Tracking Down a Suspect through Cell Phone Records

Interesting forensics in connection with a serial killer arrest:

Investigators went through phone records collected from both midtown Manhattan and the Massapequa Park area of Long Island—two areas connected to a “burner phone” they had tied to the killings. (In court, prosecutors later said the burner phone was identified via an email account used to “solicit and arrange for sexual activity.” The victims had all been Craigslist escorts, according to officials.)

They then narrowed records collected by cell towers to thousands, then to hundreds, and finally down to a handful of people who could match a suspect in the killings.

From there, authorities focused on people who lived in the area of the cell tower and also matched a physical description given by a witness who had seen the suspected killer.

In that narrowed pool, they searched for a connection to a green pickup truck that a witness had seen the suspect driving, the sources said.

Investigators eventually landed on Heuermann, who they say matched a witness’ physical description, lived close to the Long Island cell site and worked near the New York City cell sites that captured the other calls.

They also learned he had often driven a green pickup truck, registered to his brother, officials said. But they needed more than just circumstantial evidence.

Investigators were able to obtain DNA from an immediate family member and send it to a specialized lab, sources said. According to the lab report, Heuermann’s family member was shown to be related to a person who left DNA on a burlap sack containing one of the buried victims.

There’s nothing groundbreaking here; it’s casting a wide net with cell phone geolocation data and then winnowing it down using other evidence and investigative techniques. And right now, those are expensive and time consuming, so only used in major crimes like murder (or, in this case, murders).

What’s interesting to think about is what happens when this kind of thing becomes cheap and easy: when it can all be done through easily accessible databases, or even when an AI can do the sorting and make the inferences automatically. Cheaper digital forensics means more digital forensics, and we’ll start seeing this kind of thing for even routine crimes. That’s going to change things.

Tags: , ,

Posted on July 17, 2023 at 7:13 AM22 Comments

Comments

Stephen Robert Boisvert July 17, 2023 8:01 AM

The part I find amazing is how long the broad net evidence seems to have been kept. Call data from ten years ago. Security cam footage from a burner phone purchase from ten years ago! Seems like a lot of cold murder cases could be eventually solved with charges with that kind of data retention given there is no statute of limitations for murder.

Think July 17, 2023 8:18 AM

It should be enough for some not pursue crime for thrills or some psycho reasons. I hope that will lead to fewer planning murders fooling themselves that they can get away with it.

Ted July 17, 2023 8:38 AM

“Heuermann was in tears after his arrest, his court appointed attorney, Michael Brown, said Friday.”

Maybe don’t run around taunting the victims’ families from the victims’ phones near your home and office. Or use the burner phones back around your home and office, DA.

Would it be unconstitutional to flag people who search for sadistic material?

Winter July 17, 2023 9:34 AM

@Ted

Would it be unconstitutional to flag people who search for sadistic material?

That sounds a little broad.

People watching zombie movies or slasher movies might do so out of an urge to commit cannibalism of gruesome murders on teenagers. But I seriously doubt whether limiting the search to these movie fans will reduce the target population without missing out on all the false negatives.

Far more than half of all movies and books involve criminal activities. This probably means everyone you will ever encounter will have watched such movies or has read such book/graphical novels.

PaulBart July 17, 2023 9:36 AM

There was an open case in California of a rapist that suddenly went cold. It was found to be a police officer and he stopped once he learned of a new tool – DNA evidence. Joseph James DeAngelo. He was caught, took a while, and an open DNA database was used and linked relatives to crime scene DNA.

So when a heinous crime case is not pursued, one has to ask why?

TimH July 17, 2023 9:56 AM

Looks like a lot of mostly circumstantial evidence. When the prosecution starts waving the AI flag and saying unprovable inferences such as “Per AI, he’s the only only in the solar system that coulda dunnit”, it starts to get scary. And the inevitable plea bargaining to get 3 months on a plea instead of 999 years if found guilty will bge used to suggest that the system must be good.

Clive Robinson July 17, 2023 10:13 AM

@ Stephen Robert Boisvert, Bruce, ALL,

Re : How far back v. At the time.

“The part I find amazing is how long the broad net evidence seems to have been kept.”

You have to remember that there are several players in the game and they have diferent costs and incentives.

So the key question is realy,

“Kept by whom in what quantity?”

With the quantity approximating to the number of “persons of interest”.

A telco might keep records longer than seven years, but that is eye wateringly expensive and only going to happen if the continuous “sunk costs” can be recovered. Otherwise it will get deleted/overwritten as fast as alowed by legislation/regulation alows. Because legislatively the set of “persons of interest” is “everyone” being kept for that minimum time it is an immense amount of data.

A secondary market is data brokers, they don’t have to “keep it all on everyone” or for very long. So their sunk costs are way way smaller than the telco. They might have reasons to keep it indefinately for some “persons of interest” but not many.

Now consider Law Enforcment, they aquire data fairly promptly from telcos and over a very limited number of “persons of interest”. As an investigation continues the amount held will go down not up as the suspect list goes down. However legally not only will they keep the data as long as the case is unsolved, they are also required to keep it for between fifty and upto three hundred years after the crime was committed[1]. But the cost of doing so is comparatively trivial compared to a telco.

@ Bruce,

“What’s interesting to think about is what happens when this kind of thing becomes cheap and easy: when it can all be done through easily accessible databases, or even when an AI can do the sorting and make the inferences automatically.”

The way technology is changing currently it won’t realy happen, because there is not enough pottable water…

Computers especially LLM AI draw a lot of power and use it inefficiently. This requires those massive data centers to be cooled. Currently this is done by what some jokingly call “the wet sponge method”. Put simply you take the heat and via heat pipes you transfere it so a massive surface or volume in which cool water is aerosolized or misted or just run down. The result is the low grade heat energy gets transfered to the water that effectively “evaporates it away”.

For some strange reason Phonex Arizona, one of the drier parts of the US is where big data centers are built…

It would make way more sense to put data centers under the sea, where the energy is gathered from wind farms or nodding ducks / energy snakes something Microsoft has investigated, and significantly improves the aquaculture.

Perhaps better for “humans” is to use the heat via low preasure desalinators to make a lot more pottable water… But whilst that might be of interest to a large part of humanity, it almost certainly won’t be in the interests of investor capitalists[2], so is very unlikely to happen.

But in the larger scale of things such interest will become a way greater Information Security threat than most can imagine. Also more likely an existential threat than AI will ever be…

[1] Basically a crime against an ordinary person is considered closed after a century of inactivity because people will not be alive to prosecute. For reasons of “protection of the innocent” the records will be kept in confidence beyween thirty and two life times ~150years, unless they are nonordinary such as children grandchildren etc of politicians etc.

[2] To many people think that a capitalist system would try to make money where ever it’s possible. Thus making pottable water with waste heat would be an attractive “business proposition”. It’s not, way more money can be made as profit simply by creating resource shortages. So you should expect considerable opposition from “established business”. As noted by me and one or two others in the past on this blog, the people with money are investing in buying up water rights as fast as possible, can you realy see them alowing what they see as the next gold mine to be turned into “fools gold”?

AL July 17, 2023 12:41 PM

@Ted re “use the burner phones”
With automobiles utilizing 4G for telematics, going to need burner cars too.
I notice that they’re trying to keep that under wraps.

JC July 17, 2023 4:40 PM

@THINK, Logic and reason are not the strong points of anyone that commits murder and “thinks” they will get away with it.

@Clive, Desalination via the heat generated by AI is a great idea until the AI realizes it controls the destiny of millions. Hollywood movie plots aside, I like it. It could also be used to evaporate sewage or any other non-potable water that needs to be disposed of.

Jesse Thompson July 17, 2023 6:43 PM

@Clive @JC RE: Desalination:

https://www.youtube.com/watch?v=mxqOPdEUNTs

This is a recent episode of Practical Engineering where the significant challenges involved in desalination are listed and discussed.

Of note is that there is no shortage of sources of heat to draw from, and plenty of desalination plants just pair up with power stations and almost any other heat-generating industrial processes (eg, nearly any of them) for that purpose.

The actual issues which make or break that industry are myriad including upkeep, disposal of waste salts and other impurities, getting rid of impurities which can still bypass the distilling and/or filtration, the list goes on.

Ted July 17, 2023 9:27 PM

@Winter, re: false negatives

Yes, that makes sense. Lots of things don’t portend a full run off the edge of the spectrum.

Just to add, I don’t know exactly what Heuermann searched for. The NYT posted a 32-page court document that has more case details. They redacted offensive material that was included in his internet searches.

Clive Robinson July 17, 2023 9:45 PM

@ Jesse Thompson,

There are various tricks that can be used, as I mentioned reducing preasure means the evaparation point drops quite rapidly.

Another is to condense water out of the air in a process called “Atmospheric Water Harvesting”(AWH). Normally when I hear it mentioned I scream and run away pulling my hair and wail “think of the megawatts” 😉

That is in general AWH is a truely inefficient system, but sometimes it’s the only option but at upto 1kW/lt you need to have minimal water consumption not the 300lt/day common in US households.

However… that said the air above any reasonably large body of air is usually “saturated” for the temprature and preasure to quite a hight above it. In the case of the sea well above maximum storm hight.

Further at the coast cloud cover is generally a lot less so the surface water tenprature is frequently 4-6C warmer than 15m down. Thus “natural condensing” can be used so just sucking air in is mostly all that’s needed…

Have a read of,

http://dx.doi.org/10.1038/s41598-022-24314-2

Published in Nature, it’s an interesting set of theoretical ideas and models.

Oh on another note entirely… with regards the video you linked to, on the table behind the presenter up against the wall is a yellow plastic crane toy. My son still has his and it was for quite some time his favourit toy nearly two decades ago, even though it could have nearly killed him…

He was playing down stairs in the lounge and I had an urgent desire to use the fascilities upstairs. Due to my haste I’d not shut the bottom toddler gate properly… Anyway the crane jamed up so he decided to find me “upstairs”… Anyway before I knew it he had climbed up to the top of the stairs where I had closed the upper toddler gate properly… As I went to get him, he slipped and went head first down the stairs bouncing a few times as he went and ended sprawled up against the bottom gate not moving, I think you can guess how I felt. Luckily he started moving as I rushed down the stairs but he was quite “sluggish” and very subdued. So I rushed him to hospital where he was triaged and seen by a doctor stilk in his subdued state, and sent for X-Ray where we had to wait… Anyway being an intensly curious type he brightened up in the X-Ray room and by the time he was seen by another doctor a little while later he was trying to climb over furniture to get to the more interesting toys… I was begining to feel very sheepish as though I was wasting the doctors time as,I described why I’d brought him in as by this time he was full of life and energy again and just being his usual curious self (anyone with a highly mobile toddler knows what this means 😉

Any way the doctor assured me I’d done the right thing, but to keep an eye on him for the next 24hours just in case.

To this day he does not remember going head over heals down the stairs, but does remember the X-Ray room. And well “daddy had to repair the crane” which I did and whilst it’s not quite as “good as new” it still works properly and looks fine.

Sadly though some years later he “shattered his arm” when up at his grandparents whilst playing on a neighbours kids trampoline when he should not have been… It involved getting rushed quite a ways up the country and some intricate surgery pinning the bones back together with wire (apparently you avoid the use of plates and screws in kids with growing bones). We also found out he does not react well to the more powerfull P-Killers… Anyway it kind of knocked his confidence back quite a lot and he became much less energetic and adventurous, even as an adult near a decade and a half later he still “favours” the arm, and like me he knows when the weather is on the change…

Mopani July 20, 2023 2:49 PM

@Clive Robinson — boy do I get a second education reading your comments (the first education is reading Bruce’s articles)!

Nimmo July 21, 2023 4:39 AM

@Ted: The police are lying about having started with the car.

They ran the DNA from the hair found near the bodydump, found a match to a second cousin from AncestryDNA, identified Heuermann based on his relationship to the cousin and location, and did parallel construction from there.

MarkH July 21, 2023 3:48 PM

I find no evidence that cell tower location data were retained longer than 7 years. Police collected it in 2016 (near the end of the time window).

When they identified their suspect last year, tower location data for his overt phone was no longer available, but his carrier still had billing data with much coarser location info.

With outside technical assistance, police marked out a map region they called “the polygon” containing several hundred residences (I speculate that this was based on comparative signal strength at multiple towers). It took years of refinement to get the polygon that small.

MarkH July 21, 2023 3:51 PM

continued:

Police learned of the very distinctive automobile around the time of the murders. For reasons not yet explained, this was not followed up until 2022.

The suspect’s DNA was obtained from a pizza box in a rubbish container by his office.

The DNA match was promptly followed by his arrest.

MarkH July 21, 2023 4:01 PM

@Clive:

A hair-raising moment with your little son … fortunately, small people have amazing flexibility and resilience.

I recall a woman telling me about taking her tiny son to an emergency room after his finger was bitten (by a horse or donkey I think). In the waiting area, he started poking said digit into little openings in the furniture, and she wondered “what am I doing here?”

If you don’t already know it, you might appreciate Truffaut’s “Small Change”

JonKnowsNothing July 21, 2023 5:13 PM

@MarkH

re: I find no evidence that cell tower location data were retained longer than 7 years

Retention periods vary with agency and how the data is classified. The longest USA retention of data is 30yrs but can be renewed infinitely.

Telecom data has a retention of ~20yrs. The difference lies in the FCC definitions of what is telecom and what is data. (The Net Neutrality Conundrum).

Data also flows from one controlling agency to another. Data maybe held by GroupA for 3 GroupB for 5 GroupC for 7 …. GroupZ 30 (loop). It’s all cumulative in duration.

One can easily determine that 100yrs is a safe estimate for any “data of interest”. Finding out which group currently has the data, is a hot potato game.

Not to forget, lying about the existence of the data is perfectly acceptable.

Clive Robinson July 21, 2023 7:24 PM

@ JonKnowsNothing, ALL,

Re : It’s not what you say it’s what you can say it means.

“Not to forget, lying about the existence of the data is perfectly acceptable.”

But they don’t lie, because even though they are alowed to lie, that potentially has negative consequences for them…

Once upon a time it was a standard,

“We can neither confirm or deny…”

But Congress members said in various ways “Cut the bull scat”…

So the agencies took advice from “Alice in wonderland” as she had gone “through the looking glass” in 1871 where in conversation with Humpty Dumpty the three point specification of the scheme is laid out,

“I don’t know what you mean by ‘glory’,” Alice said.

Humpty Dumpty smiled contemptuously. “Of course you don’t- till I tell you. I meant ‘there’s a nice knock-down argument for you!'”

“But ‘glory’ doesn’t mean ‘a nice knock-down argument’,” Alice objected.

(1) “When I use a word,” Humpty Dumpty said, in rather a scornful tone, “it means just what I choose it to mean- neither more nor less.”

“The question is,” said Alice, “whether you can make words mean so many different things.”

(2) “The question is,” said Humpty Dumpty, “which is to be master-that’s all.”

Alice was too much puzzled to say anything; so after a minute Humpty Dumpty began again. “They’ve a temper some of them- particularly verbs: they’re the proudest- adjectives you can do anything with, but not verbs- however, (3) I can manage the whole lot of them! Impenetrability! That’s what I say!

And there as they say “You have it from the horses mouth!”

JonKnowsNothing July 22, 2023 12:26 AM

@Clive, All

re: [the USA security services] don’t lie, because even though they are allowed to lie, that potentially has negative consequences for them….

they refine the meaning for the words

Actually they do perjure themselves regularly, in court, on oath, in front of judges and juries, and in congress. The FBI, CIA and NSA are well known to do so.

They do try to avoid it by redefining the words, or parsing the questions in a way they don’t answer the question at all or answer using their hidden meanings.

Before court, during investigations, the USA security services are allowed to lie as much as they want, the sky’s the limit. This is how they entice people to believe they are in a safe haven when the USA has done a dirty-deal with the jurisdiction country to preform a rendition kidnapping.

Currently there is a case in AU where it is illegal for the AU services to lie to a suspect but they did at the request of the USA and arrested someone that had been granted “safe passage/safe haven” and is an AU Citizen. It got out, even though the case is Ex Parte and it maybe the USA will have to do the kidnapping in a different way.

The services lie freely to Congress and all the members of the committees know they lie because of 2 things:

1) All the questions are submitted in advance and answers received in advance of meetings so everyone knows what they are going to hear.

2) The committees are divided into 2 membership areas: Those that have access to the highest grade security items in the Sanctum Sanctorum rooms where those that are admitted hear something different. The ones that refuse to agree to maintain the lies are excluded from those meetings or access but know that the information given during the regular meetings is false.

Pre-ES there were plenty of congresspersons who tried to expose the duplicity but without much success. There were some video exchanges between several of the members and the security services on any number of topics. Hind Sight being what it is, you can see the highest level officials of the NSA, CIA (especially) and FBI not even blinking an eye declaring that “We Don’t Do That…”.

An interesting side issue is the Security Services FBI giving STINGRAY-DRTBX to local law enforcement. The use of these is not authorized by local cops but they get the items on “condition” that they never tell they have it, including legal cases, in front of judges. So parallel construction happens to “explain how they did it” but that’s rarely how it was really done. If asked directly, the officers, FBI and other groups involved will deny any knowledge of it. A manual was leaked and one of the items was (paraphrased) “You must lie in court about this device and under no circumstance will you reveal your use or knowledge of it to anyone, including under oath”.

Nothing has changed. They lie. They lie regularly. And like all things of this nature, nothing bad ever happens to them. The people they lie about have very different outcomes.

Karla July 31, 2023 4:39 PM

I have been wondering why in this case they could not do voice recognition? It should not have been very difficult to compare voice from the burner phone with a large NSA database of voice imprints.

Leave a comment

Login

Allowed HTML <a href="URL"> • <em> <cite> <i> • <strong> <b> • <sub> <sup> • <ul> <ol> <li> • <blockquote> <pre> Markdown Extra syntax via https://michelf.ca/projects/php-markdown/extra/

Sidebar photo of Bruce Schneier by Joe MacInnis.