What was the Sandy Hook shooter’s Xbox Live username?

When police kicked in the door of the Lanza home at 36 Yogananda Street on the evening of December 14th, 2012, one of the less-interesting finds at the scene (considering what was found upstairs) was a catalog of Xbox and Xbox 360 games in the basement. But once details of the crime and its perpetrator began to come together, they knew that these gaming devices were actually valuable potential evidence sources, and treated them appropriately.

(note for non-gamers: the XBOX is/was a predecessor of the Xbox 360, as a Nintendo is to a Super Nintendo.)

Although several other games consoles were also found in the home (a Nintendo Gamecube and Playstation 2, notably) these are of limited investigative value, because they have essentially no online functionality (without the use of adapters, which were not found in the Lanza home.) To their credit, the Connecticut State Police were aware of this distinction between “offline” and “online” consoles, and noted it appropriately in their search reports:

SHL-ps2-noonline

The Microsoft consoles, on the other hand, feature the Xbox Live online service. Introduced first in 2002 on the original XBOX, this was the service that really cemented the concept of an online console for mass audiences, which is now the standard for every games console: you can have “friends” lists, exchange text messages and voice chat, and play with or against other players.

Ever since the discovery of the Xbox consoles, then, there has been an open question as to what Adam Lanza’s Xbox Live username (or “Gamertag”) was: if you can find his account, you can find out who he talked to, and what was said… just in case it sheds any light on the crimes he committed, especially considering he spent more time online than out of the house, and had very few friends or even acquaintances.

With that in mind, the Connecticut police turned over the consoles to the FBI for analysis, including to identify any user accounts on the XBOX’s hard drive:

SHL-xbox-DS9345

With the “possible” user ID of DS9345 it would appear that this is the associated Xbox Live profile:

SHL-DS9345

Note that the games listed as having been played are all Xbox 360 games, showing tha the profile either A) isn’t associated with the same person that was using the XBOX in the Lanza home (which seems unlikely given the seemingly random username) or B) it was carried over by the same user, to a new console. Indeed, the original XBOX’s online functionality was mothballed in April 2010, well after most users would have moved on to other consoles.

However, I suspect that the DS9345 account was actually Ryan Lanza’s, not Adam’s. Here’s why:

  1. Ryan Lanza moved out of the Yogananda Drive home in 2006
  2. Several of the games listed under the DS9345 account came out in 2007 or after (Call of Duty 4, Rock Band)
  3. An Xbox 360 was found in the Yogananda Drive home, along with Xbox 360 games that came out after 2007 (Left 4 Dead, for example), and which are not listed under DS9345’s account.

…thus, it is likely that Ryan brought over his account (DS9345) to his own console in college, and Adam got a new one (the one found in the Lanza home by police) which thus would have to have its own username: Adam’s.

The Xbox 360

The next logical step, then, would be for the FBI to perform the same analysis on the Xbox 360 that was found in basement of the Lanza home in 2012 (it’s on the desk, on the right):

SHL-xbox360-med

Unfortunately, no lab analysis was ever performed, because the console couldn’t be turned on:

SHL-xboxlabreport2

On the surface, this may sound similar to the case of Lanza’s PC and its hard drive. After all, he ejected that drive and intentionally smashed it beyond the point where any data can be recovered:

SHL-harddrive1

..but it’s not the same thing. That the console was deemed inoperable due to “a common problem known by the manufacturer” is almost surely a reference to the “Red Ring of Death” technical flaw that plagued the console’s earlier models, so-called because of the “red ring” of lights that display when one tries to turn on one of the defective consoles:

392140_0_original

an example of the “Red Ring of Death”

There are no official statistics available, but reports range from 30% to 54% as to how often Xbox 360 consoles failed due to this manufacturing flaw. It was something of a scandal in the industry, and cost Microsoft a considerable sum when they had to set up mail-repairs for any machines experiencing the problem.

Certainly, this can accurately be described as “a common problem known by the manufacturer.” However, this does not prevent reading the console’s hard drive.

The “Red Ring of Death” is technically just an indication of hardware failure, but has come to overwhelmingly correspond to a problem with the console’s motherboard; the console was improperly designed to withstand the heat that the processor puts off, and eventually one of the parts connected to the motherboard fails. However, that doesn’t cause any physical damage to the hard drive on the console, which is where a user profile will be found. It just prevents reading the hard drive via that specific console, because the console will not turn on.

Thus, the FBI’s suggestion that the console could not be examined because it “was unable to be powered up due to being damaged/inoperable” is akin to deciding you can’t know what is in the trunk of a car, because the ignition is broken.

In fact, most xbox 360’s (certainly the one visible in the crime scene photo above) have a removable hard drive.

12ac64c6-3306-4899-83f7-eacc209812d7

You wouldn’t even need any fancy tools to find out what’s on that drive; just eject it, insert it into another Xbox, hit the power button and you’re good to go.

False Leads

Combing through gaming accounts may still seem a far-fetched method of finding useful information about the case. Indeed, it might not produce anything significant to the case. That doesn’t mean it shouldn’t be done. As summarized in the opening summary of State Attorney Sedensky’s official report (emphasis mine):

In the course of the investigation, both state and federal law enforcement personnel received a large number of contacts purporting to provide information on the shootings and the shooter. Although many times these “leads” would go nowhere, each one was evaluated and often required substantial law enforcement time to pursue. An abundance of caution was used during the investigation to ensure that all leads were looked into, despite the fact that more than 40 such “leads” proved, after investigation, to be unsubstantiated.

Indeed, among the records of these eventually-unsubstantiated leads, and in addition to the subpoenas covered in a previous post (about the shooter’s Steam account) there are numerous interview summaries showing how investigators exhaustively evaluated reports from gamers who claimed to have encountered a player in the days surrounding the Sandy Hook shooting, whom they believed to have been Adam Lanza:

SHL-emogirls

SHL-battlefieldreport1

 

These people did not encounter Adam Lanza on Xbox Live. But someone else probably did. And, much like Valve Software, Microsoft was not the recipient of any subpoena for the Sandy Hook case; any data they may have has not been seen by investigators, because investigators don’t know what Lanza’s account name was.

This being the case, it would certainly be worth the time for someone with appropriate authority in Connecticut to go into their evidence locker, eject Lanza’s hard drive, plug it into a working console, and see what they find.

Advertisements

About Reed Coleman

email: reedscoleman@gmail.com
This entry was posted in Uncategorized and tagged , , , , , . Bookmark the permalink.

3 Responses to What was the Sandy Hook shooter’s Xbox Live username?

  1. zephyranthos says:

    Great analysis, OP. Unbelievable how haphazard the official investigation was.

  2. Pingback: A couple notes on hard drives | Sandy Hook Lighthouse

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s