How online search traces helped lead to arrest

Electronic traces ranging from online library searches to credit card records led to charges that a New Mexico man sent 64 threatening letters with a white powder.

Stephen Shankland principal writer
Stephen Shankland has been a reporter at CNET since 1998 and writes about processors, digital photography, AI, quantum computing, computer science, materials science, supercomputers, drones, browsers, 3D printing, USB, and new computing technology in general. He has a soft spot in his heart for standards groups and I/O interfaces. His first big scoop was about radioactive cat poop.
Expertise processors, semiconductors, web browsers, quantum computing, supercomputers, AI, 3D printing, drones, computer science, physics, programming, materials science, USB, UWB, Android, digital photography, science Credentials
  • I've been covering the technology industry for 24 years and was a science writer for five years before that. I've got deep expertise in microprocessors, digital photography, computer hardware and software, internet standards, web technology, and other dee
Stephen Shankland
4 min read

Ever wonder just how anonymous your online searches from a public library were? Ask Richard Leon Goyette, arrested Tuesday on federal charges involving 64 threatening letters with white powder and one bomb threat that were mailed October 17.


Goyette, 47, was arrested in an Albuquerque, N.M., airport after an investigation that involved the FBI and the U.S. Postal Service regarding the case. The letters, sent to JP Morgan Chase offices, the Federal Deposit Insurance Corporation (FDIC), and the Office of Thrift Supervision (OTS) from Amarillo, Texas, contained unidentified white powder and a threat that the person breathing it would die within 10 days. Tests showed the powder to be harmless--not like the fatal letters with anthrax powder sent in 2001--but threats are enough to trigger criminal charges.

It's no surprise that authorities can piece together digital information to pursue perpetrators. But it is revealing to see just how it was done in this case.

Goyette apparently gave investigators a head start by allegedly sending angry e-mails, according to investigation details released in a complaint filed by the U.S. Attorney's Office for the Northern District of Texas.

Upset about losing $63,525 in stock value during the closing of Washington Mutual Bank, a person using the Yahoo Mail address richgoyet@yahoo.com and including Goyette's name and address sent messages on September 26 to the FDIC and the OTS, according to the complaint, which details the FBI investigation in an arrest warrant affidavit. In September, the OTS had placed WaMu into receivership; the FDIC took over the bank then sold the assets to JP Morgan Chase.

"I told myself I was not going to accept any more losses due to the reasons I mentioned. I have pursued a path of doing things right, but unfortunately I've paid a terrible price for those who will do whatever it takes to defraud, steal, manipulate, and screw over average stockholders. This seizure was the final straw and I will now pursue any path to get the return of my investment. Since legal means are apparently useless, I will have to consider any viable method applicable to rightfully reclaim my stolen funds," another e-mail sent September 29 to the OTS said, according to the affidavit.

And in an October 7 letter to an attorney handling WaMu investor inquiries, Goyette said he would "most likely have to employ the same type of tactics used to cheat WaMu shareholders to recover stolen assets if all meaningful efforts to rectify this situation don't come to fruition," the affidavit said.

Next comes the search evidence.

Records obtained from Yahoo through a federal search warrant showed the FDIC and OTS letters were sent from a computer at Central New Mexico Community College in Albuquerque, the affidavit said. Five days later, a computer at the college also was used to search for the location of Chase branch offices. Six days after that, the affidavit said, a library computer at the University of New Mexico's Albuquerque campus was used to search for nearly all the Chase Bank branch locations that received the threatening letters; "The Chase branch locator services from the UNM computer were the only searches conducted in the months leading up to the mailings which covered that many victim branches," the affidavit said.

Scottrade account records also showed Goyette used computers at the Central New Mexico Community College and University of New Mexico, the affidavit said.

Formatting on the envelopes matched that on the Web sites, including one case in which the word "freeway" was bumped from the end of the first line of the address to the beginning of the second, the affidavit said.

Then comes a detour from the virtual world to the real world.

The Goyette address in the e-mails was for a post office box in Tijeras, N.M, near Albuquerque, but the physical address on its application form wasn't Goyette's. On December 7, a surveillance team saw Goyette pick up his mail from the P.O. box and drive away; the license plate showed his truck registered to Michael Jurek of Albuquerque. The driver's license photos showed Goyette and Jurek to be the same person, the affidavit said.

Then we have the credit card charge.

Citibank records showed that Michael Jurek used a credit card at Enterprise Rent-a-Car on October 17, the affidavit said. Using his driver's license with the Jurek name, Goyette rented a car and obtained permission to drive to Texas. He drove 618 miles; and the U.S. Attorney's Office points out it's 284 miles from Albuquerque to Amarillo.

The letters began arriving October 20.

Regardless of whether Goyette is guilty--and it should be noted that people charged with crimes are presumed innocent until convicted--the case shows just how many digital fingerprints people leave as they go about their daily lives.

Tracking people through digital records will only become more important to law enforcement as more people live their lives online through e-mail accounts, Web site comment posts, Yahoo Search Pad research, and other activity. And, of course, it will become more important to others as well, such as private investigators, hiring managers, nosy parents, and former and future boyfriends.