Keynote

well i i worked for the nhl for about eight years as an off-ice official for the caps and um uh we had a saying you know what's red white blue and green cap's playing golf in april so all right here we go so here's what i'm going to talk about today first off it's going to be about crime and digital forensics not about security too much so i'm going to define the cyber environment that we have to work with in law enforcement some of the legal issues involve intrusions critical infrastructure specifically different cyber crimes that you would not probably suspect digital forensics and then my latest project which i've been working on since uh early september into august which is the

db cooper cold case so how many of you remember d.b cooper good good so uh you'll you'll enjoy this so um what does cyber mean anyway um when i was with dod they would they would okay each agency would define cyber uh a different way well in 1996 uh i got detailed to the president's i mean to the u.s senate permanent subcommittee for investigations and uh we were to hold uh was chaired by senator sam nunn and our task was to investigate the threat to the national information infrastructure from cyberspace and one of our one of our witnesses that came was the director of the cia john deutch and john deutsch was testifying on foreign information

warfare capabilities and right in the middle now senator nunn is an accomplished attorney right and what do trial attorneys do they never ask questions they already don't know the answer to right well in the middle of deutsche's testimony he said what does cyber mean anyway and you know deutsche's face went pale his jaw dropped he clearly didn't know and he said may i have a moment and he turned and of course he's got you know 27 you know staffers with him and they have a huddle for about 30 seconds and he comes back and says i'll have to get back to you senator so the very next day he said he sent this letter and so i'll try to

read it here for you says dear senator nunn during yesterday's hearings on foreign information warfare capability you asked a rather indelicate question what does cyber mean anyway i must admit that your query caused a great deal of discomfort here while everyone had used the term no one had heretofore felt any need to know precisely what the hell it meant i put hell in it he didn't in light of my promise to keep congress fully and currently informed i pressed for an answer central intelligence agency cia's research revealed that the term cybernetics was coined by the father of cybernetics norbert winer in 1948 mr weiner's words we have decided to call the entire field of control and communications theory

whether in a machine or an animal by the name cybernetics which we form from the greek cyber nesters or steersman department of state concurred with cia's findings but wish to point out that the greek cybernetics is related to the latin gubernator meaning steersman or governor the defense intelligence agency uh flynn ran the defense intelligence agent just keep that in mind the defense intelligence agency is not yet ready to make a judgment and is exploring the possibility that cyber may have come from the greek cybistitor or diver from which we derived the word cybister or a genus of large diving beetles i hope this clears up any confusion so that being said let's talk a little

bit about crime in general so what are the motives for crime they run the gamut uh love hate activism mental illness peer pressure they literally run the gamut and every tool that mankind has ever made and developed has been turned around and used as a weapon whether it was a rock a stick an ice pick a bottle a rope uh so we shouldn't be you know shocked that people take computers which were supposed to help and and make them a weapon system whoops what the hell happened there

so there are three kinds of uh you know all crime falls into about three categories crimes against persons and property rapes drugs murders child pornography bullying fraud you know identity theft theft of intellectual property wire fraud online scams and then counterintelligence which includes counterterrorism and espionage and so everything falls in those three categories and computers play three roles also so a computer can be the victim it you know somebody hacks into the the computer becomes a victim or it could be a witness maybe it's just a pass-through and the witness doesn't even know that you know the bad guy went through their system and then the subject computer the computer that actually is used to

launch the attack or has the child pornography on it so tools of the trade for any executive criminal spy or terrorist and some would say you know they're all the same you have to have reliable communication you have to have your documentation you have to have contact with your partners so you have to have their information uh be able to do business wherever you are gotta be mobile social media today so what tools are you gonna use you're gonna use the internet smartphones and laptops so there are several legal issues that we have to discuss too there's you know law is kind of a multi-disciplinary uh field so there's criminal law and then there's procedural law

so criminal law says what is uh illegal what's against the law and the elements of proof to prove it and um you know so you know there are laws against rapes drugs murder you know intrusions things like that and then there's procedural law procedure law tells law enforcement how we are allowed to collect evidence how do we get a wiretap order how do we get a search warrant the fact that we have to get a search warrant uh for things uh rights advisement so that's procedural law and procedural law is always a balance between individuals rights of privacy and public safety and you can see that pendulum it swings depending on the recent environment so you know when when 911

occurred prior to that you know the pendulum has swung towards privacy soon as soon as we had 9 11 congress passed the patriot act gave law enforcement a lot more capabilities because but now that we haven't had major terrorist attack it's starting to slide back uh towards privacy and then legal issues uh especially in the cyber environment are international so you each country has its own legal and infrastructure and its own sovereignty so we have to have mutual assistance agreements with other countries some cooperate some do not cooperate some have a cyber capability some do not so let's talk a little bit about a cyber attack i think that defending against a cyber attack is the opposite

of defending against a nuclear attack so thank you that concludes my briefing for the day [ __ ] you want [ __ ] i'm going to end on a high note so so uh if you think about news especially now when we're talking about north korea and iran we know who the bad guys are and who has nukes or who is developing that capability and we have a significant surveillance on those sump [ __ ] right and if they were to launch an attack we would know within you know in case of a north korea we know they're preparing to do that uh if they launch an attack we're going to know within a fraction of a second

that there was a launch and and pretty quickly we'll be able to determine the trajectory of what the target's going to be and we have a response but in the case of a cyber attack it's the opposite now we've got to sit back because everybody has the capability you all have the capability in your flipping pockets today so anybody can launch that attack so now we have to sit back can't surveil everybody so you have to sit back and wait for the attack to occur and then work backwards after the attack for the attribution much more difficult and then to complicate things is the legal issues here in america these are exclusion zones for the

military and the intelligence community posi comitatus prevents the military and intelligence community from watching and surveilling in the united states so it's a law enforcement issue so now there's law enforcement domestically and law enforcement can go internationally and then the intelligence community and the military are international so speed counts especially in the cyber attack bad guys are coming at you literally almost at light speed and the second part of the problem is that our legal system is geocentric so if you think about jurisdiction it's based on a piece of geography a city county state tribe campus country cyber doesn't respect any of those arbitrary man-made borders and attribution is the holy grail so whenever there's a cyber attack

you have to know where the the sumbitches fingers are on the keyboard and you know when when you discover a breach how did they get in uh uh was it an insider an outsider attack uh are they still in your network no i mean that's kind of interesting uh did they leave anything behind did they change anything while they were there and then you need to decide if you want attribution if you're a private company do you want attribution do you care if it's an insider do you have the in-house capabilities to achieve that attribution or do you have to hire a contractor or do you want to call law enforcement if it's an outsider you really don't

have much choice you have to call law enforcement because you can't reach back uh and follow the trail for the attribution after the attack is gone so uh intrusions in information warfare so how many of you read the cuckoo's egg okay so that was my case back in 1996 so if you read the book i'm in it 34 times now the reason i know i'm in it 34 times is because my general who spelled computer with a k heard that i would you know cliff when he was writing the book was sending me the manuscript and we were trying to keep it as accurate as possible when he was writing it and he said he said you know my my

general found out about it and he says send me a copy of the manuscript and highlight everywhere your name and osi which was my organization is mentioned because he wanted to know if i embarrassed the air force and osi so that's how i know i'm in there so my mother read the book and uh you know what she said to me you know i'm so proud i'm in a book you know i'm i've been an agent for all of about a year and a half and my mother reads the book says you know you're the only one who booked the cursed so everybody knows about the hanover hacker case you know west german hackers so we'll go into that marshworm

everybody remember the mars worm in 1988 okay well um osi was the first law enforcement agency to be notified about that well that that's not true where the first agency did anything about it uh cliff stole was actually my source again and he called me and said hey you know what's going on i said no so he told me what was going on and so we were able to go out and protect and collect evidence that allowed the military computer so i i notified the fbi and and they had been notified initially and kind of blew it off they didn't know what to do with it so i called the case agent that i worked

with uh you know on on the hanover hacker case and say hey mike mike gibbons said mike do you know what's going on here and you guys were notified eight hours ago and they have you haven't even called back so we worked the case together so quickly you know robert marsh jr was notified uh uh identified and and arrested the interesting fact is that his father robert marsh senior was the chief scientist for nsa's national computer security center and so i had him on our meet the fed panel at def con a couple of times you know so the the goons introduced me they said do you know robert marst you know because he's like you know a

legend and i said well yeah i met him a couple of times a long time ago and they said well he goku so he said you look familiar i said yeah i was i participate in the arrest of your son oh hey [Music] and then recently our presidential uh election i mean it's clear the russians tried to influence our election uh but we shouldn't be shocked about that [ __ ] i mean you know you know dogs chase cats i mean i mean really what is an intel organization supposed to do i mean [ __ ] if we're not doing it then our guys aren't doing their job so uh and what kind of perplexing is remember the

dnc system when senator sanders staffers hacked into clinton's database of donors that's a violation of usc 1030. how come there was no investigation on that i mean that was clear violation insider exceeding their authorization level well um so in the future i think you have to expect everyone's election are going to be influenced anyway i was a chief election judge in anne arundel county for uh six elections and you know we had it was computerized voting and i'm going to tell you there is it was so insecure and i kept raising my hand in the class you can't do that you know and you know it takes a conspiracy of two to change change votes that's all it

takes and um you know so they have actually in maryland have gone back to paper ballots this year but uh hard to influence large elections a national election because every jurisdiction has their own process their own machines and they're not interconnected but you know that's the way we're headed let's connect everything to everybody so i guess the bottom line is ignorance is not bliss the government i mean i i ran the hanover hacker case in 1986 and still the government hasn't done [ __ ] we still don't have our act together if you go back and you read the cuckoo's egg we're no better off today in fact we're much worse off today because computers uh are are integrated in

everything that we do uh just sad uh critical infrastructure protection uh in uh 96 when i left the senate uh i went to the uh president's infrastructure protection task force down at the fbi headquarters and um we were we were we were going to protect the the critical infrastructure for the united states there were six of us chaired by the fbi anybody here from the fbi oh so you guys haven't had the lobotomy okay i was the worst two years of my career you know uh after working at the senate and working for osi you're you're running at 110 miles an hour and you got to the fbi and it's glacier-like i can give you so many horror stories

about working at fbi headquarters and they're they're uh they use the word perfect uh you weren't allowed to have email addresses uh you didn't have cell phones i had to fight to get an answering machine you know there's six of us were out on the road protecting america's infrastructure right for two years and we had no voicemail you know uh we wanted to produce brochures and after a three-month process they the department of justice turned us down because it was more than three colors okay so uh i'm flipping seriously well after um after i left the president's infrastructure protection task force i went back to the pentagon for the to the working for the assistant secretary

of defense for command control communications and intelligence and while i was over there um i i got a call from senator nunn's office and he had been contacted by 20th century fox and david marconi and they were writing a script for a movie called world war iii.com so they that they i don't know why but they authorized me to meet with this guy they probably wish they hadn't well david marconi he wrote enemy of the state with will smith and gene hackman you know he also wrote mission impossible 2 and he was writing this movie called world war iii.com and the premise of the movie was that this was in 1998 and there was a

u.s airstrike in libya taking out a factory that produced chemical weapons and this hacker who lived in libya his father was killed in that so he unites all the uh hackers from all over the world to go after the critical infrastructure of the united states as a payback so that was the premise of the movie well we collaborated on it for about six or seven months and he started writing the movie and so i didn't hear anything and so i i contacted him in 2000 i said hey what's the deal he says we're it's it's it's on the fast track we're moving 2002 occurs you know i contacted him again so what's what's the scoop he said after 9 11

anything to deal with uh terrorism got put on the shelf got it well in 2005 i get this call from david and he says guess what congratulations i said why what i do now and he says uh we made the movie it's called live free or die hard with willis right bruce willis and what they had done was they wanted to write a new movie for uh uh for uh die hard series and they went took the world war iii.com off the shelf brushed it off and and uh just had a new hero so the smithsonian channel so i asked i said you know hey do i get to go to the premiere no i said what did you know i wrote all the

infrastructure attacks he said uh uh but i'll send you a poster i'm still flipping waiting anyway don't get paid for that because i did it while i was working for the government so i guess in 2000 uh i get a call from david he's living in paris and he says hey you know the smithsonian channel has this series on uh the real story series i don't know if you've all seen it on history on smithsonian channel and they do uh a documentary on the real story behind a movie so like on the da vinci code true grit saving private ryan and they wanted to do one on live free or die hard so uh they said you know you need to

talk to jim christie so they you know the bbc sent over a team spent a couple days with me and so if you remember live free or die hard we had the fire sale everybody remember that you know and uh everything must go and you remember gabriel the bad guy to mccain told him uh john you're a timex watch in a digital age okay so that kind of resonated with me so uh fire sale you know so i wrote all these critical infrastructure attacks which the government was really happy about um but they still haven't done anything about them and today cities are now connected and i can remember when i was on the president's infrastructure protection

task force we were interviewing um the folks who run the traffic control system for los angeles and they hired a company to come in and automate the traffic control system and so i said is it connected to the internet nope not connected everything is it's a closed system said where's the maintenance come from oh it comes out of atlanta they you know they dial in so some things just haven't changed military bases they all have scada systems everybody knows what scada systems are but each base has their own scada system controls the the power controls the water the sewage electricity uh uh you know traffic systems the whole nine yards all controlled by civil engineers

they know a lot about cyber and what's really scary is that 85 of the critical infrastructure in the united states is owned by the private sector well you think the government's going to come help you if you have a problem you know what they tell you you can [ __ ] and slay right there you know have a nice life you know you're a critical infrastructure do you think the private sector shares vulnerabilities and and things like that with the with the government no that doesn't happen either so uh these critical infrastructures are uh becoming more and more complex and more and more dependent and more and more connected and the government has no oversight

over the security now this may be a little controversial but i kind of think if you look around any public building what do you see you see sprinkler systems do you think the building owner put sprinkler systems in to save your ass during a fire no they put them in because state and local government put laws in for minimum security to protect public safety so if it's a critical infrastructure like power or finances or a dam do you think they should have to meet a minimum standard for security um that's up for debate so you know don't be a timex watch in a digital age government now i'm going to go off a little bit on

the intelligence community and law enforcement community which is my background um the intel community has had the lead in the cyber realm since 90 before desert uh uh storm and but unfortunately everything is classified it was kind of interesting when i went to work for senator nunn one of my jobs was to go around we had to go around interview witnesses and find out what the hell the government was doing in all the different agencies so we went over to nsa okay and they gave me a classified briefing on the hanover hacker case and i'm like what the hell are you how is that classified oh it shows a vulnerability i said it's in a flipping book you know

this public that's been out there for 10 years how can that be classified oh no this is the rules that we have uh when you know there's i was talking to somebody somebody's from army mi okay you know in the old days i would not coordinate my cases or take any information from anybody from army mi and the reason was because i was looking for a kid who was hacking a government a system and if i uh talked to the army mi every all the information i got from them was classified which i couldn't pass on to the local police department who was going to arrest the guy so you know we've done ourselves a major

disservice by classifying everything law enforcement is starting to catch up in the cyber world but uh i showed you how many law enforcement agencies there are in the united states right over eighteen thousand different law enforcement agencies independent uh autonomous law enforcement in the united states alone do you think everybody has a cyber crime investigator can you think of any crime that doesn't have a cyber nexus today uh i don't think so so but law enforcement is catching up but the federal guys they classify everything as well so if they classify it they're not going to share it with the private sector or the victims and remember critical infrastructure is owned by the private sector so they

don't get you know the information that the government has so i think the federal government has significantly hurt our public safety uh and national and economic security by classifying everything this is this is just too critical you know defense is important and the reason the intelligence community classifies everything is so they can use it themselves offensively everywhere else in the world you know offense always takes precedent over defense and government's unwilling to share their tactics tools and procedures uh with the rest of us so cybercrime anybody want to take guess what the number one cyber crime in the world is child well kitty porn is terrible term child porn kiddie porn kind of minimizes child pornography is the sexual abuse of

children so no cops do it too it just pisses me off you piss me off already child pornography every time you show an image of a child in a sexually explicit manner you have sexually abused that child and you know i think everybody can agree there's probably not much uh uh that's more horrific than that uh pedophiles have always leveraged uh new technologies um before we had the world wide web you know they were doing digital diaries before we had digital photographs they were doing digital diaries and they were inc using encryption to encrypt those diaries then we had digital pictures and videos and that just proliferate in the old days if you wanted to get a child porn photo

you would have to get a magazine you know and so the the two number one uh uh the two uh uh uh most prolific investigative organizations were u.s postal and customs because it was generally produced overseas and mailed into the united states but today you know every one of you could be a child pornographer a producer and distributor anybody who who is a somebody who's going to raise their hand one day i know you know steganography first time we encountered steganography in law enforcement was with pedophiles when i was running the lab at the defense cyber crime center i got a call from an investigator in tennessee and he said hey christy i know you guys

do a lot of child porn up there i said what does that mean he said uh are you seeing train pictures and i go [ __ ] i don't know i'm not looking for train pictures he says we have a child pornography ring uh of trained aficionados and what they do is they stay the child pornography and train pictures and then they exchange the the train pictures well if you don't know that as a law enforcement agency how would you know to look for it and how to uh decrypt it and de-stag it and so the the best place to deal with this stuff is the national center for missing exploited children they have law enforcement embedded with

them and they do a a tremendous job today's vehicles you know everybody knows can have more than 40 wireless access points you know my my my my suv was talking to me on the way in this morning you know tell me i'm changing lanes and i need to slow down you know emails me you know once a month or when there's a maintenance issue so each vehicle has two major networks they've got a controller area network and an infotainment network and and everything is accessed wirelessly and so we were we went to a camp uh that was 2013 at ohio state and and uh it was kind of interesting so

i believe you know i'll skip right over today well first off first off that controller area network controls your flip and steering and your braking they're when you turn the wheel all you're doing is having a sensor tell the wheels to turn well you know or you break i think there are critical systems in an automobile like steering and brakes that you ought to be able to have control over and not be wireless okay but that's not the way the manufacturers think they think hey we save money we can do it faster cheaper this way uh but you know pretty scary but the the hacking camp that we went to um uh five manufacturers came in uh

they had cars on dinos running 55 miles an hour and they had kids lined up with laptops hacking the system they had to tow two of the two of the cars away they could they couldn't drive them the kids had screwed them up so bad and and so i was i was doing a keynote for him and and so one of the vehicle reps came up to me and wanted to know why a dod investigator cared about this stuff that's that was their mentality that's only three four years ago you know why would you care i said well number one as an investigator if somebody i'm i'm interested in the forensics of that if somebody

causes that to happen and as the dod person i would like to cause that to happen you know to some people you know that would be pretty cool wouldn't it they had they had no idea medical devices you know um you know there was a guy convicted of arson they went back and he had a uh a heart monitor on and they were able to go back and say the time the fire started his heart was racing and they used that as evidence to convict him of the arson digital forensics i think is key to solving almost any crime today you know we went over the different crimes and the motives but i think uh you know with the digital

proliferation today um you know digital forensics is critical so unlike dna dna can tell you who digital forensics digital evidence can get answer all the who what where when why and how questions you just can't do it in 10 minutes like you do it on tv which goes back to the csi factor you know juries expect you to be able to find all the evidence and do it quickly and you know and so do judges so i i created a thing that i call digital forensics intelligence so you have three communities let's say you had the national security community department of defense the military the intelligence community you had the public safety community law enforcement

and then you had the economic security private sector communities and um um where they all overlap if you're investigating crimes in those areas or uh espionage or an intrusion i think digital forensics and the tactics tools and procedures used by those investigators are critical so um you know law enforcement's working child pornography id theft organized crime and you know what the ttps are the same for the intelligence community as they are for law enforcement as they are for the private sector we all use the same tools and the bad guys use the same tools and techniques to commit their crimes and those three communities have to start sharing digital forensics intelligence to be able to solve

whatever issue they have and it's a multi multiple multi-disciplinary field as well one of the first crimes that we actually used the term digital forensics in was a case i had back in 1991. it was uh we had a wife of a gi over in the philippines and she was murdered she was stabbed 42 times she was off base found in the front seat of her pickup truck husband was a suspect uh but he had an alibi he was on base and in those days in the philippines at clark air force base she had to sign in and off base and so he was on base when she was murdered so our osi guys went in to interview him

as a witness in his office in the middle of the interview he jumps up reaches down into a box on the floor next to his desk pulls out a pair of pinking shears and a five and a quarter inch floppy disc and cuts it up so by the time they stopped him he had done significant damage so they called me in dc and said okay we're sending you these diskettes this diskette we want to know what's on them i'm like oh yeah great so while they were in route i'm contacting all the law enforcement agencies in the area nobody had a capability to recover the the data so i went to the intelligence community i went to nsa

so i negotiated with their general counsel and they said okay you can come up and ask but you're going to have to talk to six different groups and you have to do them individually because one group's not allowed to know what the other group does that's okay so i came up and and so they all told me the same thing we have a theory on how to get that data but we've never actually applied that theory so we don't know whether we would be successful or not so what we'd have to do is get resources set up a lab get equipment get people have money and then in a year we can test these theories

well meanwhile uh i i have a problem with speedy trial issues so our boy has to go to go to trial so uh i went to the private sector and they didn't have a technique or tool for that so went to the cia and cia said we can get that data for you i said great thank you they said but how we do it is going to be classified so you won't be able to use the information in court i'm like well what the hell good is that and he said well well you know i said hey we'll get the data for you so we turned over the disc pieces and you can see when we when we when we

got them we started putting them together like a jigsaw but we didn't have one discount we had two discounts and we had 23 pieces and we didn't have all the pieces to each diskette so they were actually different manufacturers the mylar was a little bit different color and we we were able to separate them except for the four pieces in the middle we couldn't tell which which disc they belong to so cia takes my disks pieces two weeks later they call me on the phone said okay come get your damn discs i said what does that mean they said we can't tell you over the phone okay so i drive around the beltway with my deputy ed cutchens

and we go in and they said we tried our three techniques and they didn't work so unfortunately here's your here's your diskettes i said why don't you just tell me that on the phone well we don't want the bad guys to know that we can't do this i said oh so we jump in the car with our just get pieces we're driving back around the beltway and ed says to me okay you gave every all the big boys a shot you're going to give me a shot i said what the hell are you going to do so i'm going to i'm going to scotch tape them back together i said get out of here you can't scotch

tape disk you know because on a floppy disk the head actually rides on the mylar there's no air gap like in a hard drive i said you're gonna rip the reed right heads off he said geez don't know if we don't try it's okay get back to the office we grab a couple of diskettes we put some data on them and we cut them in quarters and then we tape them on one side put them back in the jacket and he whips out my laptop with my external five and a quarter drive and i said what are you going to do he said i'm going to read it i said you're going to rip my red red heads off

he said well no if we don't try i said okay let's turn it on and it took about 15 seconds and you could hear the heads flying around on the inside of the chassis so we won't say what i said so we pulled it out and said let's pretend we're nsa scientists so we pulled the disc out of jacket when the nsa guy said would you do take a coffee break no so we pulled the disc out of the jacket where the splice was on the top was still nice and smooth on the back side where the tape was the tape was frayed tape is what ripped the reed right heads off so we need to start brainstorming how do

we how do we cover up that that tape so i said what if we put another blank diskette and sandwich the tape between two disks so we tried that so while i'm doing that uh ed goes up to a small computer tech center and get a stack of external drives because i know we're gonna rip the hell out of these things and put it in and we were we had two discounts one had the character a's throughout the whole disc the other had character b's and we were able to do physical reads and get a's from the top and b's from the bottom so now we had a technique problem was the disc pieces had been crumpled up

so we had to find a way to iron them so we try i try to you know put a t-shirt over it and iron it with an iron that didn't work so what we found was a soldering iron attached to a rheostat so we could adjust the temperature and then we took a piece of brushed aluminum tubing and slid it and hit put that over the heating element of the soldering iron and we rolled that and that took the creases out and we were able to make that work but if you look at the orientation some of these pieces don't have an outer edge or inner hub so we didn't know actually how to align

them when we taped them back together so i found this stuff called magnesi it's a real fine ferrous powder suspended alcohol-based solution you shake it up and you throw it on magnetic media the magnetic particles align with the magnetized spots the liquid evac evaporates and you can actually see tracks and sectors and if you can see them now you can align them because it was only a three and a half inch five and a quarter is this it wasn't very dense so with a magnifying glass you could actually align them and then tape them together and brush off the powder so we we were able to get somewhere between 85 and 95 percent of the data off each

and every piece and what we found was that our subject his wife had actually divorced him and left the philippines and moved back to the united states and we found the love letters that he was sending to her saying please i love you come back and remarry me and which she did at the same time he was sending those letters uh he sent the letters to his filipino housekeeper who was his girlfriend uh asking her to hire the hitman when his wife came back we found the letters uh for for the hitmen and she hired uh two of her cousins and uh they they shared 105 stabbed her 42 times and killed her so uh we found all that and then we

found the letter uh upping her life insurance to 450 000 so once he was confronted with all that uh information he pled guilty and was sentenced to life in prison so forensics files did a piece on this so every every once in a while somebody calls me and says hey your your your forensics files cut up just get cases on tv to now so if you see it it's called sheer luck which pissed me off that was not sheer luck that was research okay for the last couple minutes i'm going to talk about what i've been working on since september so the i was asked to join a cold case team for d.b cooper so everybody knows d.b

cooper right he was the uh uh he was at his name actually was dan cooper on the ticket and the media screwed it up and made it db cooper and that just stuck but he hijacked a northwest orient flight 305 day after thanksgiving on in 1971 and today it's still the only unsolved uh us hijacking he ransomed the passengers plane and crew for 200 000 which is equivalent to about a million dollars today demanded 200 000 in cash and for parachutes so when they landed in seattle when the parachutes and the money came on board he allowed the passengers to leave and he kept the crew and demanded they fly him to mexico in route

he went down the back stairway never to be heard from again and they'd all the crew he made go up in the front he had he had a briefcase with a real or simulated bomb in it so nobody knows from seattle they were going to refuel in reno nobody knows where he jumped but they suspected they felt a vibration still in uh washington state and they think that he jumped in washington state uh never to be heard from again uh so they don't know what whether he died or whether he was successful uh in the jump so uh a friend of mine who's my friend of mine now i didn't know him then uh is leading uh a cold case team his

name is tom colbert and so if you go to his uh website dbcooper.com he has all the videos and and and uh interesting information on db cooper so he comprised a cold case team of over 40 40 federal state and local law enforcement calligraphers calligraphers were really key in this criminologists prosecutors judges intel guys forensic experts handwriting experts and it's been a six-year investigation and the history channel aired a four-hour episode last july so you know cooper they they identified who they believe the suspect is they believe it's a 73 year old lives in san diego today robert rackstraw and you can see the the fbi sketch artist and then his military picture from 1971

pretty similar the fbi identified him as a suspect in 78 but then let him go he was kicked out of the army for fraud in 1971 about four months prior to the hijacking he had airborne jump school and helicopter pilot school and as you can see he does resemble the the sketch he was an explosives expert so he could have built a real or fake bomb military and sport parachutist he he was stationed in vietnam for two or three tours and he jumped with the army he also did sport jumping with the arvin he was a heavy smoker and in 79 he was training the shah of iran's helicopter pilots he was tried and acquitted of murdering his father-in-law

and he was convicted uh felony for check hiding plane theft and illegal explosives served two years in federal prison kind of a timeline on him he listed in the army guard in 64. uh infantry jump school 67 68 he battered his wife for the first time or at least we reported the first time and she put in divorce papers and then withdrew him later in 68 he also went to psyops training helicopter school 69 deployed to vietnam and he was actually a war hero in vietnam rex draw had a silver star distinguished flying cross twice he was promoted he started out as a enlisted became a warrant officer and then a first lieutenant and then in 1971 he battered his wife

again and the wife and kids were went to a shelter army opened an investigation and in june he was certified as a commercial chopper and fixed wing instructor but the investigation concluded and he was kicked out of the military because he lied about his uh college uh records he actually was a high school dropout and he disappeared when he got kicked out and he disappeared in june of 71 and in november 24th day after thanksgiving was the hijacking so we think that was kind of a motive um the flight attendant asked him while she was sitting in the back while while they were talking and she says why are you doing this to to northwest orient

she said do you have a grudge against northwest orient because no just a grudge some of the other quotes when he was uh following his sentencing for the fraud and explosives charge a reporter uh asked him if he was the hijacker because there was always rumors that he was the d.b cooper any you know smart ass i'm afraid of heights and he says reporter you have parachute training and as you mentioned yourself your background suggests that you could have been d.b cooper could have been i could have been you don't want to commit yourself one way or the other no i can't commit myself on something like that one you know he does not deny that he's d.b

cooper you know so no cyber nexus to this crime back in 1971. once the history channel documentary aired there are several well forever there have been cooper research websites out there and it all these sluice you know you know law enforcement guys private investigators they all have been trying to figure out for 45 years who d.b cooper is well we monitored those and two bloggers with no history of blogging popped up on three of the computer related uh the cooper related websites and they seem to have information that our team had collected that nobody else knew that we hadn't publicized wasn't in the the history channel documentary the team has accumulated over 110 pieces of unique evidence that points

directly to circumstantially to rackstraw uh which i can't get into but if you go to the website you will see you know the ton of uh information uh theory was rackshot rackstraw was the blogger or he had people blogging that he was controlling for him so i was asked to join the cold case team to identify who the bloggers were so i put an undercover team together four of us uh created fake identities and joined these cooper research sites uh the team had over 130 years of cyber investigative experience and and i used the same technique i used in 1987 to uh on a pedophile bulletin board you know so what we did was we all joined at a

different time uh and then talked among ourselves knowing other people were watching trying to draw him in and it took about two weeks but i coordinated and scripted all the teams comments online comments and we brainstormed how to get this guy to come to us and then we set up a document that he that has bait uh that was going to be surveilled and uh took about two weeks and uh and he took the bait and we reconciled his location to north hollywood um so not definitive but in the so this this is the interesting part a guy because this history channel episode aired some guy calls tom colbert out of the clear blue and said hey i'm a 32 year old male from

mississippi and i've catfished rackstraw on facebook and so you know so colbert says hey that's that's computer you guys uh you guys can you handle that i said yeah so i'll run them so uh i kept the uh the two operations separate i didn't let the my catfisher know uh about our other op so everybody knows what a catfisher is right it's a bottom dwelling thing so this catfisher uh he he pretended he was a uh a nurse 52 years old from mississippi sent flattering messages to rackstraw and a friend request asked him if he was if he was db cooper after a month rackstraw accepted and started to interact with kelly so uh i wanted to know who i'm dealing

with so we exchanged a couple of emails and finally had a phone conversation and i wanted to know his motivation for doing this and he said he was bored saw the the cooper documentary uh he was married with three kids his wife divorced him due to his previous facebook activity uh but they were back together and uh he catfished for fun uh to satisfy his f uh his facebook urges and because his wife wouldn't allow him to have a facebook account so so he had others you know and and let me tell you so i had uh my ex-wife was an agent she's a private investigator so i called her and i said hey can you do a

you know uh a records check on this guy in background investigation on kelly so all the information that he had provided me was accurate 32 years old three kids uh provided his real address in in alabama found out he was a pastor of a church actually and his father was a pastor also well i i if you've seen what he was sending i don't think my pastor talks like that so you know and so he then started to flood me with the texts that he was exchanging with rackstraw uh and rockstar was providing him with lots of pictures from vietnam and then he provided this one he she kelly said that you know her father

was in the army with him so that's kind of one of the hooks so he sent this picture of himself when he was supposed to be 35 years old as a lieutenant colonel well he was actually kicked out of the air uh the army as a first lieutenant in 1971. so all those medals and decorations were fake he then sent her a picture of his boat that he has in san diego a 50-foot yacht the name of the yacht is poverty sucks and a picture of the state room where he was going to service her and of course he had to picture his picture his lieutenant colonel fake picture on there on the wall well then all of a sudden he starts

kelly uh starts sending me unsolicited copies of uh his recent sexting with rackstraw and i said listen you know doesn't help my my investigation you know that i mean it doesn't help i mean you know um you know i know a lot of people that would say they were d.b cooper if they thought they were going to go a blow job you know so i you know so it doesn't help the investigation okay sorry um so stop okay so part of how running a an informant is that you have to be able to control them so after a couple of days he kept sending me more and more and it kept getting deeper and deeper and

uh i finally said hey listen uh uh i'm terminating contact with you if you find out anything about db cooper you know uh yeah be glad to you know accept that but you know have a nice day so these are some of the texts so that's that's kelly on the left in case you were march short and uh d.b cooper so now you've seen a a picture of d.b cooper's penis

some things so now now i can tell you only four people in the whole world had ever seen that picture till today so now you'll have to think about it all your life like i do

um i i i actually made the the center part a little bigger than it really needed to be but so catfisher had a meltdown so when i stopped the contact with him two weeks later he joins our website where my undercover op is going and he joins as his with his real name and he starts ranting and raving about how he catfished uh rackstraw and um rackstraw is on watching you you [ __ ] you know stop you know so i'm sending him texts hey he's watching you don't understand you know and he he just wouldn't stop so finally i i called the system administrator and we got him kicked off and and he still was trying to get on he was

going to other sites so i called his father

and it stopped you know i said and he called me said don't call my family i said my next call is to your wife so you stop now so he did stop um so he continues he's now he's like my best friend and uh he sends me texts and theories on cooper all the time uh he he became facebook friends with uh cooper uh rackstraw's wife and daughter uh you know so and he's created other personas out there so i i contact facebook security periodically and having kicked off so unfortunately we can't conclude from our op whether rockstar was the blogger or directing the bloggers but the investigation continues and there'll be magazine articles there's a

book master outlaw the last of the master outlaws and things like that so uh you know i did have a call the other day from the abraham lincoln assassination cold case team so you never know when cyber's going to you know have a a role in in a case so remember don't be a timex watch in the digital age uh if you're interested i i blog a little bit for symmetrio so i trash all the different entities in the government so if you're interested you know please friend me and and if you need to contact me this is how you get a hold of me okay [Applause] questions or you have time for questions no no no questions alright see you guys