SEREMBAN: The Coroner’s Court heard that an email account used to send a purported ransom demand to Nora Anne Quoirin’s family on Aug 7,2019, had been deactivated.
Deputy Supt Hazizi Abd Samad, 42, from the Cyber Crime Investigation Division, Commercial Crime Investigation Department (CCID) at Bukit Aman, testified that the account status was obtained during a check on Sept 14 this year after the email address was obtained on Sept 11.
“In this investigation (of the email account), there are two main parts – the first is the content and the second is the header.
“As my job is to analyse this email, we look at the header because it contains information on how an email is sent as well as browser information and IP (Internet Protocol) address.
“On Sept 14, I checked the email ‘firstname.lastname@example.org’ through the email checker website and it showed that the email account had been deactivated, ” he said.
The inquest proceedings before coroner Maimoonah Aid to determine the cause of death of Irish-French Nora Anne entered its 13th day yesterday.
DSP Hazizi said based on his 14 years’ experience in the cybercrime division, such action showed an element of fraud.
The investigation did not find the sender’s real IP.
He said as the email was registered under Microsoft Corp, only Microsoft would know the real address of the email and when it was created.
“In the investigation, the IP address was registered under the Hotmail webmail service, ” he added.
Asked by deputy public prosecutor Nuralis Mat on what conclusions could be drawn about the email, DSP Hazizi said: “In my opinion, only Microsoft knows the IP address of the email.”
To a question from counsel S. Sakthyvell, who is representing the victim’s family, on whether police could get the information from Microsoft, he said it could be done by using the Mutual Legal Assistance scheme with the United States.
Sakthyvell: Does that mean only Microsoft knows the details of who owns this email?
DSP Hazizi: Microsoft keeps all records of the email account from creation, delivery transactions and when it is deactivated. So as for the owner, in my opinion, as it is a free webmail service, anyone can register with any identity.
Asked by Sakthyvell whether an email could be created in this country but used an IP address from the United Kingdom or United States, DSP Hazizi said this could be done.
Earlier, two witnesses, M. Magendran, 39, and the Cryptocurrency Crime Investigating officer from the Forensic Accounting Investigation Division at CCID Bukit Aman, Insp Nur Adli Md Saari, 36, were called to testify.
Insp Nur Adli informed the court that the e-wallet number listed in the email purportedly demanding ransom amounting to two bitcoins was detected as that of a scammer.
He said police deposited RM100 on Aug 13 last year and a check on the e-wallet found that it was active on Aug 12 and 13, with the suspect transferring the said deposit into various other accounts to avoid detection.
“The e-wallet used is in line with the known tactics used by scammers, ” he said.
The inquest continues today. — Bernama
Did you find this article insightful?