The recent bomb threat emails targeting Hungarian schools have raised pressing questions about cybersecurity and digital crime. According to Hungary’s national cyber coordinator, Zoltán Rajnai, the emails were sent via Ukrainian IP addresses using a Russian email provider. However, Rajnai cautioned that pinpointing the true origin is far from straightforward, as these email services can be accessed and registered from anywhere in the world.
Speaking on Hungary’s M1 television channel, Rajnai noted the similarities between the Hungarian incidents and threats made against hundreds of Slovenian schools and kindergartens the same week. In both cases, disposable email addresses were used to send the messages, a tactic that complicates investigation efforts.
Rajnai explained that disposable email accounts function much like prepaid mobile cards. They require no identification to create, making it challenging to trace their origins. While Hungarian investigators successfully identified Ukrainian IP addresses linked to the emails, tracing these further becomes difficult when virtual private networks (VPNs) are involved.
‘Disposable email accounts function much like prepaid mobile cards’
Disposable email addresses, often registered through anonymous services, are sometimes linked to VPNs, which are primarily used to protect personal or financial data. According to Rajnai, if an individual creates a disposable email account via a VPN, tracing their identity becomes significantly harder. ‘Those who use such methods are likely to have some level of technical proficiency,’ he noted, adding that using a personal computer without protective measures for such activities would be highly reckless, as it leaves a clear digital footprint.
To combat this kind of cybercrime, international cooperation is essential. Rajnai emphasized the importance of working closely with foreign authorities and service providers, a practice already in place following similar incidents in the Czech Republic and Bulgaria.
‘If IP addresses can be traced and matched to a location, the individual responsible becomes identifiable’
When asked how perpetrators might slip up and aid investigators, Rajnai highlighted overconfidence as a key vulnerability. Criminals who forgo VPNs or send messages from easily monitored locations, such as internet cafés with security cameras, leave behind critical clues. If IP addresses can be traced and matched to a location, the individual responsible becomes identifiable.
Rajnai shared an example of swift investigative success: just last week, a 15-year-old student sent a bomb threat message from a Hungarian IP address. Thanks to efficient work by Hungarian investigators, the source was traced and identified within a single day.
As cyber threats continue to evolve, the importance of vigilance, advanced investigative techniques, and cross-border collaboration cannot be overstated. The recent incidents highlight both the challenges and potential breakthroughs in addressing the growing complexities of digital crime.
Related articles:
