Email death threat against John T. Reed and his family

Below is an email I received on 2//3/10. I include the headers in case any knowledgeable reader can derive information about who sent this that I can pass on to law-enforcement authorities. It appears to be a form email sent to many people. I would appreciate any information that might be of interest to the law enforcement authorities. I include it at my military web site because the sender signed it with the word “Marine.” It is also signed with the letters KGB. That is the abbreviation of a Soviet secret police organization that came into being in 1954 and went out of business in 1991 along with the Soviet Union itself. I have no idea who sent it but clearly the sender wants me to think it is a current or former member of the U.S. Marine Corps.

A Web site called snopes.com says this is a widely-used internet fraud.
Thanks,
Jack Reed

The FBI has a Web page devoted to this type of threat at http://www.fbi.gov/page2/jan07/threat_scam011507.htm.

Here is an email from a reader who traced the death threat partially:

John,

There's definitely ways to trace this... unless you're incredibly tech-savvy, IP addresses are easily tied to a geographic location and ISP (Internet Service Provider). There are a few sites around that can trace this back for you, but here's what I came across:

http://www.topwebhosts.org/tools/ip-locator.php
Geolocation data from IP2Location (Product: DB4)
IP Address Country Region City ISP
74.55.12.210 United States Texas Dallas Theplanet.com Internet Services Inc
Google Map for DALLAS, TEXAS, UNITED STATES (New window)

Geolocation data from IPligence (Product: Max)
IP Address Country Region City ISP
74.55.12.210 United States Texas Houston Theplanet.com Internet Services Inc.
Continent Latitude Longitude Time Zone
North America 29.7181 -95.4241 CST [This is at or very near 2946 Georgetown Street in Houston, TX, a single-family residenial neighborood.]

It seems 'Theplanet.com' is a server hosting company but also an ISP, or at least was at some point; I'm here in NY so hard for me to tell. At the very least it indicates the email passed through this company. Your best option here would be to file a police report and taking it to this company to have them reveal the sender/whomever is behind this IP address, or perhaps the police can do this step for you.

This at the very least should help point you in the right direction. Really writing a threat like that via email is pretty traceable, you just have to go about some investigation to do so... but the email itself is sufficient evidence to justify your search to the police/ISP.

Good luck.

[Reed note: I sent the threat to the local police and FBI immediately after receiving it.]

My local sheriff’s office said this is a widespread Nigerian money scam. “Don’t worry about it.”

Here is an email from another reader:

Regarding the death threat:
Trace it from bottom top. Ignore the "from" and "reply-to," as they are
trivially faked. After that, we get to:
"received from 217.20.240.19"
"SquirrelMail authenticated user deshmorris@frametechnologies.com"

This indicates that (unless he's really clever) the actual sender's IP
address was 217.20.240.19. and he was logged into
frametechnologies.com's Web-based email system.

The IP is owned by Red Wing Satellite Solutions, Ltd out of the UK.
Their main page shows irrelevant US-specific marketing, but this page
shows they serve as an ISP via satellite to places including Africa:
http://www.cto-ict.org/index.php?dir=08&sd=40&partner=redwing
Their WHOIS entry says they can be contacted at abuse@redwingsat.com

Frame Technologies is based in Ghana per
http://www.frametechnologies.com/contact_us.php Their WHOIS record lists
omavohosting.com of Lodi, CA as a US contact for what that's worth.

The rest of the stuff indicates that Frame Technologies' hosting company
is TMD Hosting (http://www.tmdhosting.com/) of Delaware, who keeps their
computers at The Planet's data center in Texas (a common industry practice).

And aother email from a reader:

Hi John:

I am one of your readers who is also an instructor for 25 years of English as a Second Language. The grammar mistakes in the letter and style (similar to all the scam letters in my google spambox) are consonant with the Nigerian/lotto winning/ inheritance sharing scam letters that I have received from around the world. The death threat tone is a new one for me. I guess these scammers are getting desparate.

Here is the death threat and the Internet headers of it:

X-Apparently-To: johnreed@johntreed.com via 216.252.120.77; Wed, 03 Feb 2010 20:00:45 -0800
X-YahooFilteredBulk: 74.55.12.210
X-YMailISG: WOI4y1sWLDvx2.Z881pbcN_lvUCrhrsat_MLY930107gB081Bw7xoDBTYyXeRMEoeX70xwWlv3SGB6SAVv0FZtLp8GRfvJqe8P7FdPdZpUZ5qQoHy7E31Xb.sKdslfJgWOmd8d_QhKMsxAhbDLS8gahHrywd0bVmRKuRkW9uYsi2s9XzczSYaFCqqV9dxbub3H.EcpIi8lNjUK6VRdEgMm7OtF76lqTPG70TwqIuU_axU1DIvfrDCKHg6rF3LQrX89jVX3L67zHcXk5L0OmcGOdQ.c7l13veLpdAod8jprZsnkgzheFozm7gOPn1TW3.qrg.cmaSGD7_ICYKJ.yi5lksCnfb5jZczF_spDUK43jyG6utXUfsH80M2Zf_bkVMc4SDtwm2_g--
X-Originating-IP: [74.55.12.210]
Authentication-Results: mta112.biz.mail.re2.yahoo.com from=hotmail.com; domainkeys=neutral (no sig); from=hotmail.com; dkim=neutral (no sig)
Received: from 74.55.12.210 (EHLO node01.tmdhosting110.com) (74.55.12.210)
by mta112.biz.mail.re2.yahoo.com with SMTP; Wed, 03 Feb 2010 20:00:44 -0800
Received: from localhost ([127.0.0.1] helo=webmail.frametechnologies.com)
by node01.tmdhosting110.com with esmtpa (Exim 4.69)
(envelope-from <marinekgb@hotmail.com>)
id 1NcstI-0002Z6-SX; Wed, 03 Feb 2010 22:00:28 -0600
Received: from 217.20.240.19 ([217.20.240.19])
(SquirrelMail authenticated user deshmorris@frametechnologies.com)
by webmail.frametechnologies.com with HTTP;
Wed, 3 Feb 2010 22:00:28 -0600 (CST)
Message-ID: <2045.217.20.240.19.1265256028.squirrel@webmail.frametechnologies.com>
Date: Wed, 3 Feb 2010 22:00:28 -0600 (CST)
Subject: HITMAN
From: "hitman" <marinekgb@hotmail.com>
Reply-To: marinekgb@hotmail.com
User-Agent: SquirrelMail/1.4.13
MIME-Version: 1.0
Content-Type: text/plain;charset=iso-8859-1
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
X-AntiAbuse: This header was added to track abuse, please include it with any abuse report
X-AntiAbuse: Primary Hostname - node01.tmdhosting110.com
X-AntiAbuse: Original Domain - johntreed.com
X-AntiAbuse: Originator/Caller UID/GID - [47 12] / [47 12]
X-AntiAbuse: Sender Address Domain - hotmail.com

Good day to you.

Am very sorry for you my friend, is a pity that this is how your life is
going to end as soon as you don't comply. As you can see there is no need
of introducing myself to you because I don't have any business with you,
my duty as I am mailing you now is just to KILL/ASSASSINATE you and I have
to do it as I have already been paid for that.

Someone you call a friend wants you Dead by all means, and the person have
spent a lot of money on this, the person also came to us and told me that
he want you dead and he provided us with your name, picture and other
necessary information's we needed about you. So I sent my boys to track
you down and they have carried out the necessary investigation needed for
the operation on you, and they have done that but I told them not to kill
you that I will like to contact you and see if your life is Important to
you or not since their findings shows that you are innocent.

I called my client back and ask him of you email address which I didn't
tell him what I wanted to do with it and he gave it to me and I am using
it to contact you now. As I am writing to you now my men are monitoring
you and they are telling me everything about you.

Now do you want to LIVE OR DIE? As someone has paid us to kill you. Get
back to me now if you are ready to pay some fees to spare your life, If
you are not ready for my help, then I will carry on with my job
straight-up.

WARNING: DO NOT THINK OF CONTACTING THE POLICE OR EVEN TELL ANYONE BECAUSE
I WILL KNOW. REMEMBER, SOMEONE WHO KNOWS YOU VERY WELL WANT YOU DEAD! I
WILL EXTEND IT TO YOUR FAMILY, IN CASE I NOTICE SOMETHING FUNNY.

DO NOT COME OUT ONCE IT IS 7:30PM UNTIL I MAKE OUT TIME TO SEE YOU AND
GIVE YOU THE TAPE OF MY DISCUSSION WITH THE PERSON WHO WANT YOU DEAD AFTER
YOU HAVE COMPLIED WITH MY DEMANDS, THEN YOU CAN USE IT TO TAKE ANY LEGAL
ACTION. GOOD LUCK AS I AWAIT YOUR REPLY

Regards

Marine KGB World-Wide