Anatomy of a Cyber Case
The 24-Hour Case
Anatomy of a Cyber Investigation
Ever wonder how we run a cyber investigation? Here's a good example…a potentially deadly threat that we ran to ground in short order with the help of our partners.
Setting the stage. On April 17, a day after the tragic shootings at Virginia Tech, we learned that a message had been posted on the Internet threatening a similar attack at San Diego State University in Southern California.
We took that threat very seriously, realizing that lives could be at risk from a potential copycat shooter. Our field office in San Diego quickly opened an investigation.
Here’s a rough timeline of how our case played out:
4/17/07, 10:55 p.m. San Diego State University police notified our San Diego office of an online posting threatening to kill 50 students the next day and referencing the Virginia Tech shootings. San Diego's violent crime and cyber squads (with the help of the Computer Analysis and Response Team) joined forces to respond.
4/18/07, 2:30 a.m. San Diego special agents arrived at the university police station. There, they studied the web posting.
4/18/07, 3:00 a.m. From the website, investigators identified the web hosting company and its owner.
4/18/07, 7:30 a.m. When morning dawned, agents telephoned Cristobal Fernando Gonzalez, owner of the web hosting company, asking for a copy of his chat logs. We hoped that he’d direct us to the person who posted the message. Instead, Mr. Gonzalez confessed to posting the threat himself and agreed to an in-person interview.
4/18/07, 8:00 a.m. Gonzalez met with FBI agents and university police. He admitted to posting the threat because he was trying to gin up interest for one of his new websites.
4/18/07, 10:00 a.m. We contacted the U.S. Attorney, who ultimately decides whether or not to prosecute such cases. In light of the shootings at Virginia Tech, the decision was made to go forward.
- 4/18/07, 5:00 p.m. A federal arrest warrant was issued for Gonzalez on charges of "Sending a Threatening Communication over the Internet."
4/18/07, 6:50 p.m. Gonzalez was taken into custody and transported to our San Diego office to be photographed and fingerprinted. Less than an hour later, he was in jail.
The whole case ran less than 24 hours, from start to finish. And while the threat turned out to be a hoax, we certainly didn’t know that at the time so it had to be pursued vigorously and quickly...with the full cooperation of the university police.
The speed of this case was made possible by the fact that we’d already established a great working relationship with university police long before this threat came along. The investigation went faster and smoother as a result.
Epilogue: Gonzalez pled guilty in June, and in early September a federal judge—wanting to deter others from posting phony cyber threats—sentenced him to six months in jail.
All in a day’s work!
- FBI Cyber investigations