A few days ago I received a very disturbing email from firstname.lastname@example.org
This blog receives a lot of mean and angry messages but this one is in its own special class. Here's a couple snippets:
b-Murray was a white trash ho. Fucked the entire track team, including her "assistant track" coach (who is apparently now in Taiwan, putting that PhD of his to good use designing sneakers-I am sure it galled him to give up all of that white, American, undergrad poontang, poor guy), and lord knows who else at UMASS and in the surrounding community. Now, sadly (and admittedly) this does not differentiate her in the slightest from 99% of the white trash ho's currently attending universities and colleges in this country. However...
c-her little ho greek friend,Kate Markopoulos, clearly KNOWS a hell of a lot more than she is letting on. You have established that.
g-Maura Murray was fucking some local yoke, whom she met out at a bar while getting wasted (or possibly online), but I favour the random bar hookup for obvious reasons. He either bought her a trac/burner phone to keep ole' Billy Boy and his mommy in the dark, or he just called her on her dorm phone. Regardless, this is the guy with whom she planned to spend that weekend. I am sure that he picked her up and scooted her away to parts unknown that night. Now, whether or not he killed her...well, who knows, but I doubt it. Something tells me she is still alive and the greek ho knows all of this. It's a shame the cops can't water board her, 'cause requesting information from her nicely doesn't seem to be getting the job done.
First thing I did was forward it to the NH Cold Case unit. The second thing I did was reach out to the husband of a frequent reader of this blog, who knows a thing or two about backtracking emails. What he discovered was quite bizarre. Here's his response:
Whomever wrote it was in Northern New Jersey. That's as specific as I could narrow the location down as I don't have any contacts at Comcast (their ISP). I found one indication they are located in Manchester, NJ but that is unconfirmed.
There is one very strange thing about this email: even though the email is plain-text (sent insecurely), there is an encryption fingerprint. What this means is that whomever wrote the email has email encryption software on their computer but, for whatever reason, chose not to encrypt this message. This is very uncommon and generally only found among security "nuts" in the IT world. What makes it even more bizarre is that they wrote the email by logging in to aol.com as opposed to sending it from a phone or email client such as Outlook. That in itself isn't strange but because of the encryption fingerprint, that means that the encryption software that they have on their computer is setup to secure whatever they do, which is a step beyond paranoid. Most encryption software won't touch anything you're doing unless you specifically tell it to ("encrypt this specific email", etc). Their setup seems to be reversed - it touches everything that's happening on their computer, and they have to specifically tell it to not encrypt something, like the email they sent you.
When I started to poke around and see what else they had been doing with this email address, AOL had flagged the account with "Suspicious activity has been detected on this account. For your protection we are blocking access to this username." I can't say that I'm incredibly familiar with AOL's security policies or what they consider "suspicious activity", but I do know that in the IT industry, AOL is a joke - whatever this person did must have been rather severe to warrant AOL blocking their account entirely.
That caught my interest, so I dug deeper and found that their email address has been placed on an alert list for RIPE in the Netherlands. RIPE is one of the organizations that essentially helps keep the internet running in Europe. Unfortunately, there were not details as to why they had been placed on this list. Making their shitlist means you were really causing some trouble. The odd part is that this was only instance I found this email address referenced. Normally if you're causing enough trouble to be put on a RIPE shitlist, whatever you've done has also landed you on dozens of other shitlists. Whatever this person did was very, very specific - not something like blasting out a bunch of spam to thousands of people. More like targeting one computer or network and successfully causing some damage.
They were added to this RIPE list Apr 30, 2013 at 10:04:56 GMT. This specific list has since been deleted and they haven't reappeared on any of their other lists. This again goes to show that whatever they did was very specific - if it were inexact, they would have appeared on several of RIPE's lists.
And just when you thought this mystery couldn't get any weirder.