Original URL: http://www.theregister.co.uk/2008/04/01/warmtouch_brings_down_cyber_extortionist/

How an app called WarmTouch nailed a grenade-stockpiling cyber extortionist

Software that knows if you're mad - or a loner

By Dan Goodin

Posted in Law, 1st April 2008 23:20 GMT

When the president of a prestigious patent and trademarking firm began receiving emails threatening to bring down its operations unless he paid a $17m ransom, he knew he had to take action. He reported the incident to the Federal Bureau of Investigation, but agents were unable to identify the culprit.

So he retained the services of Stroz Friedberg, a private investigations firm that used a ground-breaking piece of software that helped zero in on the suspect by closely analyzing his emails. By applying an algorithm that analyzes the word choice and other characteristics of his writing, the program helped analyst Eric Shaw develop a hypothesis that the suspect was a technically adept man older than 30 who had trouble fitting in at work and in social situations. Building off those findings, Shaw later surmised that he might also own a stockpile of weapons.

The profile was remarkably accurate. Myron Tereshchuk, the man who pleaded guilty to criminal extortion in the case, was 43 years-old, and when police raided his suburban home in Maryland, they found ingredients for the deadly poison ricin and a stockpile of parts for making improvised grenades. He had applied for a job with the firm, known as MicroPatent, but had been turned down.

Tereshchuk was brought down with the help of a software application known as WarmTouch, which was developed by Shaw, a clinical psychologist who got his start profiling terrorists and foreign leaders for the Central Intelligence Agency. Its job is to sift through written communications to arrive at a profile of the author that helps bring the suspect alive in the minds of investigators and potential witnesses. That, in turn, enables them to apply the profile to a list of known suspects to see if there is a match.

WarmTouch uses a scoring system to guess at a suspect's psychological characteristics. An overuse of the word "me," for instance, might suggest an exaggerated sense of passivity, an indication the person may feel like a victim. The program can sniff out other clues about the individual, such as whether he is more of a loner (as evidenced by frequent use of the word "I") or more of a team player (indicated by using "we" instead). The program also pays close attention to rhetorical questions, which are said to be a strong indicator of anger.

WarmTouch, which Shaw discussed during last week's CanSecWest conference in Vancouver, is particularly useful in cases like the one involving MicroPatent, where the suspect is believed to be an insider.

"They feel provoked," Shaw said in an interview. "They feel victimized. It's like they're going down a corridor and their options get narrower and narrower and narrower and they feel they have no choice because of what's being done to them."

In addition to helping pinpoint a suspect, the program is useful in helping investigators manage a case where the suspect is already known. It can help determine a suspect's level of intelligence or if he poses a danger to himself of others - information that can prove useful in deciding whether to conduct surveillance on the suspect or raids on his home. It can also measure the anger and anxiety of a suspect over the course of negotiations to give clues about what tactics are working or failing.

In 2000, Michael Bloomberg, the prominent American businessman and politician, received a series of emails threatening to publicly expose serious weaknesses in the computer network of his company unless the sender, a man from Kazakhstan, received $200,000 and a contract for employment. The investigators wanted to lure the suspect to a location where extradition laws would allow him to be arrested.

After extensive negotiations, they succeeded in convincing the suspect, Oleg Zezev, to come to London, where Bloomberg personally met him and got his demands on video tape. In the aftermath of the case, Shaw used WarmTouch to see how the suspect responded to various approaches used at different points in the discussions.

"He was pretty angry, but he still wanted to make a deal," Shaw said "The job was to sooth the anger and anxiety and get him to London. WarmTouch was helpful in tracking how well that was done."

WarmTouch is now regularly used in ongoing cases to gauge how a suspect's state of mind is changing over the course of an investigation, Shaw said.

While WarmTouch has a proven record in helping to track down bad guys, several audience members were worried the technology could be used for more nefarious purposes - for example by repressive governments to obtain the identity of anonymous dissenters.

At the same time, a program like WarmTouch could also be incorporated into anonymization software used by the dissenters themselves while composing anonymous articles to search for and eliminate tell-tale words or phrases that could reveal their identities.

Shaw has no immediate plans to take WarmTouch in such directions, but the software has uses that go beyond forensics. Frequently, he runs the program on emails he's written prior to sending them.

"I actually find when I use it for myself, I develop greater empathy because I find things, particularly in email, that I probably shouldn't say," he explained. "It is like having my very empathetic and sensitive wife reading over my shoulder. It keeps me out of trouble." ®