The Slip-Up That Caught Jewish Center Bomb Caller Michael Kaydar
March 23, 2017 7:49 pm
The following is a Daily Beast report by Kevin Poulsen:
The suspect arrested today for a
wave of bomb threats against Jewish Community Centers in the United States employed an array of technologies, including
Bitcoin and Google Voice, to make himself virtually untraceable for months, The Daily Beast has learned. But in the end, it only took one careless slip-up to lead police to his door.
Police arrested 19-year-old Michael Kaydar, who has joint Israeli-U.S. citizenship, at his home in Ashkelon, a coastal city in southern Israel. He’s suspected of phoning in over 100 bomb threats to JCCs and Jewish day schools in 33 states since January, with the most recent calls made two weeks ago. Police also suspect him of making similar threats in Israel, Europe, Australia, and New Zealand.
The arrest followed an international probe that began with the first U.S. threats in January, and quickly hit its first roadblock, according to sources close to the investigation. The FBI traced the phone calls back to a service called SpoofCard that allows users to mask their caller ID, so their phone calls can appear to come from any number they choose.
The FBI sent a subpoena to the company that runs the service, New Jersey-based
TelTech, in the hope of obtaining the caller’s real number. But that phone number turned out to be a disposable Google Voice line established under an alias.
The server logs from both TelTech and Google weren’t much more helpful. They showed that the suspect routed his Internet connection through anonymous proxy servers overseas. Even the caller’s voice was anonymous—he used Spoofcard’s voice-changing option to make himself sound like a voice synthesizer imitating a woman. And rather than use a traceable credit card or PayPal, the perpetrator paid for his Spoofcard in Bitcoin—another dead end.
Meanwhile, the bomb threats continued, coming in six separate waves. Jewish centers and day schools began evacuating with almost routine regularity. The threats were generally seen as evidence that anti-Semitic fringe groups were feeling emboldened by the election of Donald Trump. Then in March , a St. Louis man was arrest for a handful of copycat bomb threats he allegedly staged in an effort to frame an ex-friend.
But in his rush to reach as many Jewish institutions as possible, the original bomb hoaxer grew careless. On at least one occasion, he neglected to route his Internet connection through a proxy server, leaving behind a real IP address in the server logs. The address was in Israel, where police traced it to a WiFi access point that Kaydar was allegedly accessing through a giant antenna pointed out a window in his home.
Connect With Us