On Wednesday, 24 November 1971, 46 years ago, an American Legend was born. A man using the name Dan Cooper bought a plane ticket at the Northwest Orient Airlines’ Portland ticket counter. He purchased a ticket on Flight 305 from Portland, OR to Seattle, WA.
Cooper boarded the Boeing 727-100 with a briefcase (no airport security in those days, no ID checks; just pay and fly). In flight, Cooper handed the stewardess a note that said he had a bomb, which he showed to the stewardess. He demanded $200,000 and 4 parachutes in Seattle. The FBI assembled the cash and the 4 parachutes.
Once the plane landed in Seattle, Cooper released the passengers but kept the crew onboard. He demanded that the crew fly to Mexico, which required a re-fueling stop in Reno, NV. The Boeing 727 took off from Seattle. In flight, Cooper demanded the stewardesses move to the cockpit with the pilots. He also instructed the crew to fly at a certain speed and altitude. Still over Washington State, the crew noticed a warning light flashing, indicating the aft stairwell under the aircraft tail had opened.
When the plane landed in Reno, Cooper, the bomb, 2 parachutes and the $200,000 were gone. Cooper had disappeared and is responsible for the only unsolved airline hijacking in American history. Dan Cooper was misidentified by local media as D.B. Cooper and the AKA has stuck. There have been movies and books written about Cooper and there are still many amateur civilian investigators continuing to research and investigate this case today.
So why am I writing about it here? In early September 2016, I was contacted by the lead investigator of the D.B. Cooper Cold Case team, led by Tom Colbert. Tom had put together over 40 retired federal agents, forensic psychologists, polygraphers, document examiners, police detectives, military intelligence officers, and Assistant US Attorneys. Tom’s team worked for over 5 years and believed they had uncovered the true identity of the infamous D.B. Cooper to be Robert Rackstraw of San Diego, CA. In July of 2016, much of their labor was aired on the History channel in the form of a 3-hour documentary, during which they tried to interview Rackstraw.
Well, Tom called me and asked me to join the team and run the cyber operations for the Cold Case team. I was a little perplexed. What possible cyber nexus could the D.B. Cooper case possibly have today?
It seems that after the History Channel’s documentary aired, a few new users appeared on D.B. Cooper research and investigative websites (there’s a bunch of them) and these new users had new facts about the case that no one except the Cold Case Team knew. Evidence that hadn’t been aired in the documentary. It was suspected that the team’s suspect, Robert Rackstraw, had joined these Cooper sites using aliases to plant information, in order to see how much the “Cooperites” actually knew and to eavesdrop on their conversations.
I was asked to try to identify the actual identities of the new users suspected to be the real D.B. Cooper or his surrogates. I put together a volunteer team, comprised of cyber investigators, and network intrusion and digital forensics experts with over 85 years of criminal and counterintelligence cyber-investigative experience with the DoD. This part of the investigation is still ongoing but something unrelated and interesting occurred.
Shortly after initiating our online undercover operation, Tom asked me if I would also “handle” a confidential informant (CI) that had contacted him. After viewing the Cooper documentary, the CI claimed he had hunted down Robert Rackstraw on Facebook and “catfished” him; he had forwarded several of their private Facebook message exchanges as proof.
So on 10 October 2016, I took on running this rogue “Catfisher” as well.
Urban Dictionary definition of a Catfisher: A catfisher is the name coined to a bottom-dwelling human who spends a great deal of time on the net in various locations, luring people into a falsely-based romance. The catfisher uses fake pictures and bogus info, often because he or she has low self-esteem or simply is not happy enough with their image to present it to people that they deem out of their league. Playing people they’d otherwise not even get to speak to, in turn, boosts a catfisher’s self-confidence.
I decided to keep these two cyber operations separate and distinct. The original op was one that we had planned, coordinated, and knew all of the players. The second was a possible opportunity but not under our total control, so we needed to test our source. CI’s come with their own sociopathic baggage; they do bring access to the target, but they also have their own motivations that may not be in sync with yours. One of the first things you want to do is to make sure they follow instructions, so you improvise a test to verify whether the CI conforms to your directions and whether you can manage them.
In our first telecom, we wanted to know more about the CI’s background and motivation. He told me he was married with children, then sent a picture of himself with his family. But he also admitted his wife had divorced him once because of his use of Facebook, but that they were back together—that’s why he no longer had his own profile. Now he was secretly using the fictitious Facebook profile of a 52-year-old female nurse persona, “Kelly Young,” to “snoop around”—and that’s what led up to his search for Rackstraw.
There’s definitely a scary, deceitful side to this guy. With my radar up, I asked one of our veteran private investigators to do a detailed background report on the CI. All other facts seemed to be correct, but with a catfisher, you never know. We did discover our catfisher was also a local pastor and so was his father.
The CI said he located Rackstraw in early September, and then sent a Facebook message from his catfish nurse account—“sexy” photo, alluring lingo and all. On 5 Oct 2016, the 73-year-old target finally responded. A cordial exchange of private chit-chat began, along with non-threatening probes about the Cooper case. But that all changed, 4-5 days prior to our team’s phone call.
“Kelly” and Rackstraw had turned from Facebook messaging to text-messaging, leaning toward “sexting.” Rackstraw first sent his lady friend some Vietnam-era photos, certificates and pictures of his medals, as well as pictures of his family members. He then ramped it up by forwarding a private selfie of himself working out in the gym, which was followed by both parties exchanging much racier nude photos. Finally, Rackstraw sent a web address displaying a variety of pictures of his 45-foot yacht named “Poverty Sucks” in San Diego, and invited her to come stay.
The unsolicited trove of forwarded military history was impressive and a great deal was false, but we directed the CI to just keep it all friendly—the sexting was not necessary nor helpful. When he ignored my instruction and continued, I gently let the CI know on 13 Oct 2016 that we were parting ways, but that if he discovered anything about the identity of D.B. Cooper to let me know.
About a week after cutting all ties with the CI, we noticed that he had joined one of the Cooper websites on which my team was operating undercover (as his male self, not as “Kelly”). After some nonsensical and bizarre blog exchanges with Cooper-case strangers on 20 Oct, he appeared to have a personal meltdown. He then started dumping all the military-related pictures Rackstraw had sent him, without any explanation, and confessed that he had catfished Rackstraw, until the website’s SysAdm kicked him off the site for good. The CI continues to investigate Cooper on his own and still sends me information he thinks is pertinent today.
The Cold Case team has continued investigating and will release much more evidence on the 46th anniversary of the hijacking this month. The team sued the FBI to get access to the closed FBI case file, and won. Slowly, the FBI is releasing never-before-seen evidence to our team. To learn more about the case, Rackstraw, and the newly released FBI case file notes, go to DBCooper.com.
Who would have thought that a 46-year-old cold case could possibly have a cyber nexus today? Cyber investigations and digital forensics are extremely powerful tools that should be considered in almost any investigation. I’m now waiting for a call to join the Lincoln Assassination cold case team…
Jim Christy is VP of Investigations and Digital Forensics at Cymmetria. Jim retired from the U.S. government in 2013, ending a career investigating computer crimes and running digital forensics labs that began in 1986 at the Air Force Office of Special Investigations.
Jim can be reached by email at firstname.lastname@example.org.
Connect with Jim on Twitter: @jimchristyusdfc