How they caught the alleged Craigslist killer
Randi Kaye | Bio
AC360° Correspondent
Good old-fashioned police work and a self-proclaimed digital detective may be why the prime suspect in April’s Craigslist crime spree may be behind bars. Twenty-three-year-old Philip Markoff, a second year medical student at Boston University, is charged with murder, attempted robbery, kidnapping, robbery, and unlawful possession of a firearm. He has pleaded not guilty.
Markoff was arrested while driving in his car with his fiancé. The engagement has since been cancelled. The arrest took place April 20, six days after the murder of Julissa Brisman, who had advertised as a masseuse on the popular online classifieds website, Craigslist. Authorities say Markoff targeted women like Brisman and set a trap for them in Boston hotel rooms.
CNN has obtained the email communication police say took place between Markoff and Brisman the day before her murder. In the emails, Markoff allegedly used the name “Andy” and Brisman went by “Morgan.”
The first email was allegedly sent by Markoff at 4:37p.m. on April 13. It reads, “"I Myself am visiting Boston and looking for a 10pm or later appointment tonight or tomorrow…” A later email said, “I can still make it tonight but .. tomorrow at ten would be better for me.. thanks, Andy.” Brisman's employer wrote "Andy" back on her behalf, saying “I could do it tomorrow night or we can do 10:30 or 11 tonight…” She signed it, “Kisses, Morgan.” Then, another allegedly from the killer at 7:30pm that same night: “Hey Morgan, 10pm tomorrow is best for me. Thank you, Andy.”
Markoff, police say, is a predator who went to great lengths to hide his tracks. But as careful as he was, police say even before his first attack he was leaving a trail that would lead right back to him.
The man investigators believe is Markoff, and also the killer, was seen on the hotels’ surveillance cameras walking calmly, emailing or texting, around the time of the murder of Julissa Brisman. Brisman was found bleeding to death in her hotel room. She’d been shot three times at close range. On her wrist, police say they found a plastic tie they later matched to similar ties used in the other hotel attack. According to police, the woman who survived that attack said it was Markoff who bound her hands with plastic ties, duct-taped her mouth, disabled her cellphone, and stole $800 and two pairs of her panties before leaving her hotel room at the Westin Copley Hotel in Boston’s upscale Back Bay.
CNN interviewed Mark Rasch, the former head of the computer crimes unit at the U.S. Department of Justice. Rasch is now an internet forensics expert with Secure IT Experts who helped Boston police track the alleged killer via his online communication.
“The first thing you start with is the email address,” said Rasch. “In this case, it's an email address from Live.com, which is Microsoft.” Rasch showed CNN he used a tracer program to follow the alleged killer’s emails. “A trace route does exactly what it says: traces the route that the email took, on its way from its origin, to its destination,” he said.
According to Rasch, police got the Internet Protocol address for the emailer's computer. From there, investigators tracked down the company providing internet service to the suspect, which told them the subscriber lived outside Boston, in a Quincy, Massachusetts apartment building.
But even though police had what they believed was the killer's name and home address it still wasn't enough information because so many people lived in the building and shared a wireless computer connection. That meant anyone within range could have been sending those emails. “They have to validate and actually get this guy’s fingers on the keyboard, and show that it was him, and not somebody else who sent that email,” Rasch said.
Maureen Orth investigated the case for Vanity Fair magazine. She said what fascinated her about the story was that, “we have no privacy, every time you’re on the internet somebody knows where you are.”
Orth told CNN, “In the end, (authorities) reverted to the old gumshoe thing of a stakeout.”
Police zeroed in on Philip Markoff because they’d seen a tall blonde male they believed was the killer on the hotel's surveillance cameras– walking calmly – emailing or texting. And they did what most people do on a daily basis, they "Googled" him.
That’s when police learned their "prime suspect" was a medical student at Boston University and engaged to be married. They got a better look at him through pictures with his fiance online, a piece of a digital trail our expert says criminals rarely think about. “Lots of times, people, before they commit a crime, and they want to have an email address, they’ll just log onto Hotmail, or, or Google, and get a, an email address, use it for a couple of days, and then never use it again. And they think they’re being safe. What this shows is, first of all, even if you just created the account, there’s still a record that you’ve created the account,” Rasch told CNN.
The alleged killer's cyber footprint was growing clearer to authorities every day.
Finally, on April 20, six days after Julissa Brisman was murdered, authorities moved in and arrested Markoff. According to police, he had with him a New York driver’s license with a photo of someone named Andrew, or “Andy”, Miller. They say he used that license to buy the gun that killed Brisman and that his fingerprints were on the paperwork used to buy it.
Markoff’s attorney, John Salsberg, would not comment for our story.
On Twitter
While I am glad at the speed with which the Craigslist monster was caught.... I wish the news wouldnt give so many trade secrets out on how they catch the guys. Leave the details for the jury to hear.
When you give out too much info, you TEACH OTHER criminals what NOT to do.
Thank God he's out of circulation–at least for now. what a monster!!
This was great detective work, congrats and I'm very glad they caught this guy. That said I agree with the Vanity Fair reporter, the reality is we have no privacy if we want to enjoy the beneifits of modern technology. It's a good thing that they catch the bad guys, but I simply don't trust a lot of parts of our government enough to want them to be able to keep tabs on all of us. I hope that privacy protectiosn catch up with the technology before our police realise that we are at heir mercy.
Jessica, I acknowledge that you and others are fed up with the wild west mentality, can you understand that a lot of folks are fed up with folks who demand that I surrender my liberty in order to increase your safety? Making it hard for people to do bad things is good, but not a the price of others giving up their ability to do legal things, without being profiled or surveiled.
Maureen Orth said what facinated her about the story was that we have no privacy. Not the process of catching him. And Maureen, I sure am glad somebody could and did track down this guy.
I am glad they caught the guy but why are does the media insist on telling the full story of how he was captured. Isn't that just teaching future killers how better to get away with their crimes?
wow, scary that you can reverse engineer what was written here and everywhere else...basically, find a wi-fi hot spot, ideally secluded area, and then tap in, using a generic laptop, and ideally hidding your MAC address - boom, you are 100% safe to do scary and illegal things.
Great work
Big Deal - they caught a guy by tracking him down via his email! Is that rocket science? Ooh, Aah, Wow. I'm awed.
I like craigslist, I once bought a table saw on CL and am still using it to this day. I had the blade replaced, but other than that the motor and fance are awesome! Please don't take away Craigslist, CNN!
when will criminal people of technologically advanced west wake up to reality that with advances in communication there's no secret or privacy
Mr Cooper,
I like your articles a lot, although I don't often have a chance to catch your show very often. One thing that I'd like you, and basically every other journalist to do (which probably wont happen), is to stop using the names of "alleged" criminals in stories.
It might sound uber-liberal of me to say it, but it helps bring a more un-biased approach to reading the news. The title of the article practically screams: Craigslist Killer. I'm glad that I'm not on the jury for this case, mainly because I think that he's guilty – and why? I don't have any of the court records, evidence, etc – but all of the news coverage pretty much points to this guy.
Maybe it's good for readership, and in turn, advertising. I understand the realities of the system, but the folks at CNN should remember the little Richard Jewel fiasco that happened in 1996 (the "alleged" olympic city bomber who was later exhonerated, but whos name remains forever besmirched).
Anyway, I'm not some kind of crazy activist (or Richard Jewel, for that matter), but I just think it's a shame that we really let society condemn these folks before they get a trial. Tell the story, but leave the names anoymous – let's let our justice system do it's job, so that in the off chance that the people aren't guilty of being homicidal maniacs, we don't ruin their lives as well.
Keep up the good work,
Josh in St Louis
What's really scary is how just a few simple changes to his plan could have made it exponentially more difficult to find him. What it he had sent his email messages from a public computer cluster instead of his home PC? All college campuses have clusters that are used by hundreds of students per day. And most offer some sort of "guest login" that requires minimal (and easily falsifiable) information in order to obtain. Even if they found the machine that he was using, an untold number of fingers would have already overlaid his prints. And, if the cluster is on DHCP, he could just renew his IP information before signing off, and the investigator's "traceroute" would lead them to the wrong machine.
It's a good thing this guy is an idiot, because he made it extremely easy for the police to find him. Good thing he wasn't a second year IT student because the mistakes outlined here are very easily overcome. There are probably 16 year olds out there that know what I mean. Then again, that is why criminals are criminals, they are all dimwits.
No matter how hidden one thinks, on Internet, its very transparent, its actually like sitting all exposed, no matter where one is.
The only issue comes, when some one uses a computer / Internet from a country where there is practically no Internet Governance e.g. Somalia and that too because there is no Law Enforcement Dept. in countries like Somalia.
I hope InterPol and other international Law Enforcement agencies can coperate and more culprits to the justice.
"Maureen Orth investigated the case for Vanity Fair magazine. She said what fascinated her about the story was that, “we have no privacy, every time you’re on the internet somebody knows where you are.”
I think the whole Orson Wells 1984 freakout (not that this necessarily is, but its on par with it) is a bit overblown...personally, I would like camera's everywhere...because that means that if someone EVER perpetrated a crime against me, the odds of a camera catching it would be good. Im not really sure why we need to make it easier for criminals to be criminals?
I am not without my own guilt ... I speed and curse the camera's in construction zones or now they have them at stoplights in some area's. But the thing is...there's a law to abide and that law exists for a logical reason, to try to keep everyone safe. If we disagree with the law, then we have the right and ability to challenge it...but until then, I dont begrudge anyone trying to make things safer – and make it harder for people to do bad things.
Im tired of the wild west mentality...
Let's hope a "Twitter" killer won't surface after this – however Hollywood could use yet another movie plot about this.