An airline received an electronic bomb threat for one of its long-haul flights scheduled for a particular date. This threat was communicated to the airline via its customer support/feedback page, which was hosted on its Internet-facing server. As was the norm, the data was collected by the web form and posted to an offshore support and feedback-handling center. The operator handling the complaint looked at the threat and notified her supervisor. Based on the supervisor's assessment, the threat was further escalated and both the airline and law enforcement were notified. To assist in the technical investigation of the case, our team was called in.

As a first step, we requested access to all the digital evidence as well as the logs of the web server, where the Support Form was posted. It was found that there was no record of the IP addresses used to send such e-mails. This itself was a major setback.

A quick look at the received communication established that the web Support Form sent...