E-Mail by WSJ Kidnappers Give Clues

The e-mail messages sent by kidnappers of Wall Street Journal reporter Daniel Pearl carry clues about their origins, but tracking down their senders is far from simple. <br><br>On Tuesday, sources close

Wednesday, February 6th 2002, 12:00 am

By: News On 6

The e-mail messages sent by kidnappers of Wall Street Journal reporter Daniel Pearl carry clues about their origins, but tracking down their senders is far from simple.

On Tuesday, sources close to the investigation told The Associated Press that Karachi police had arrested three men believed to have sent two e-mails that included pictures of Pearl.

No information was available on how investigators may have tracked down the suspects.

E-mail messages are typically far from anonymous. All Internet traffic contains a numeric return address that can be used to narrow the origin to distinct Internet service providers or physical locations such as cybercafes.

It may even be possible to trace the origin to a specific computer.

``It's a very, very good clue,'' said Richard M. Smith, former chief technology officer at the Privacy Foundation. ``Using a computer to commit a crime increases the chances of being caught.''

But the trail could also run cold.

``If it's really easy, they would have had them within a couple of hours,'' said Jason Paroff, a managing director at Kroll Information Security Group. ``The reality is it's not so easy.''

Pearl was abducted Jan. 23 in Karachi, Pakistan, after leaving for an appointment. Four days later, the previously unknown National Movement for the Restoration of Pakistani Sovereignty sent e-mail claiming to be holding Pearl. Other messages followed.

The e-mail messages in question _ two that included attached photos of Pearl and others later determined to be hoaxes _ were traceable to service providers in Pakistan, according to security consultant Mark Seiden, who has seen the e-mails.

The authentic e-mails were sent using Hotmail accounts, which anyone can sign up for without proving their identity _ and which can be accessed from anywhere using a Web browser.

Seiden said the senders did not try to mask their return addresses through anonymous remailing servers. Such Internet-based servers, which strip return addresses off e-mail, are often used by whistleblowers and human rights activists.

U.S. and Pakistani investigators have refused to discuss details of the cybersearch.

But in order to track down the messages' origin, they would need the cooperation of the Internet service providers at the sending end. And they would hope that those providers maintain logs that detail who is connecting to their servers and from which computers.

Another complication: If the trail leads to a cybercafe, investigators' fortune will depend on how well the business keeps records. Prepaid Internet cards _ difficult to trace _ are popular in Pakistan. So, of course, is cash.

And that means a potential dead end for investigators.

Although this may be may be the highest profile case in which kidnappers have used e-mail to make demands, international security experts say e-mail has been used before in abductions as well as extortion.

The Wall Street Journal has sent repeated return e-mails in the Pearl case to the address from which the authentic messages originated. It is not known whether the Journal's messages were opened.

Microsoft Corp., which runs the Hotmail service, has refused to comment on its cooperation in the investigation.