On this day, police authorities in the Philippines were able to capture a person who sent a bomb threat to an airline through an email. See full report here.
This is an unusual case because most emails cannot be traced back to a person for so many reasons. One of the difficulties on tracing the person behind an email is because anybody can simply create a dummy email address. Moreover, one cannot rely on tracing an IP address because the sender can be behind another router which gives dynamic addresses. Most traces end up with the Internet Service Provider (ISP) and ISPs cannot accurately pinpoint an IP address location but only an estimate of the location which is still large to filter. Sometimes it is impossible to trace the location because the sender might be under a Virtual Private Network (VPN). Through VPN, the sender can use an IP address borrowed from another location making them difficult to trace.
The interesting part of the report is that police authorities were able to pinpoint the person who sent the bomb threat. Police authorities knew the sender used a Yahoo mail account since email recipients get to know the email address of a message it came from. Since Yahoo is from the United States, the police asked helped with the United States’ Department of Justice to retrieve the full information of the email address and the person behind it.
Case 1Although it was not stated in the report, it is certain that the only thing the sender cannot tamper in an email is the IP address. The rest of the details in an email given back by Yahoo can be faked such as the personal information. The IP address that was probably returned by Yahoo to the police authorities matches IP addresses assigned to the Philippines. There’s an IP addressing standard followed and used by each and every country using the Internet. The police authorities might have already concluded that the sender is not under a Virtual Private Network which increased the chance of finding the sender and the fact that the bomb threat message was written in Filipino. The authorities can now trace the ISP responsible that used the IP address. It might have turned out that the IP address is owned by a telecom which was not stated in the report. This can be an accurate conclusion because the report stated that the police authorities were able to identify the sender's phone number and only telecom companies are responsible in distributing phone numbers. There are only few telecoms in the Philippines which also offer Internet services at the same time. Knowing the telecom responsible, the police authorities might have asked the details of the sender who used the IP address at the specific time the email was sent. Telecoms usually log all IP addresses assigned to phone numbers every time it uses their Internet service. Knowing the phone number led to the fall of the sender.
Creating an account in Yahoo requires users to activate their account. An option that Yahoo offers to do this is to send the activation key as a text message to a phone number which the user requires to register too. This means that every phone number can be linked to a Yahoo account and is saved in Yahoo's database. Yahoo can do phone number reverse look up given an email address which they can forward to proper authorities. Upon receiving the phone number, authorities can find further details of the user through the telecom responsible for the phone number which led to the sender's arrest.
Here in the Philippines it is difficult to know the owner of a cell phone number because anybody can simply change sim cards. The sender might have been caught through an entrapment operation where the police authorities tricked the sender through sending text messages or calls that eventually led to her arrest. It is also possible that the sender might have availed a postpaid plan with Internet subscription with the Telecom which requires personal information to be submitted.
Do note that the above discussions are all theoretical based on personal and professional experience in information technology.