A modern day ‘howcatchem’

A modern day ‘howcatchem’

howcatchem — https://en.wikipedia.org/wiki/Inverted_detective_story

Let me be totally honest with you from the outset — I’ve always been a fan of Columbo.

As a youngster in the late 70’s and 80’s, I loved spending Saturday evenings watching a dishevelled Peter Falk bumble and fumble around, trying to catch a perpetrator for some heinous crime…when we knew from the very beginning just whodunnit. Or at least we knew who did it but not why they did it…

Be honest, how many of you shouted at the TV, getting ever more irritated with him as the other characters did with his constant pestering? Yeah? Me too…

Where are you going with this I hear you ask?

Samantha Bielefeld is not who they purport to be. Shocker I know! They are, in fact, one Victor Johnson. Victor is not a very nice person — just search for him and you’ll find a litany of deceit, conman tricks and general douchebaggery.

There I said it. The opening act is complete, roll the titles! And now, my fellow Columbo lovers, I will explain how I know this in true howcatchem style.

The back story… As many of you will know, someone calling themselves Samantha Bielefeld sprung onto the tech blogger scene a few months ago (16th September to be exact) with an article entitled ‘Giving Myself a Voice’. In the following weeks and months yet more articles followed and a right old ‘shit storm’ kicked off around an article that discussed/dismissed the decision by Marco Arment to take his excellent Overcast iOS app free with patronage.

I was one of those that saw something in these articles that resonated with me and started to believe in the writing, even saying as much in the limited 140 characters that twitter gives.

However…a few articles on the Bielefeld blog and a number of tweets from the Twitter account associated with Samantha Bielefeld, changed in their tone and direction, causing me to ‘pause’ and think a little harder about whether or not this was really someone I should be following.

And then the mother of all shit storms started around November 20th when John Gruber’s telephone number (with the last 3 digits replaced with xxx) was posted by @s_bielefeld during some fairly crazy tweets from Samantha/Victor.

Amy Jane Gruber (John’s other half), rightly took great umbrage at this and straight up called out Samantha Bielefeld as Victor Johnxxx.

Amy posted the following tweet a few days later after the Samantha/Victor account agreed to having email headers posted (likely hoping it was a bluff – it wasn’t):

After Amy Jane Gruber posted the above mail headers to Twitter, people began to wonder just what all this was about and where it was going.

Watching from the sidelines, physically on the other side of the Atlantic Ocean, I watched the tweet storm grow; people were picking their ‘sides’ and the angry mob was growing. It was beginning to get ugly.

I am really not a fan of ‘mob’ behaviour (which let me add was not encouraged by either side!). I had in fact offered the day before (to both sides and at the same time) to look into this as an impassioned observer with no skin in the game.

Both parties agreed without hesitation.

Whoah, hold up there boy, many of you are probably wondering who the hell is this Alex Waddell?

Well, I’m a guy from Scotland, I live in small village on the West Coast, I’ve got two kids, I love my Apple tech and I’m a Security Architect by trade. I’ve been in the security ‘game’ for nearly 20 years (god I feel old writing that!) and I’ve carried out a number of cyber-related investigations for financial organisations here in the UK where there has been unwelcome behaviour (either internally or externally). I love sifting through mountains of data to find the virtual needle in the haystack — the more data points the better. If you want to know more, have a look at my LinkedIn page.

My approach to these things is simple, but has proven highly effective in the past:

  • Make no presumptions as to who or what is the cause or perpetrator
  • Start with the data
  • Follow the data
  • Get more data
  • Follow the data
  • The data will give you the answer

So, I think I know what I’m doing and what to look for. As I said I’ve done this before.

Time to grab my shovel and get digging.

First I put out a call on Twitter for anyone with any emails from Samantha Bielefeld or Victor Johnson to get in touch and send me the mail headers.

So far I have received 15 email headers spanning a date range from 12th March 2015 to 25th November 2015. To those that sent them to me, I thank you and, as agreed, I will respect your privacy and refrain from providing any information that identifies anyone.

Mail headers really are the gift that keeps on giving, with enough of them you get a lot of data points that hopefully build up a picture that becomes compelling.

Sure they can be faked or manipulated. However…given the

  • number of people involved (the majority of whom are not connected with any others)
  • fact that it is really hard to fake mail headers at speed without making trivial mistakes that are easily spotted
  • fact that there are a number of overlapping data points in the mail headers
  • and lastly that there is a pattern of behaviour from Samantha/Victor during that timeframe in emails I have seen, numerous websites that have been shut down, domain names being deleted and twitter accounts disappearing just weeks before the emergence of Samantha Bielefeld

…it is highly improbable that the data in the mail headers has been faked.

What I ended up finding was not surprising, however the email headers led me on a fascinating journey into the mind of this individual. The intricate and complicated web of email addresses, domain names and websites that Victor Johnson has used since at least 2009 is truly something else.

Next, I put this information together with a range of supplemental data sourced from a number of private and public sources such as Maxmind GeoIP2 precision location, Domaintools, Who.is, Squarespace, Waybackmachine and many more.

Through analysis and correlation of domain name registrations going back many years, historical dns records, email addresses, mail headers, geo location data and investigation into the ‘stickiness’ of Comcast dynamic IP Addresses (spoiler Victor — they are tied to the MAC address of the broadband router and rarely change, they are very sticky), I think I have a good grasp on the situation.

Lastly I asked @s_bielefeld to provide me with an email sent from their Mac laptop/desktop connected to their home broadband account. This was to add another, final, set of data points into the mix of all the data I had accumulated, resolving this once and for all.

  • Note: Victor used a Mac and Apple Mail in the early days (this I know because the email headers told me) but used an iPhone most recently, which of course makes location tracking a bit tricky if used outside of the home — but not impossible if you know what you are doing :)

I asked on 25th November, twice. I got several replies with a range of excuses such as ‘it won’t be right this minute, I’m out shopping’, ’it’s not a priority of mine’ and ‘I’m not at home right now. I’ve been running errands all day, now spending time with my mother. It’s Thanksgiving tomorrow, there are more important things to me right now than drama on the Internet’.

Fair enough I thought, so I respected the Thanksgiving holiday (I’m not a monster, I’m Scottish and like eating and drinking to excess like the best of them!) and politely asked again on the 27th.

Radio silence.

In fact there has been total silence across the @s_bielefeld twitter account and samanthabielefeld.com website.

In my experience this silence actually speaks volumes — running scared from the truth, digging your head in the sand hoping it will all go away.

[UPDATE 1st December 2015: All of the @s_bielefeld tweets have been removed, looks like Victor Johnson is cleaning house. In my opinion Samantha Bielefeld is done as far as Victor is concerned, its’ purpose achieved (whatever it was in his sick twisted mind) — no doubt the website will be next]

Based upon all of the information I have gathered and the analysis I have carried out, I feel I can very confidently say the following:

  • Samantha Bielefeld IS Victor Johnson
  • Victor Johnson has taken the money of subscribers to www.samanthabielefeld.com under false pretences
  • Victor Johnson lives in or around Egg Harbor NJ
  • Victor Johnson uses Comcast for his home broadband
  • Victor Johnson uses AT&T Wireless for his mobile phone
  • Victor Johnson is a f**king wacko

What is remarkable is that Victor is, even with the complicated web of domain names, websites and email addresses, not actually very smart. Anyone with even a modicum of knowledge about how to lie low online would know you should never use your own computer with your own email client on your home broadband connection — ever heard of webmail and vpn?

For those still skeptical (and I am sure there will be some), here is a link to the full size visual representation of most of the data I have. Enjoy having a look around, you might need a big screen to take it all in!

[Update 1st Dec 2015 — More email header analysis, visualisation updated]

Visualisation of the data

So what is my motive in doing this? Money! Fame! Surely he got a bung from someone for doing this!?

Nope! My motive in all this is to simply try and get to the truth of this sorry matter by following the data to its logical conclusion — and not my head or my heart.

We all benefit from knowing the truth — the data always tells the truth.

Alex Waddell @alexwaddell