| News

Larger text Larger text Smaller text Smaller text | Order Photo Reprints

Original ties to Pitt threats led to suspect

Email Newsletters

Click here to sign up for one of our email newsletters.

Daily Photo Galleries

'American Coyotes' Series

Traveling by Jeep, boat and foot, Tribune-Review investigative reporter Carl Prine and photojournalist Justin Merriman covered nearly 2,000 miles over two months along the border with Mexico to report on coyotes — the human traffickers who bring illegal immigrants into the United States. Most are Americans working for money and/or drugs. This series reports how their operations have a major impact on life for residents and the environment along the border — and beyond.

Saturday, June 23, 2012, 12:01 a.m.

An Ohio man left enough digital fingerprints on a video and other messages to enable FBI agents to find and charge him with threatening University of Pittsburgh officials.

Alexander Waterland, 24, of Loveland denies he is the person who on April 26 posted a YouTube video and related comment threatening to release personal data stolen from the school. He denies sending an email to university police making the same threat.

Waterland, who lists “hacking” as his occupation on a MySpace page, is charged in making threats that demanded Chancellor Mark Nordenberg apologize for failing to safeguard students during the spring-semester bomb scares. He faces a hearing on Wednesday in Pittsburgh.

The FBI used Internet Protocol addresses to track the video and messages back to Waterland, according to an arrest affidavit filed by Special Agent Joseph Ondercin.

An IP address is a unique number assigned to each device that connects to the Internet. Much like a street address, it allows messages intended for that device to reach it.

Martin Lindner, principal engineer at Carnegie Mellon University's Software Engineering Institute, said tracking the addresses is “standard stuff” when tracing the origin of Internet communications.

“That's what they do all the time,” he said.

Lindner isn't involved with the investigation and couldn't say whether YouTube and Google recorded the IP addresses or whether the FBI found them another way.

Websites don't have to track IP addresses, but nothing prevents them from recording addresses that access the sites, he said.

The YouTube video by AnonOperative13 was posted five days after the last of a series of more than 45 bomb threats repeatedly forced evacuations of buildings at Pitt in March and April.

Sifting through the IP addresses that accessed that YouTube user account and a related AnonOperative@gmail account, FBI agents found three associated with Waterland.

One was a unsecured wireless system in the apartment building where Waterland lives.

One of Waterland's neighbors said the FBI recently searched his computer and told him he should set a password for his Wi-Fi network to prevent other people from using it.

The other two addresses led to the home of Waterland's sister in Indian Head, Md., and a mobile Wi-Fi device at the Express Scripts in Mason, Ohio, just outside Cincinnati, where he was working, the affidavit says.

An Express Scripts spokesman confirmed the company is cooperating in the FBI investigation.

The first set of bomb threats was posted on restroom walls, but the second set was emailed. Whoever made the second set of threats used a “remailing” program that specifically hides the IP address from which it came.

“Remailers make it much more complicated,” Lindner said. “The idea behind a remailer is to anonymize your activity. Some do it better than others.”

Because using remailers doesn't require expertise, the fact that the bomb threats were sent that way doesn't provide clues to the technical expertise of whomever sent the threats, Lindner said.

Brian Bowling is a staff writer for Trib Total Media. He can be reached at 412-325-4301 or

Subscribe today! Click here for our subscription offers.




Show commenting policy

Most-Read News