Sleuths Can Track E-Mail Like Footprints
January 6, 2001
Like electronic footprints across cyberspace, e-mail messages typically leave a coded trail that the trained eye can track through the Internet and, often, to the very computer that delivered the message.
That technique could become a key tool for investigators seeking clues in the brutal dragging death of a former Johnson County woman, who died in Tennessee after receiving threatening e-mails.
"If you don't make any particular effort to cover your tracks . . . I think that's quite traceable," said Thomas Ho, chairman and professor of computer technology at Indiana University-Purdue University Indianapolis.
However, people with extensive computer skills can find ways to throw investigators off the trail. The growing use of free Internet accounts also can make it difficult for police to trace e-mails to a particular person.
Linda Guge, whose body was found Jan. 1 along a logging road in Cumberland County, Tenn., had told Greenwood police she was being threatened in e-mail messages. Investigators said the e-mails did not specifically threaten her life but were enough to terrify Guge, who lived near Knoxville.
Sgt. Michael Flynn, head of the Indiana State Police cybercrimes unit, said he has not investigated any similar cases in Indiana. But as more people use the Internet, conducting investigations by computer is becoming an increasingly important part of police work, he said.
"Basically, there's no limit right now as far as what we might be facing in the future," Flynn said.
He and other computer experts say that unless a computer user has taken steps to hide where it came from, every e-mail message carries information about the path it traveled.
For example, users of the popular Netscape program can find that information on an e-mail by clicking on "View" and pulling down to "Headers." They then would set the checkmark "All" instead of "Normal."
Information that looks like gibberish to most people then appears on the e-mail in a section called a "header." For those who know what they're looking at, it tells the route that e-mail took and the IP, or Internet protocol number, which identifies every computer on the Internet.
Through the header information, police can determine the sender's Internet service provider and get the provider to identify the computer where the e-mail originated.
However, many people today use free e-mail accounts from services such as Hotmail or Yahoo!, which allow users to receive and send e-mail from any computer. The e-mail header might show which computer an e-mail came from, but not necessarily who sent it, Ho said.
"That header is going to help you up to a point," Ho said. "Even if you found what machine it came from, if it's in a public place, that machine isn't necessarily associated with anyone in particular."
If investigators succeed in tracing an e-mail to a computer, officers have to obtain a warrant or permission to search the computer, Flynn said. Police also can't browse through unopened e-mail messages.
"E-mail is the same as the U.S. Mail in terms of being protected by privacy," he said.
Deleting an e-mail won't always hide it from police, Flynn said. Those savvy with computers usually have ways to find them, he said.
Another problem comes from technological gimmicks that allow sophisticated users to cloak the identity of the computer from which they send e-mails.
One way is to use Internet services that allow people to send e-mails stripped of all header information. Such services are designed to help people maintain privacy while using the Internet.
"They really don't care who you are; all they want is paid," Flynn said of such services. "So if you tell them you're John Smith and you send them the cash or a credit card, they keep no record. It makes it very difficult from that point to track you."
Another method is called "spoofing," in which users with extensive computer knowledge can change the Internet protocol address or steal someone's e-mail identity.
"But there are checks and balances as far as the time-date stamps in the e-mail header, so we can start tracing things like that," Flynn said.
Even so, tracing the path of a spoofed e-mail can prove difficult.
"It depends on how in-depth they've gone," Flynn said. "If they've basically spoofed the whole header, we're basically shooting in the dark."
Contact Mike Ellis at (317) 444-6702 or via e-mail at mike .firstname.lastname@example.org
© 2001 Indiana Newspapers Inc