Samuel Northrup, Editor-in-Chief
Fahrudin Omerovic, the primary suspect in March 5’s lockdown investigation, used a voice over internet protocol (VoIP) app to mask his identity when making multiple threats to Utica College, Utica police Chief Mark Williams revealed at a March 6 press conference.
“I hope there is harsh sentencing of this person,” Williams said. “We’re seeing this (threats) happen all over the country, now it’s happening here locally, and to not give harsh sentencing on these individuals that commit these types of crimes would do a disservice to men and women in law enforcement as well as the school authorities; it would just encourage people to keep on doing it.”
Omerovic was arrested on multiple counts of making a terrorist threat, a Class D violent felony, and could face two to seven years in prison per count.
Law enforcement utilized cybersecurity firms from around the Mohawk Valley region, including the Northeast Cybersecurity and Forensics Center (NCFC) at Utica College, to trace the digital trail of the threats — leading authorities to Omerovic.
“It’s all about figuring out how did data get somewhere and where did it come from. All these investigations have very similar steps to sort of peel the layers of the onion back until you figure out where it all started,” said NCFC Director Anthony Martino.
Housed in the Economic Crime, Justice Studies and Cybersecurity Building, the NCFC carries out computer forensic investigations for law enforcement, like the UPD, due to the costs of modern equipment, according to Martino.
VoIP technology digitizes the analog voice into pieces of data to be transmitted. VoIP services, such as Skype, deliver that same collection of data, which Martino refers to as “data pockets,” to be reassembled into analog audio to be received as part of a conversation. Unlike traditional phone calls, which use physical wiring to connect phones, VoIP utilizes the Internet to transmit information and connect devices.
“In the same way that any computer connected to a network has to identify itself, usually via IP address, voice over IP is the same way; you’re just talking about voice transmissions moving between computers,” Martino explained.
While Martino would not disclose specific information regarding the NCFC’s work with law enforcement to trace Omerovic’s threats, he explained the process of tracing VoIP calls is the same in most cases.
The steps, he said, start at the end where the calls were received.
“It’s complicated in that there’s a lot of steps,” he said. “It’s not as simple as the analog world was where there was a little more of a direct connection between one entity and another, it just takes a little time to work your way through all those hurdles and figuring out exactly where those data packets started from, who processed them along the way and where they ended up.”
Once it is determined which VoIP service provider delivered the call, law enforcement can then elicit information from the entity to work further backwards to the original source of the call.
“They have information about who their customers are,” Martino said. “Even if the information is simple as ‘a customer connected to their service from a certain IP [address] and made this call then it arrived here.’”
While the steps by Martino and the NCFC resulted in an arrest, the process depended on one key element — available data.
“There are certainly times when it isn’t possible to trace a communication all the way to the source,” Martino said. “But, in general, when enough data is available and enough effort is applied the source can be identified.”