors of fact or emphasis and will investigate all assertions. But these suggestions should be sent via e-mail. To avoid distracting other readers, we won't publish comments that suggest a correction. Instead, corrections will be made in a blog post or in an article.