If the messages are, in fact, illegal threats AND CREDIBLE, then do not delay contacting law enforcement.
Even if the sender is in the US, spoofing headers is relatively easy, so there's no guarantee that the message can be traced by that method. A lot depends upon the technical sophistication of the sender. In other words, even if Yahoo cooperates in the investigation, that alone may not be sufficient to discover the sender's identity. It may be possible to back trace through the log files of the various systems through which the mail passed. The writers of some viruses have got themselves caught this way. Typically, log files are not kept very long, and only a law enforcement agency would have the authority to demand them from the owners. This is a lot of work, and there's no guarantee of success, so it's rarely used in such cases. If the threats are targeting someone who is not "in the public eye", it's very probable that the recipient knows the sender. Any respectable investigator would begin with the "disgruntled" employees, "jilted" boyfriend, or other classic "hate crime" candidates known to the sender. It would be nice to think that people smart enough to be sophisticated hackers would also be smart enough not to engage stupid or illegal behavior, but unfortunately, technical skill and emotional maturity are independent qualities. mike.h -----Original Message----- From: Shawn Duffy [mailto:[EMAIL PROTECTED] Sent: Thursday, May 29, 2003 1:49 PM To: Jay Woody Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] Subject: Re: Distressing, possibly life threatening emails from free accounts (yahoo, hotmail You need to get the original headers from the recipient of the message. That will have the sender's IP address. From there you can send the headers to Yahoo's abuse department (don't know the address offhand). Who knows if it will actually be addressed by them but that is all you can do. If they ARE life-threatening then your best bet is to contact your local law enforcement agency, give them the headers and the emails, and they will submit a subpoena or search warrant to Yahoo for user records. Yahoo HAS to respond to those. However, if the offending user is outside the US, there still may ne nothing they can do. Though Yahoo will close the account. Either way, you will never know the identity of the real sender, at least from this... the law enforcement agency won't tell you who it is once they have the records, nor should they, and neither will Yahoo. Shawn Duffy, CCNA CCSE email: pakkit at codepiranha dot org web: http://codepiranha.org/~pakkit gpg key: http://codepiranha.org/~pakkit/pakkit.asc gpg fpr: 8988 6FB6 3CFE FE6D 548E 98FB CCE9 6CA9 98FC 665A having problems reading email from me? http://codepiranha.org/~pakkit/pgp-trouble.html On Wed, 28 May 2003, Jay Woody wrote: > Send them an e-mail telling them they have won $1,000,000 and you need > their name and address. > > JayW > > P.S. We just went through this too and there is basically nothing. We > started blocking mail from that address, but they can just get another > one if they are really persistent. We changed the person's e-mail > address also, from John.Smith to John.X.Smith or something like that too > for external mail. About all you can do is get the police or FBI > involved. Sorry. > > >>> "steve baker" <[EMAIL PROTECTED]> 05/27/03 11:38AM >>> > One of our users has received questionable and possibly life > threatening > emails from a yahoo account that was created recently. They have > approached > us to find out as much as we can pertaining to the person sending it. > > Of course, we are not YAHOO so we cannot determine anything about the > mail > other than the content. > > How can we find out who sent this? > > _________________________________________________________________ > STOP MORE SPAM with the new MSN 8 and get 2 months FREE* > http://join.msn.com/?page=features/junkmail > > > -------------------------------------------------------------------------- - > -------------------------------------------------------------------------- -- > > > > > -------------------------------------------------------------------------- - > -------------------------------------------------------------------------- -- > --------------------------------------------------------------------------- ---------------------------------------------------------------------------- --------------------------------------------------------------------------- ----------------------------------------------------------------------------
