Car keys and phone calls – part 1

Written in


Several years ago, I had a robbery case where the primary suspect (Guzman) was caught up in a web of lies. You can read the Court’s decision on his appeal here and it’s worth the read. Here is some of the relevant information from the case. The victims in this case were Gilardi and Gueorguiev, and Guzman is the suspect. As you read this section, try to identify any red flags you see.

Gilardi testified that he wanted to buy a cell phone for his daughter and that he answered an online posting on a trading platform called OfferUp, where an individual later identified as Guzman had listed a cell phone for sale. Gilardi contacted Guzman and arranged to meet at a park on South First near Oltorf in Austin. When Gilardi arrived, Guzman was not there. Gilardi sent a message to Guzman, who changed the meeting location to a spot at the end of Durwood Street. After Gilardi drove there, Guzman stated that he wanted to show the phone to Gilardi inside the car. Although Gilardi preferred to exchange the phone in the open, he agreed. Then Guzman and another man got into Gilardi's car. Guzman pointed a gun at Gilardi and demanded all of Gilardi's money and his personal cell phone. Gilardi handed his cell phone and $250 to Guzman, who fled on foot. Gilardi returned to the park and borrowed someone's phone to call 911.

Guzman v. State, NO. 03-18-00054-CR, 2 (Tex. App. Aug. 3, 2018)

Every day, many legitimate transactions for buying and selling used cell phones occur on platforms like OfferUp. Platforms like this are also used by unscrupulous folks who are looking to do harm as well. The problem is common enough that most platforms have dedicated information about how to stay safe such as the one from OfferUp found here. Whenever you read safety tips from buy/sell/trade platforms, don’t ignore them; these tips are hard-earned lessons that have many people’s names attached to them.

I interviewed Gilardi after he was robbed at gunpoint. He said that wanted to get his daughter her first cell phone to help her communicate with her family and so they could keep her safe. Gilardi went to OfferUp to find a used cell phone for his daughter and thought he found an amazing deal that was almost too good to be true. That part isn’t mentioned in the above case but it was a giant red flag and Gilardi even told me he “should have known” something was wrong. Taking a good next step, Gilardi arranged a local spot to meet with the seller (Guzman) in a high visibility area frequented by a lot of people, not at his home. This is right out of the ‘stay safe’ tips from most platforms. Notice that Guzman changed the meeting location after Gilardi had already arrived. This is a giant red flag. Last minute changes that put pressure on you to accept. After all, Gilardi had already invested his time and attention to make this deal, and this added pressure to move to a different location might feel reasonable at the time. The new location was only down the block from the park but was much more secluded. The next red flag occurred after Gilardi arrived at the new location only for Guzman to say they should make the transaction inside Gilardi’s car. At this point, Gilardi told me that he was already starting to feel like something was ‘off’ but he really wanted to make the deal and he felt a sense of pressure to continue the deal. After Guzman and the other suspect got into Gilardi’s car, it was too late; Guzman pulled a gun and demanded the cash that Gilardi brought to purchase the nonexistent phone along with demanding Gilardi’s phone. Fortunately for Gilardi, the two men then ran off on foot.

It’s commonly said that “police don’t catch the smart ones” and while I disagree, Guzman had already made several fatal errors in his scheme. This would only be the beginning of Guzman’s crime short crime spree but his fate was already sealed. Unbeknownst to him, even when you use fake information to signup for an account on most platforms like OfferUp, information like the IMSI (International Mobile Subscriber Identity) used to identify your SIM and the IMEI (International Mobile Station Equipment Identity) which is basically like a serial number for you phone are sent to the platform. With a search warrant sent to OfferUp, I was able to get the account information for Guzman, the IMEI of the phone used to create the account, his associated Facebook account, the IP address used to setup the account along with IP addresses used to access the account, location data for the days leading up to the robbery, and other information. With the IP addresses, I was able to identify the ISP (Internet Service Provider) the IP addresses belonged to and send search warrants to them for subscriber information. In this case I learned that one of the IP addresses was an IPv6 which was used by the cellular provider to specifically identify Guzman’s cell phone for a period of time that more than covered the time of account creation and the robbery. One of the IP addresses used to access the OfferUp account came back to the modem at Guzman’s home. Logs on the modem from Guzman’s home showed that his cell phone was assigned that IP address at the time it was used. A search warrant sent to Facebook identified the same IP addresses and IMEI for Guzman’s phone as having accessed his Facebook account, an account that contained his actual personal information and photographs taken from his phone of himself. Historical location data from his cell phone provider and from OfferUp showed Guzman’s phone moving from his residence to the scene of the robbery and being used to access OfferUp during the time of the robbery. Later when he was arrested, Guzman would have his phone on him and clearly state that the phone was his, which matched subscriber information.

I will continue the investigation next time.