Tech sleuthing helped FBI probe at federal observatory

The IT staff and leadership of the National Solar Observatory in New Mexico and the FBI used the facility's Wi-Fi network this summer to track down an illicit user who was allegedly downloading and distributing child pornography from the mountaintop site, according to FBI documents.

The investigation and an accompanying undercover IT operation precipitated the mysterious 10-day evacuation and shutdown of the facility earlier this month.

The early-September closure wasn't officially explained by federal authorities at the time. The official silence led to speculation that extraterrestrial aliens, a possible cyberattack or other national security issues were somehow involved.

The observatory, in Sunspot, N.M, is in the vicinity of the legendary Roswell, N.M., site where an alien spacecraft was supposed to have crashed in 1947.

The agencies that run the facility, including the National Science Foundation, said the decision to vacate the facility was due to a criminal investigation.  The statement said there was concern that "a suspect in the investigation potentially posed a threat to the safety of local staff and residents."

That person, according the FBI search warrant application filed in a federal court in U.S. District Court in New Mexico, was a janitor working the night shift at the observatory who allegedly used the site's Wi-Fi network and peer-to-peer file-sharing to download and distribute child pornography.

The FBI ran across the National Observatory's IP address during an online child porn investigation begun in January. The IP address popped up again in July. The agency contacted the observatory's director about the hits. As a result, the observatory's top manager temporarily shut down access to the Wi-Fi network.

The FBI, in consultation with observatory managers and IT staff, reopened the public Wi-Fi network to monitor activity, assign a new unique IP address and set up a new access point that could be used to better track Wi-Fi use within the observatory.

A hit on the new IP address and the discovery of a pattern of downloads and distribution led investigators to an observatory janitor. (FCW is not naming the individual in the warrant application because he has not been charged.)

The application also reported that the janitor told observatory's chief that he was concerned about a serial killer in the area who he feared would come into the facility and "execute someone." That threat led to the dismissal of the janitor, the termination of the cleaning company contract (held by the janitor's parents), the closure of the observatory and an intensifying of FBI surveillance.

The warrant request also called for a judge to order the janitor to cooperate with investigators by unlocking any mobile devices to which he might have transferred child pornography -- including providing fingerprints to access any Apple iPhone or iPad he might own.