By Julie Posey
An Introduction to Julie Posey NAIS member
By Barbara Maikell-Thomas
In 1996 Julie got a call from the local District Attorney's office asking her to testify as a victim/witness in a child abuse case that took place in 1981. Over the next few months she began spending a lot of time talking with the detectives about the case. Julie being well versed on the Internet, offered to help an investigator learn the IN's and out's of the Internet in order to catch predators that were posting child pornography or luring children to meet them, in person. She and the investigator sat down and created a plan for an undercover operation. That single sting operation resulted in the arrest and conviction of nine suspects all over the US in just a couple of months.
Julie is currently working to help assist Law enforcement officers identify evidence, and to gather facts leading up to arrest for Internet crime.
She is involved in writing curriculum for both law enforcement and private investigators, that will help train them in techniques for investigation of Crimes such as stalking, child luring, drug dealing, and more. This curriculum will be available by June 1st. In the near future she plans to conduct seminars based on this curriculum.
In addition to being a regular contributor to Joseph Culligan's newsletter since the start in June of 1999, Julie has also contributed to a Manuel which is currently being written by the Department of Justice section for assisting Law enforcement with identification, and evidence of gathering facts leading up to an arrest for an Internet crime.
Julie Posey was born in Colorado Springs Co. April 4, 1964. She and Her husband Jerry Posey have one daughter Kristen 11. Two cats: Tara and boogers are included in their family ring.
The Internet has enabled child pornographers to widely distribute mass collections of child pornography in a matter of seconds. While I believe that is a problem and a serious one, there is another problem that exists on the Internet. In order for there to be child pornography in the first place, there has to be a predator and an abused child.
There are literally thousands and thousands of mailing lists, newsgroups, chat rooms and other places where these predators will advertise searching for a young person to victimize. These predators come from a wide variety of backgrounds. I've seen doctors and lawyers as well as homeless persons using the Internet as a sophisticated network for searching out victims and getting support from others sharing this same interest. Recently the case of Patrick Naughton, an executive vice president of Infoseek Corp. and Disney's GO Network got global attention when he was arrested by the FBI in Santa Monica, CA after he allegedly tried to meet a 13 year old girl for the purpose of having sex with her. Tracing these predators has become my focus over the past three years. I'm going to show you just a few of the techniques that I've used to track them down.
One of the most important things that I can't seem to stress enough is the importance of removing these predators from the Internet. Many people think they have done a good deed when they contact the Internet Service Provider of a child pornographer or predator and have his account closed. This couldn't be further from the truth. Closing the account does very little if any good. He still has the ability to create a new account and contact more children. The best thing to do is report the incident for investigation so that together with law enforcement we can stop him from harming children. Reports are taken at my web site at:
or by calling them at 1-800-The Lost. They do an excellent
job of handling all aspects of missing or exploited children and
have recovered many from Internet reports.
DejaNews archives about 80,000 newsgroups and has made their archive available online free of charge. They have created a powerful search engine that is very useful in tracking down articles that have been posted since about 1996. There are some tricks that you can use in order to find information on predators too.
1. Go to Deja.com at www.deja.com, click on POWER SEARCH, (in the upper right hand) in the AUTHOR box, type the e-mail address that the person is using. This should bring up any articles that he/she has posted. Pay close attention to all information that an author posts. Frequently the author of a newsgroup post will post an article looking for teen boys, illegal weapons or drugs but if you read former posts you may find more details. I make it a habit of reading all of the posts that an author writes because I will often find some older messages where he is trying to sell his VCR and includes his name, phone number and other personal information. You may also find Web page addresses, other e-mail addresses, an online resume or something that will help you identify him or her. See illustrations at:
Once you find a predator, be sure to click on POSTING HISTORY. This is located just below his e-mail address. This will bring up a history of anything he's ever posted to in a newsgroup. Again, read these articles closely because there may be some valuable information in them.
See illustration at:
They will often use the same user name when signing up accounts with other Internet Service Providers so be sure and check for those too. In the AUTHOR box, put just the user name with an asterisk after it. For example, I'd like to know if firstname.lastname@example.org has another account somewhere. I type in BADGUY* and it will bring up other posts using that user name which may help me track him down faster.
You can find predators in your area by typing in the name of your city and state or an area code in the SUBJECT box. You can view the articles by clicking on the hyperlinks. In order to save this as evidence, click on VIEW ORIGINAL USENET FORMAT. This is very useful because it shows full headers with IP addresses and more.
See illustration at http://www.pedowatch.org/leinfo/images/ng6.jpg
2. Go to Altavista.com at www.altavista.com or Reference.com at www.reference.com type in an e-mail address. This could show other places on the Internet that he has posted something using that e-mail address. Again, you may find a Web page or some other important information.
3. If you do happen to find a Web Page, download it while you are there because it can be changed or deleted at anytime.
4. Go to Infospace.com at www.infospace.com and do a reverse e-mail search. You can also use this site to do other searches such as reverse phone number searches and address searches.
5. If you would just like to know where the ISP (Internet Service Provider) is located, go to Network Solutions at www.networksolutions.com/cgi-bin/whois/whois and type in the domain name. t will tell you who that domain is registered to. This of course will not be of much help if he or she has a nationwide ISP such as Netcom, AOL, Compuserve or Prodigy.
6. Go to Search.com at www.search.com and type in a name or an e-mail address. If that e-mail address has been used to post anything to the Internet, you should get some hits.
7. Go to www.egosurf.com and type in a name and it will search the Internet for it. You can also provide your e-mail address and it will continue to search for a week.
8. Go to www.pedowatch.org/leinfo/tracker.htm for some useful tracking tools all in one place. Earlier in June, I did a case in Colorado that was fairly easy to track. I observed a man using the e-mail address email@example.com posting multiple times to newsgroups that he was wanting teen girls in the Denver area. You can read his actual newsgroup postings and the press release at http://www.pedowatch.org/leinfo/arrest4.htm
The first thing I did was gather all of his newsgroup postings, save them to my laptop, create two backups and a print copy. I then went searching for further evidence. From his headers in the newsgroup posts, I learned that his mail was consistent with mail that would be coming from a Netcom account. See the following header:
From: "Enter your name here"
Subject: 303 f/earlyteens wanted
Date: 27 Mar 1999 00:00:00
GMT Message-ID: <firstname.lastname@example.org
X-MimeOLE: Produced By Microsoft MimeOLE V4.72.3155.0
Organization: Netcom X-NETCOM-
Date: Sat Mar 27 6:01:27 PM CST 1999
My name is tom im 36yrs 178lbs and 5'11" e-male me i'll send you a pic. Send me one too.
I then went to his Internet Service Provider which is Netcom
to check to see if he may have a home page. He did in fact have
a home page and as of the time of writing this, it is still online.
I took a wild guess and typed in http://home.netcom.com/~tormsby/ and it took
me to a directory where his home page was
From his home page, I learned that he was saying his name was Tom Ormsby, he was a 36 year old computer technician living in Denver, CO and that he had a degree from Springfield, MA in electronics. I verified with the Department of Motor Vehicles that there was in fact a person by that name living in Denver.
I decided to contact him and see what his intentions were and what he'd tell me. I sent him e-mail saying that I was a 14 year old girl that saw his newsgroup posts and told him that he could contact me if he wanted to. He contacted me the next morning stating that he did want to talk to me. We exchanged e-mail back and forth for about a week then he suggested that I send him a picture. I sent him a picture that I created by scanning a photo from my sewing book and putting it with a different background. A sample of a picture like I used can be seen at
I use fuzzy and not real clear pictures on purpose. I want the undercover decoy to look similar to the person in the picture when he shows up to meet them. If he gets a real clear image in his head, he may not make contact with the decoy. What I do is go to the craft department of Wal-Mart and check for outdated pattern books. They will usually sell these for fifty cents to two dollars and they usually have lots of pictures that I can use so that I'll always have a fresh supply.
I noted the IP address from the headers of his e-mail and confirmed that it too was coming from a server in Denver from Netcom. See the following header:
Received: from den-co71-52.ix.netcom.com (126.96.36.199)
I went to the Sam Spade site at www.samspade.org/t/ and typed in the IP address (188.8.131.52). I checked the box saying WHOIS and REVERSE DNS
Here is the brief report that I got from there:
Registrant: NETCOM On-Line Communication Services, Inc (NETCOM-DOM)
2 N Second Street
San Jose, CA 95113 US
Domain Name: NETCOM.COM
It also verified the server that IP address used was:
Official name: den-co71-52.ix.netcom.com.
Which perfectly matched what I had taken from newsgroup headers and in e-mail headers.
The reverse DNS shows the 266 IP address around the one I was looking at and Netcom owned them all.
Sam Spade has a free program version of these tools that you can download onto your own
computer at www.samspade.org
By the beginning of the second week Tom was ready for a phone call and gave me his number which was traced back to an apartment in Denver and to an individual using the name Tom Ormsby. It was now time to contact law enforcement for assistance. I have a contact that sounds a whole lot like a 14 yr. old girl and has all the slang down pat and everything. I also gave them the information that I had found with his name and of course the phone number and that fact that he was from MA. While we were preparing for the phone call we were checking for a criminal history and were able to find some information on a prior arrest involving attempted rape in Springfield, MA.
During the phone call, Tom gave the undercover officer plenty of evidence of his intentions, told her where he worked and where he lived. The information matched up with what law enforcement was able to bring up on their computers and what I was able to find with information that I have access to as well.
I'd like to note that it is very important to get phone calls if you can. I was involved in a case where the defense claimed that it was just role play on the Internet and would have never gone any farther. Well, the only problem with an excuse like that is that if he shows up to meet the kid, there is more evidence that he planned to molest her. I always try to get a phone call in to show another form of evidence that his intentions were to harm a child. That excuse didn't work but I want to make sure it never does.
Soon Tom began to send images of couples in various sexual acts. He told me that these were examples of things that we could do when he met me. I told Tom that we were on the same page and I'd like more information about how he plans to meet. He stated that he knew an eleven year old girl that could take pictures and that he would give me $20 to pose for the picture.
Tom decided that he wanted to meet at McDonald's near where I had told him that I lived. He stated several times that I needed to make sure that I showed up and that I was not to be late no matter what. He got very specific about what he wanted the girl to wear including red lipstick and tight black pants. I assured him that I'd not be even a minute late and that I'd be wearing the red lipstick and whatever else he wanted me to wear.
On June 11, 1999, investigators from the Jefferson County District Attorney's office in Golden, CO have a briefing with me and then go out to McDonald's.
Tom does in fact show up at his specified location. He made contact with the undercover investigator and stated that he'd like to take her to his house. He was promptly arrested and charged with attempted sex assault on a minor and was taken to jail without bond. His bond was later set for $25,000 but he remained in jail because he was unable to post bond. Tom currently is being considered for possible probation. If you would like to read the report that I gave to law enforcement it is available at
and it does get rather graphic so if this offends you please don't read it.
Here are some helpful sites to use if you need to find information on someone:
-Check for AOL Home Pages http://hometown.aol.com/
- Check for AT&T User Pages http://home.att.net/find_members.html
- Search for Netcom or Mindspring Users http://www.netcom.com/dbase/index.html
- To find CompuServe users type http://ourworld.cs.com/"membername"/ and replace the word "username" and the quotes with their user name.
- Search Yahoo! Users http://search.profiles.yahoo.com
- Search for an ICQ user http://www.icq.com
- Search for MSN Messenger Users http://search.talkcity.com/msn/
- Search for Prodigy user by typing http://pages.prodigy.com/"username" remember to remove the quotes and use an actual user name.
- Oznic has a free program that searches domain names from your desktop http://www.oznic.com.
- I hope this article has been informative and that you will report any child abuse that you find online to the proper authorities in an effort to protect our children.