Slashdot Mirror
Harvard Bomb Hoax Perpetrator Caught Despite Tor Use
Meshach writes "The FBI has caught the student who called in a bomb threat at Harvard University on December 16. The student used a temporary anonymous email account routed through Tor, but the FBI was able to trace it (PDF) because it originated from the Harvard wireless network. He could face as long as five years in prison, three years of supervised release and a $250,000 fine if convicted. He made the threat to get out of an exam."
Whenever you peel back the layers of an onion, someone is bound to cry.
Science advances one funeral at a time- Max Planck
"[...], but the FBI was able to trace it (PDF) because it originated from the Harvard wireless network."
They were able to trace it, period.
The rest was just made up to make us believe that maybe they could not have traced it otherwise.
Will be giving him his next exam.
"Whenever the cause of the people is entrusted to professors, it is lost." ~ V.I. Lenin
We can either live in a future where little jackwagons can effect a denial-of-service attack on society, or
we can spank the crap out of the idiots so that this kind of noise is minimized. Same goes for rape/hate crime hoaxes.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
And therefore they'll put him in rehab rather than prison.
Unless he's not affluent enough for his affluenza to be strong enough to cover this crime, after all, he called in a bomb threat, rather than killed four people in a drunk-driving incident.
Not neccessarily. His access to Tor via the campus wifi matched the timing of the emails enough to get him in a room, and then he confessed. Without the confession there'd be a lot less certainty of conviction, as the presumption of innocence would probably compel a jury, in the absence of any other compelling evidence, to find him not guilty.
Moral of the story: Don't talk to cops.
(also, don't make false bomb threats. They're stupid)
...but because he was the only one on the whole campus wifi that used Tor that day.
Lesson to learn: Keep your endpoint traffic able to be lost in the noise, or ya' stick out like a sunflower in a coal mine.
I.E. SSH somewhere *THEN* Tor.
Really?! Smart man.
Avoid exam?
Bomb threat!
Police arrive?
Immediately confess!
The evidence itself was completely circumstantial. Without a confession they surely had nothing.
They had no way to prove anything other than:
1. Guerilla Mail was accessed by Tor to send the e-mails.
2. Kim is a Harvard student that recently accessed Tor.
I read the PDF (shock).
It sounds suspiciously like they just checked the logs to see who had visited Tor related websites and then went and interviewed the handful of people who happened to visit these sites within a few days. Maybe interview those who had exams in the 4 listed buildings at the designated time?
Or, possibly, they just checked who had used Tor in the last few days on their network - can you ID a Tor packet by looking at it?
It doesn't sound like they needed to crack Tor.
"Harvard University was able to determine that, in the several hours leading up to the receipt of the e-mail messages described above, ELDO KIM accessed TOR using Harvard’s wireless network."
That's interesting. How exactly did they do that? My guess is that they're keeping netflow records of all traffic flowing across their network border and was able to use that to match his connections to one or several known TOR relays.
They contacted the email provider, who gave up access logs for the mail accounts, which revealed that the user had come from Tor. They could correlate those records with Harvard's own records of who logged into their network and used Tor. They questioned him and he confessed; I bet the number of Tor users at Harvard at that time was small enough to brute-force. This is not an instance of the government unmasking a Tor user, this is good police work and a weak willed idiot.
As far as you can tell from the affidavit, it was detected that the person who sent the e-mail containing the bomb threat was using Tor on the university network. They were not able to prove that it was him.
After he was confronted with the fact that he was using Tor at that time and that the e-mail was sent by someone using Tor he confessed to sending the e-mail. So in this case they were only able to piece circumstantial evidence concerning the Tor use together to get the suspect to confess. It would be interesting to see how much that evidence would have been worth if he'd kept his mouth shut. Also it would be interesting to see how much possibilities the FBI would have (and would show the outside world they have) to prove that it was indeed his computer from where the e-mail originated.
In our next lesson we will learn delayed email deliver functionality. Stay tuned!
Love many, trust a few, do harm to none.
" as the presumption of innocence would probably compel a jury, in the absence of any other compelling evidence, to find him not guilty."
LOL, you believe too much what the tv tells you.
I'm surprised he did it from his dorm (if, indeed, he actually did it). I thought the sensible thing was to go down to the local public library and/or coffee shop (without cameras) and do your shit from there. And if you can use someone else's wireless, you can still use your own computer and Tor.
As for "because it originated from the Harvard wireless network", I'm skeptical.
From the PDF:
<blockquote>9. Harvard University was able to determine that, in the several hours leading up to the receipt of the e-mail messages described above, ELDO KIM accessed TOR using Harvard’s wireless network</blockquote>
Which, apart from the "confession" is the only evidence that the person alleged to have done it, actually did it. Oh, so someone on campus used Tor, at the same time that an email was sent that had used Tor. Therefore the person sent the email, and not someone else using Tor from another place...
HELP MY ACCOUNT HAS BEEN HACKED BY AN ILLIBERAL ART STUDENT SET TO DESTROY THE INTERWEBZ!
also, don't make false bomb threats. They're stupid
Don't make real ones either. They're even stupider.
... to use TOR, but then gave a full confession during an "interview", throwing his right to remain silent (and to have a lawyer present during questioning) out the window?
From the pdf
"Harvard University was able to determine that, in the several hours leading up to the
receipt of the e-mail messages described above, ELDO KIM accessed TOR using Harvardâ(TM)s
wireless network."
So Harvard keeps track of your connections. Still circumstancial but he confessed.
"KIM then stated that he authored the bomb threat e-mails described above."
It doesn't much help his case that circumstantial evidence pointed everyone more or less immediately at the Harvard campus, and thus at the first layer of the 'onion'. Tor is only minimally better (if at all) then straight SSL/TLS if the operator of hop #1 has strong reasons to be suspicious of Tor traffic within a set time period.
what got him caught was confessing to the FBI that he was the one that did it..
they didn't trace anything.. the university was able to determine that kim had used tor over the harvard network the morning the threats were sent. entirely circumstantial evidence, but it was obviously enough for the investigators to pressure the kid into confessing.
He made the threat to get out of an exam.
he won't have to worry about that any more
I expected more from a Harvard student.
A couple of hours of online research should have taught him to, at least, connect through a cracked wifi far from his neighborhood. Or, if he was computer illiterate, to convince someone from another country to send the mails for him.
Also, once he decided to avoid the exam in a way that could land him in prison, why use a method he didn't understand, instead of burning down the building or paying someone to send the teacher to the hospital?
However, the first question I would ask him would be if he had considered that simply approaching the teacher and explaining him that he and all his family would be killed unless the exam was postponed, carried a shorter jail time than a terrorist threat.
In conclusion, clearly in Harvard they are not teaching how to deal with real world problems pragmatically.
Anonymity is useless if the pool of suspects is small enough to make you stand out by using it.
Also, he's a douche and deserved to get caught. Fuck people who think avoiding the consequences of their shitty exam preparaton matters more than an entire university of people losing a workday.
It's another case of "use of a tool which gives you plausable deniability makes you the most likely candidate". Compare multiple-key disk encryption. And guys with stockings over their heads.
Indeed, all they needed to do was log the initial in-the-open connection to the service that then subsequently hides everything.
Also FatPhil on SoylentNews, id 863
The wonderful thing about shows like CSI is that it convinces criminals to implement absurd technical defences when their crimes will almost certainly be dealt with by old-fashioned police work.
No kidding!!! What do you say at this point?
From reading it seems to me that he was caught because of the network he was on. To be able to check that he was on TOR it seems that they (Harvard) are saving all the traffic on the network. During the "interview" they probably claimed they would decrypt that traffic and that made him talk.
An interesting question might be how many other users of the Harvard wireless network where visited by the FBI & interviewed...
(also, don't make false bomb threats. They're stupid)
. . . it seems that lesson is not on the curriculum at Harvard . . .
At least the guy wasn't a law student . . . that would have been even more hilarious!
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
... if you're going to bomb someone, don't give a warning.... JUST DO IT! ...... (I think I just infringed Nikes Intellectual property :( )
Since apparently Harvard is saving all the traffic in their network, everybody should start only using TOR while there.
And even more since one of their own might face 5 years in prison for a bad prank.
When I went to primary school back in the '80s, there was a bomb threat almost every year around exam time at the beginning of summer.
"We mustn't be caught by surprise by our own advancing technology" -- Aldous Huxley
In fact, NSA broke TOR and wrote this nice story so that police looks good.
Was the guy ever catched ? Nope.
Did this happen during an English class?
It doesn't sound like they needed to crack Tor.
Of course, if the NSA has easy and simple ways of cracking Tor . . . they're not going to brag about it anyway:
"Go ahead, keep using Tor . . . it's safe and we can't crack it . . ."
Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
I thought Harvard students were smarter than that.
As for bomb threats c'mon if you manage to pull it off its funny. I remember in mid eighties when real bombs were going off in Paris, some joker phoned our school with a bomb threat. The result ? Every kid got to have an early day off. Was the guy ever catched ? Nope. You could say it was incompetence from the french cops. But who knows. It was pre internet, it was pre everything. And no surveillance society either.
Yeah, you might want to take some vacation, far away, and fast.
It's kind of funny; in the instance of a network that log connection with very few tor users, NOT using tor would have been more efficient at hiding is identity. Should have gone the easy route of seven proxies.
They didn't know it originated from the wireless network. They knew it came from Tor. I could have sent it, for all they know. What they did know was the time it arrived. They played a hunch that it came locally (someone who planted/discovered the bomb on campus) and checked to see who had used Tor on their network at around that time, it's plain old fashioned detective work.
Put the suspect in a room with an interrogator and extract a confession ("We have you on the Tor network the exact same time the email for the bomb hoax came through", "You were the only person using it at the time (whether that is true or not) so we know you did it", "This will go a lot easier on you if you confess now"). Will the confession stand? Did they read Miranda rights? Was he offered legal council?
This reminds me of the news the other day - there have had a few bombs going off recently in Northern Ireland - with warnings. Anyhow, on Monday the news said that a man was being treated for burns in Belfast, which was thought to be linked to sectarian violence, my first thought was "FFS, now they're setting each other on fire", quickly followed by laughter when it turned out the incendiary device he was carrying detonated - serves the stupid fucker right.
The FBI says:
" KIM then stated that he authored the bomb threat e-mails described above"
So the guy admitted it.
Admittance is not fault of TOR, but of the guy's low intelligence. Case dismissed.
... and they are not going to use it for this kind of case.
Harvard University was able to determine that, in the several hours leading up to the receipt of the e-mail messages described above, ELDO KIM accessed TOR using Harvard's wireless network.
which means one of a few things.
1. begin the witch hunt. anything that coincidentally happened to access TOR be it a botnet infected laptop or a freshman at a bus stop is now suspect for everything from the bombing of the USS cole to the assassination of president Lincoln. The government gets its boogeyman and Harvard gets its scapegoat for an occurance that happens across countless colleges every year, but means something only because its inconvenienced the children of the cloistered elite.
2. Harvards wireless is more than it seems. Terms and conditions, network traffic, as well as any requisite clients or software installed should be subject to analysis and investigation by students and staff. greyhat and blackhat alike should find this system of access points intriguing if only for the aformentioned quote.
in my opinion its probably the latter. students and faculty should cast serious suspicion on the part of Harvards network. an independent investigation into the nature of its operation needs to be conducted and any nefarious evesdroppers exposed. If nothing is found then its a clear case of parents with more brass than sense out for blood.
Good people go to bed earlier.
Why do you want the best for this dipshit?
If you're *innocent*, don't talk to cops.
If you're guilty, spill the beans immediately.
You seem to want to encourage criminals to waste the whole legal system's time? (Which, like everything in the end, is paid for by honest tax-payers.)
Also FatPhil on SoylentNews, id 863
It's another case of "use of a tool which gives you plausable deniability makes you the most likely candidate". Compare multiple-key disk encryption.
That's one of the major reasons Tor users encourage others to use Tor too. Same with encryption.
Depends on who the "you" is. The list of entry nodes is public knowledge. Telecoms/Government agencies probably keep historic lists of entry nodes. So it should be trivial to show a connection to the Tor network. The PDF implied (to me) that the FBI just crossreferenced Harvard's log with their list of entry nodes.
To technically answer your question: Tor packets don't have a unique signature, but they all are of a known size.
This is one of the best-known ways to deanonymize people using Tor: timestamping entering traffic and exiting traffic. Tor itself explains they have no theoretical way to fix that issue and still maintain a system that is low-latency (there may have been a third feature as well, where they got to pick-2-of-3).
Your ad here. Ask me how!
What he should have said is he was browsing Silk Road but didn't buy or sell anything.
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
Most criminals are caught because they are stupid. And most criminals are stupid or they wouldn't get into crime in the first place. On balance, crime is a very high-risk / low-reward activity, so you have to be stupid or desperate to think it's a good idea.
"better... THAN", not 'then'...
Fuck you, bitch.
And thus, the latest plot for the next NBC television show is born. Rogue college student calls in bomb threat and is caught. He must now serve time with the FBI profiling other rogue college students whilst getting into trouble and being generally dubious. In the end, we learn it was all a huge scheme and he actually worked for the CIA.
I should use Tor so I also get a visit from the cops every time something happens? No thanks.
Precisely this. Harvard keeps flow type logs, they found someone using tor. Pigs barfed on him, he cracked and confessed. The kid's a fucking retard, mostly for cranking people.
Please, don't use Tor to harass and be an asshole.
Real freedom fighters need Tor, not you and your lulz.
See who else really needs Tor: https://www.torproject.org/
And quit being assholes.
legal council? probably not. he's a terrorism suspect after all!!
world was created 5 seconds before this post as it is.
Why is the pdf formatted so badly, do FBI need introduction to LaTeX?
For an exam there are other solutions to skip out.
a) Redo the exam next year. If you have a problem with exams in general, see a psychologist. If you were only lazy, learn the next time.
b) If this is your last chance to get through. You could be sick, you could go to a doctor or psychologist who provides you with proper papers to skip the test.
c) You could realize that the topic your studying is not the thing you are interested in and find something else which is interesting.
d) You could throw a butyric acid into the hall of your university. Ok this would get you into real trouble, but not into prison for 5 years.
e) You could have an accident with a car. It could also be helpful to support option (b).
f) You could really try to go to the exam. What could possible happen bad? You fail. And? Your still alive. You could still find a way through live for yourself.
It seems they are cutting ethics classes in the Ivy league these days.
So, basically FBI didn't see what was sent through TOR, it just happened that this student was apparently the only one using TOR at that time.
For all you future dissidents, spend a little time reading docs and use obfuscated bridges when accessing TOR, because your ignorance hurts the project's publicity.
Moral of the story: Don't talk to cops.
You missed the part where he didn't want to take an exam. If he hadn't confessed, he would have had to take it. So he really didn't have a choice.
Ezekiel 23:20
(also, don't make false bomb threats. They're stupid)
Does this mean real ones are smart?
Everything I write is lies, read between the lines.
Rule #9 of the American Justice System: To a jury, any doubt is reasonable; the better the case, the worse the jury; a good man is hard to find, but 12 of them, gathered together in one place, is a miracle.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
If he'd just called it in from a pay phone, they'd never have found him.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
Whether they're guilty or not, they're gonna lie. Everyone lies. Murderers lie because they have to; witnesses and other participants lie because they think they have to; everyone else lies for the sheer joy of it, and to uphold a general principle that under no circumstances do you provide accurate information to a cop.
Slashdot still doesnâ(TM)t support Unicode after it was added to the HTML standard in 1997.
got it...make real ones instead. i understand what you're saying
The PDF says he signed a waiver of Miranda rights.
The linked article is confused... but Emerson Hall houses the philosophy department, so it was a philosophy final.
Which is incredibly ironic, since those are generally a matter of opinion or history, which means he could likely have passed it in any case, given that he was a psychology major with a minor in Japanese, so it was kind of a pass/fail class for him anyway. I wonder if any of the news organizations have talked to Professor Gary King (Kim was his research assistant).
(also, don't make false bomb threats. They're stupid)
. . . it seems that lesson is not on the curriculum at Harvard . . .
At least the guy wasn't a law student . . . that would have been even more hilarious!
Was he a Comp Sci student?
That's one of the major reasons Tor users encourage others to use Tor too. Same with encryption.
Unfortunately, tor is so damn slow that it is virtually unusable for anything that doesn't absolutely have to be hidden.
Result: only people who have a very good reason to do so will use tor...
Or has it become faster in the recent years?
that would be a big red flag because, you know...Silk Road is shut down.
never bring a twinkie to a food fight.
Remember the days when this story wouldn't even have made the local paper? Seriously, 25 years ago your average school saw one of these every few years. It headlined the school paper, the local cops investigated, but the FBI? National news? Heck no.
Who needs terrorists when we now pay large corporations and government agencies to spread panic? Quit terrorizing the nation to protect your job security and let me know when something actually blows up.
And in lesson three, we'll learn the age old trick of going down to the local busy Starbucks with a fresh install of *OS and then use the Tor. This might extend the time it takes the feds to knock on your door to over 24 hours!
What other people think of me is none of my business
maybe he was told that better to confess since they "know" it is him.
wouldn't be the first time, you know.
world was created 5 seconds before this post as it is.
(also, don't make false bomb threats. They're stupid)
I work at a University. You can always tell when the exam periods have started by the fact that you are constantly seeing fire engines on campus.
Students do the most stupid things to get out of doing an exam they have not prepared for.
I have also seen fake student IDs so someone else can sit the exam and other dodgey dealings. It sucks for the staff (I have lost count of the amount of times I have had to evacuate the data centre/office due to a fire alarm) and also screws over the other students since they often need to resit the exam. It also costs the university money since they get charged for every fire department response.
Unionist clod!
Too late. Ass hats have already doomed Tor. For example, last week one of my sites was attacked via the Tor network, so now all my sites block Tor. Won't be long till most people do.
You missed the part where he didn't want to take an exam.
He didn't want to take an exam that day (probably because he had started studying way too late). He wouldn't probably object taking it 1 week later (or whatever date it would have been postponed too).
If he hadn't confessed, he would have had to take it. So he really didn't have a choice.
Even that is no guarantee. Maybe the cops will "allow" him to take the exam from prison?
Just study, it's easier.
Moron. I don't care how innocent or guilty you are.
Don't talk
Demand a lawyer (only time you can talk)
Don't sign anything
Don't fucking talk!
Did I mention not talking?
By the time your lawyer arrives you should need a glass of water because your lips will be stuck together from all the not talking you were doing.
Or, and I'm just spitballing here, don't do any of that. Instead, use persuasive arguments to convince people to follow your will instead of trying to impose it via violence or threat of violence. Or even, if what you want people do do is legal to pay people to do, try that.
Can you be Even More Awesome?!
Considering that if it is a real threat (i.e. there's a real device planted) then yes, a real bomb threat is smart, in that it gives time for people to be evacuated.
Now actually *planting* a device in the first place is stupid.
... and they are not going to use it for this kind of case.
Bomb threat from unknown source? Boston? Possible foreign connections? The NSA is allegedly supposed to be involved in investigation of terror threats. It's the other stuff they're doing that's got people upset.
Any lawyer worth a Harvard education would bring up MAC spoofing.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
They will if the target is one of their political opponents :-)
"The student used a temporary anonymous email account routed through Tor, but the FBI was able to trace it"
It would seem that the Harvard wireless network is bugged.
True enough. Never let it be said that amphetamines are a perfect substitute for sleep.
Wrong, the moral is to study hard and stop attempting to make excuses for your failures.
But if it were a rich kid hed most likely get away with it as " it was just a joke and i didnt know any better"
Real freedom fighters need people to use Tor so they have some anonymity.
The ultimate irony is that even if Mr. Kim had taken the exam, and failed it, he still would have earned an 'A-' in the class.
Now he will suffer the ultimate punishment for a Harvard student: he'll get a 'B'.
Is that more or less work than actually studying for the exam?
Didn't you know it's back up and running for all those who don't understand about honey traps.
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
It's better than it used to be but it's still not going to win any speed awards. Does allow access to sites my arsehole government have blocked though.
Will only get worse now the great firewall is active (with auto opt-in for new customers), which btw doesn't just censor porn but also 'extreme political speech', I'd like to know who the fuck gets to determine what's extreme politics I can't view or not, personally I think it should be me, the government think otherwise.
I'd even extend that to: Don't make bomb threats. Also, don't make bombs.
Yep many people think serving on a jury is about getting a conviction.
Seven was good enough for Serenity. Oh, and Voldemort.
Defending IP by destroying access to it? That makes sense, RIAA/MPAA. Go to the corner until you can play nice!
So, that spelling's better then?
"When information is power, privacy is freedom" - Jah-Wren Ryel
No normal person calls in a bomb threat to get out of a final that will at most just end being delayed.
That YOU were (and are) an idiot doesn't mean everyone is. If your moronic logic was true, then the phone at your average school would never stop ringing. This guy (and since you clearly identify with him, you) is an asshole who thought nothing of creating a major nuisance for teachers and students because he wanted to get out of an exam. Ten to one you and him are the type who then later grow up... grow older and at the slightest provocation threaten to sue anyone and everyone for any delay or inconvenience.
It is the eternal excuse of the asshole: Everyone does it.
Nope.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Also, don’t make REAL bomb threats either. And don’t set off bombs to kill innocent people.
I think that’s good advice too.
Please, don't use Tor to harass and be an asshole. Real freedom fighters need Tor, not you and your lulz.
Almost everyone needs anonymity, at least some of the time. The more people use Tor (without cheating), the more robust is the network, so your uppity attitude is completely out of place. Tor is for lulz as much as it is for freedom fighting.
If well deserves some kind of punishment, i wonder how much punishment gets people that do real damage and actual consequences, like drunk drivers (that may have killed several people), rapists, or even people that beat others leaving them maybe permanently injured (and lets not touch the consequences of lying to the congress or stealing trillons). What used to be a practical joke it seem to worth more than things with real life consequences in the actual society.
No need to minimize your damage with a threat first if it's "real". Never let them see you coming.
LOL Fitting
http://www.youtube.com/watch?v=-HH3QdNAY_E
owned like an AC
How did they get from "a MAC address connected to our wireless network that's accessing Tor" to "Mr. Kim"?
(Third feature is minimizing bandwidth)
You can easily design a system with good anonymity and low-latency: arrange your network like a daisy chain. Timing and statistical attacks are useless when SNR is that low.
-- I was raised on the command line, bitch
Moral of the story: Don't do stupid shit like bomb threats. Really I can't believe anyone is idiot enough to do that shit above middle school age. To get out of a fucking exam? He deserves jail just for being an idiot.
College students are allergic to studying. It gives them hives and agida.
Common mistake for people speaking English as a second language. I doubt the AC can speak more than one language, because if he did, he would probably know this ;)
Except he didn't actually send the bomb threat! He only confessed to that lesser crime because what he was REALLY doing was seeding a pirated release of Gravity, and he knew if the police continued their investigation they might find out and he'd end up in jail for 10 years and have to pay $3 million in fines.
If you weren't ready to make that post, you could've called in a bomb threat.
#DeleteChrome
I think it is also worth noting that this is coming from Harvard. Not to say that other schools don't have similar issues but my point is that this is a very high end, private, and expensive university. And that that most of the people there are expected, and that is probably putting it lightly, to excel.
My point is that the higher the stakes the more people tend to be willing to do. Whatever those stakes may be. Be it some personal drive, parental urgings, or whatever. (And I'm talking about people that would otherwise be rational.)
Really, I know what I'm doing...Ohhhh, look at the shiny buttons!
If he hadn't confessed, he would have had to take it. So he really didn't have a choice.
Even that is no guarantee. Maybe the cops will "allow" him to take the exam from prison?
He probably preferred to be examinated...
I knew I should have added the joke tag. Damn.
Ezekiel 23:20
As a general rule, people resort to violence or threats of violence when their options for working within simple arguments do not work. There are very few nice ways to deal with a much more powerful foe who has no interest in compromise or capitulation.
One of the things I love about english is it has so much error correction built in that, even if one is going to be snarky about such mistakes, readers still know exactly what the person intended.
the *average* grade at Harvard is an A or A-. Was worried about returning in shame to home with a B+?
"The median grade at Harvard College is an A-, and the most frequently awarded mark is an A, Dean of Undergraduate Education Jay M. Harris said on Tuesday afternoon, supporting suspicions that the College employs a softer grading standard than many of its peer institutions."
http://www.thecrimson.com/article/2013/12/3/grade-inflation-mode-a/#
Actually, the Silk Road is back.
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
More work of course, since it has real life applications, not like the mumbo jumbo you study in school.
Love many, trust a few, do harm to none.
Are there no Paneras, McDonalds, Starbucks, or any number of a million other places offering free wi-fi near Harvard?
What's the matter, grandmothers don't die any more?
You are welcome on my lawn.
Is that more or less work than actually studying for the exam?
Ever met a truly lazy person?
You'd be amazed at the amount of work they're willing to do to get out of the work they're supposed to be doing.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
I agree with GP. Once the NSA admits that they have this capability they will no longer be able to use it as people will stop using Tor.
Now, I am not saying that the NSA can crack Tor, or that it was necessary in this case.
#OopsSec - On catching the Harvard bomb threat suspect using Tor.
https://blog.ageispolis.net/oopsec/
Or, and I'm just spitballing here, don't do any of that. Instead, use persuasive arguments to convince people to follow your will instead of trying to impose it via violence or threat of violence. Or even, if what you want people do do is legal to pay people to do, try that.
Quite the damning condemnation of American government you've posted there, considering their policy is, apparently, to lead with violence.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
Was the guy ever catched ? Nope.
Did this happen during an English class?
In OP's defense, he did already admit to being French.
Oh, wait - I guess that's not really a defense, is it?
An enigma, wrapped in a riddle, shrouded in bacon and cheese
In a news story, the NSA would look good simply by breaking Tor....no need to make shit up. Tor is already a den of drugs and child porn to 99% of the .2% who know anything about it.
One would expect he is kicked out of the university now. No more exam for him!
Not sure if this should be troll or insightful. I mean in all seriousness, people who make bomb threats tend to not be the ones capable of carrying out the crime. If you are going to commit a crime, you just do it, you dont go around bragging about it or making threats.
have you seen my sig? there are many others like it but none that are the same
People, read the docs before using something. You only make yourselves a more noticeable idiot for the NSA and friends [without doing so].
The problem is that other people are stupid and don't listen to persuasive arguments. They just want to follow their dumb political party because of the lies they have been told (and firmly believe regardless of your persuasive argument). They believe in strange myths and you can't fix them.
It sucks for the staff (I have lost count of the amount of times I have had to evacuate the data centre/office due to a fire alarm) and also screws over the other students since they often need to resit the exam.
It also sucks in the rare case you work in a lab that has an actual fire during or even near exam week. The fire fighters have some idea of what point in the academic schedule it is. And while I won't go as far as to say they took their time, they clearly had a different attitude than normal and a "Oh Shit" reaction when realizing there was an actual fire burning, even though there was both a fire alarm pull and a 911 call.
I'm against true bomb threats, too. Just sayin'
sadly you are right. Fake or real, this is in fact the kind of threat the NSA is supposed to be following up on. But then they would have to do some actual work
have you seen my sig? there are many others like it but none that are the same
There is a way, it's just not feasiable (would destroy the low latency). You have to encrypt zeros when you have nothing to say, and transmit that when your connection would otherwise be idle. By doing that everyone connected to the node would have a constant 100kB/s or so of traffic to and from the node and you wouldn't be able to identify if the connection is idle or not (and thus can't corelate it to page access). Implementing it would greatly increase bandwidth requirements on the nodes, and that would destroy any low latency requirement they are trying to meet.
You should just block all of the internet (may I suggest just cutting the cord), because, you know, attacks can come from there too.... stupid to just block tor because your system was attacked (or do you mean your system was penetrated, not just attacked, in which case you are a moron for not properly securing your systems).
It's a cost benefit thing. I have no benefit for allowing penetration tests from Tor, or any anonymous connections for that matter, with the huge potential cost if they manage to find something.
BTW, calling someone a moron as part of your argument means your argument is probably moronic.
If by "excel" you mean "pay up for straight As", then yes, they're expected to excel.
English is also my second language. Could you explain the joke?
Also, if I'd meant penetrated instead of attacked, I would have said penetrated instead of attacked. because, not being a moron, I know the difference between those words.
Also, its pretty moronic to have a site on the internet and not monitor traffic to your site for attacks, or to not take action to stop attacks when they occur.
I don't think this guy should do jail time but I DO think he should be kicked out of Harvard (and given an automatic F for the class he was trying to avoid finals for. The incident should also be on his record but no fine or time. Being kicked out of Harvard and a felony on his record should be enough to ruin his future and indicate what kind of scumbag he is.
I miss the Karma Whores.
Harvard, sociopath, criminal. That is some megacorporation's new CEO.
The only thing worse than a Democrat is a Republican.
It was the right thing to do. Of course he should have never sent in the threat to begin with, but now countless man hours and dollars have been spent tracking him down. Which IMO, is the right thing to do in this case.
Maybe if he hadn't admitted it they'd still be spending resources trying to find someone. What you call a mistake, I call the best possible outcome after he made such an idiotic decision to begin with.
I'm able to watch HD Youtube videos on TOR.
My workplace blocks YouTube but sometimes there are informations that are pertinent to my work, on youtube. TOR is blessing for that.
TOR is not an entity and even if they managed to get hold of the exit node there is no logs left there to point back to the previous node and so on.
All you really needed to do was pull a fire alarm just before the exam. By threatening with a bomb you not only escalated the level of involvement by "the authorities" when you got your butt caught -- don't you think that campus police would have been a better bunch of folks to have to deal with than the FBI -- but you'll likely never be allowed to set foot on a commercial flight for the rest of your life even after you've served your time. (In today's climate, one never really pays their debt to society. You're punished forever.)
CUR ALLOC 20195.....5804M
Lesson 4, avoiding video surveillance in the Starbucks. The cops could certainly question the handful of people using a computer after figuring out who they are from the pictures. They'd probably want to focus on the person seen using a CD or USB stick with that live distro.
So do it from outside the store --- but that looks even more odd and there are cameras everywhere.
What changed under Obama? Nothing Good
This is the definition of terrorism. Throw him in GitMo.
If (b) and (c) were possible, there would be no point to Tor. It's a tool, not some company you can subpoena. They got the fact that it was through Tor from guerilla mail, and the fact the the student was on Tor at the right time from Harvard.
Say what? Why not just buy a cheap USB wireless stick (paying cash, of course) and send the message from a car parked outside of Panera Bread (or any other unsecured wireless network) and then throw the stick into the nearest storm drain? The only thing you have to do is use a MAC address not already registered in Harvard's DHCP tables to the student. While a proper geek would then edit the internal logs of the laptop -- a REAL geek on their LINUX (or possibly Mac) laptop where the logs are in straight ASCII and bone simple to edit -- to remove all trace of the DHCP connection and the MAC address of the stick. But even if they didn't do this, the trail ends at Panera, assuming that the student didn't go inside and get his face captured on the store video or the like. They would have to examine the logs of every laptop on campus to find the perp otherwise, and of course they'd never get a judge to agree to that.
I'm tempted to joke around about how multiply stupid this Harvard kid was compared to Duke kids -- not only failing a course but too stupid to even send in an anonymized bomb threat by email in an untraceable way -- but sadly to my direct experience there are Duke students who are (or have been in the past) just as criminally dumb and this is a real tragedy and not really something to joke over. The poor kid is probably sitting around in a daze trying to figure out how what happened, how he went from being a struggling (but probably really pretty bright) student at one of the best universities in the world to being a plea-bargained felon working off a hundred-thousand dollar fine selling coffee and cleaning toilets at Starbucks with no hope of ever attending anything better than a community college for the rest of his or her life.
Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
You DID remember to spoof your MAC address, right?
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
Congratulations the reward for correctly calling it was $1 million. Your reward will be split equally with everyone else who called it so you get $0.01 which you can claim at any time. Just send a self addressed stamped envelope to the Boston PD and they will mail you your penny.
-AndrewBuck
"TOR, which is also available free of charge on the Internet and which automatically assigns an anonymous Internet Protocol (“IP”) address that can be used for a limited period of time."
Considering that's not really how it works, I'm surprised this expert agent was able to track him down at all, lol. Although...
"KIM explained that he sent all of the bomb-threat e-mails from his MacBook Pro Laptop"
Now that narrows it down a bit in the access logs. I still can't figure out how they can detect the difference between TOR traffic and normal encrypted traffic like HTTPS-related traffic on their network. There had to have been 100 people on Facebook whose traffic looked exactly like Tor traffic. Is there some sort of initial identifying burst when Tor first launches that identifies the traffic?
Now, THAT is something I can get behind.
Scenario A: I actually want to kill a bunch of people. WTF do I want to call it in for? Am I hoping that I'll get MORE people after they have evacuated the building?
Scenario B: I just want to get out of a test. Isn't it simpler just to start a fire in a trash can, and pull the fire alarm? You might get caught, but I imagine the penalty is less for a simple case of arson, than calling in a bomb threat.
"Windows is like the faint smell of piss in a subway: it's there, and there's nothing you can do about it." - Charlie Br
You spent a lot of effort on this post, but you need to study tor a bit more. It's a collection of services and protocols. You might as well as talk about sending a subpoena to email. There is no email entity -- it's a collection of services and protocols. There are developers who write the programs that people can use either themselves or more commonly through a third party provider of email services (that third party is not "email" in an entity sense however). When you connect and use such services, it leaves obvious traces on the network. But you can't drive up to email's corporate offices -- they don't exist.
That's what happened to this guy, he used tor on the Harvard network, and the FBI probably just went and interviewed everyone who was using tor around the time of the emails. He was given a Miranda warning, ignored it, and then he caved. Case closed.
I think the main takeaway here is that sometimes, being anonymous makes you stick out like a sore thumb.
What changed under Obama? Nothing Good
... and they are not going to use it for this kind of case.
Bomb threat from unknown source? Boston? Possible foreign connections? The NSA is allegedly supposed to be involved in investigation of terror threats. It's the other stuff they're doing that's got people upset.
Why would the NSA crack TOR to spy on terrorists and such like they're supposed to when they can be stalking potential love interests and making sure their Significant Others are faithful?
Not only the feds sent a warrant to TOR, they also sent one to TCP/IP!
I stand corrected.
Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
I have absolutely no doubt what you say applies to this case, and also as you say, to many others.
Also FatPhil on SoylentNews, id 863
Except he sent the email 30 minutes before the exam, because he was desperate at the last minute.
Also, news at 10pm: Desperation makes teenager do stupid stuff.
I'd be very surprised if you could access the wireless network without logging on, WPA Radius would be my suspicion. I guess you could claim someone had stolen your password but still doesn't sound too 1337 to me.
If you think someone isn't free to have a different definition of "freedom" you may be a tyrant.
I once told a student "If instead of computing what you needed on the final to get an A to three significant figures, you put that time into learning physics, you'd be more likely to get an A."
Suspect? A *guy from the same class* on TOR at the time the TOR email arrived ... it's not proof, but that's a tall situation to escape.
OK, so the warrant idea was dumb and I should have taken more time to learn how TOR worked. But now that I've taken the time, consider the possibility that the TOR server one connects to belongs in fact to the NSA or FBI in the first place, or that they simply implement their monitoring and control on the upstream ISP feeding those servers. Note that the content of the message is irrelevant -- all that mattered was that a Harvard IP connected to a TOR server in the right general timeframe. It's actually interesting to see how one can attack TOR (beyond the scope of TFA) -- own enough of the toplevel servers and you quickly get an idea of who is connecting from where (and start to build a pretty good map of the intermediate nodes). Own enough of the intermediate nodes, and you begin to have enough keys to be able to decrypt intermediate traffic (the French claim that the critical number is around 1/3) and can probably identify nearly all of the exit nodes. So the really big question is -- when you hook into TOR, are you really hooking into a network of nodes contributed by freedom-loving selfless volunteers who are willing to donate substantial network bandwidth and processing time, or are you hooking into a network of nodes thoughtfully provided by the NSA through numerous plausible looking fronts, saving everybody the trouble of implementing a man in the middle attack by BEING the man in the middle?
From what I could glean, it looks like there is a very good chance that TOR has been spanned by the NSA for quite a while now. And how could one even tell if this is the case? Because there is no central authority, AFAICT anybody can contribute resources and there is no way to check on whether the resources are being contributed by people who support the concept or are seeking to subvert it. The entire model relies on the intermediate nodes being MOSTLY trustworthy, and it is almost certainly not valid if any significant fraction of those nodes are subverted. It also relies to some extent on there being "many" connections to the servers at any given time and not "few", partly because again AFAICT there are only three node hops in between, and because the nodes do not know if the traffic is a block message or keystrokes in a real-time interface they cannot institute any sort of systematic delay. Few to few connections can easily be sorted out if owns enough of the servers and/or nodes to be able to create a reasonably accurate table of all of the nodes AND are presumed to have access to the intermediate routers or the routers feeding particular services. I couldn't do it, but the NSA and by extension the FBI? Deep pockets, very smart people.
rgb
Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
Someone could have ratted him out. Its a technique that has been used since the dawn of communication.
My sig has no nature
Brilliant, sir, excellent dark humour skills and use of irony.
The old fashioned police work in this case involved the cops asking him "Did you do it?" and him going "Yes".
I read the internet for the articles.
TOR already is a daisy chain, so no idea what you are talking about.
He used TOR over wireless, yes that's easy to detect, but it appears to me his confession did him in, not that useless bit of evidence that he used TOR.
So without the confession did they have them?
I must be missing something.
"If any question why we died, Tell them because our fathers lied."
http://www.youtube.com/watch?v=6wXkI4t7nuc
Don't talk to cops. Period.
I read "I expected more from Harvard" and naively assumed that we were speaking about ethics.
Duke doesn't require you to authenticate your wireless device every time you connect, and I doubt most other Universities do either. It does require you to register your device MAC address (in an authenticated session). In fact, at this point Duke might require you to register wired addresses as well. Unregistered devices get kicked onto an anonymous network outside of a firewall, so visitors can get internet access without getting a "Duke" IP number. Duke controls its own outgoing PoP, of course, so it effectively logs all connections into and out of the Duke domain. As was pointed out above, this was more than likely the method used to identify the student at Harvard -- simply look for a Harvard IP that connected to a TOR server (and obviously, the toplevel TOR servers HAVE to be publicly known or nobody could connect to them) at the right time. That time AFAICT could not be delayed as some have suggested by TOR itself because TOR doesn't know what you are connecting to and has to treat all connections as though they might be real-time keystrokes. You'd need an anonymous, non-logging mail server with a delay on it on the far side to put any sort of substantial desynchronization between the connection and the mail message -- TOR itself cannot do it unless I'm still in error after reading about its architecture for a while.
Regardless, anyone even slightly 1337 would have at the very least gone to starbucks or an internet cafe and THEN used Tor, or bought a disposable USB wireless interface and used the anonymous network or (best) both. No possible way the FBI could have backtracked a cash purchased USB stick from a store with no video surveillance used from an alley next to (but not inside) a Panera Bread while wearing a wig and makeup one dons in the restroom of a giant mall connected to TOR, even if the NSA actually "volunteers" most of the toplevel TOR servers and half of the nodes and/or maintains a running map of all of the nodes (which I'm pretty sure they do regardless of how many they actually provide). I mean what's ten or twenty million dollars in hardware to the NSA, if it gives them a chance to monitor most of the traffic through a supposedly secure onion network? In the end, the Internet does not allow one anything like non-subvertable security of connections, only the data content sent over those connections. I doubt that even the NSA is likely to be able to decrypt e.g. 4096-bit key-secured traffic EXCEPT by obtaining the keys.
rgb
Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
I did that once, but Doc Brown didn't read the letter, and so I had to take my exam, and he was killed by the Libyans anyways.
-- Marty McFly
It's really hard to know how universally safe tor is. Maybe it protects you against Chile but not the NSA. Obviously, the Feds have a lot of money and can deploy a lot of tor systems. Shifting the discussion a little bit, from anonymity to privacy, I'm basically skeptical of all technological means at maintaining privacy, for several reasons: 1) it's super easy to screw up and leak information (this bomb hoax being a prime example). 2) Encryption acts more as temporary barrier because inevitably, it is cracked or technology makes brute force trivial (and before someone says "one time pad," figure out how that's going to work for everyday stuff). 3) It leads to rampant paranoia, for example, the people behind tor are probably good privacy minded people and not some NSA pricks -- but I don't know. Not knowing whether a system is safe or not has a chilling effect on free expression. Of course, Greenwald and Snowden suggest tor, but I'm sure that's just one stage of a multilevel system.
I'm not advocating abandoning encryption etc., but I think that without strong legal protections which make privacy violations a serious crime, even if done by the Feds, we will never really have privacy (which is a necessary component of freedom). Instead, we'll have technological systems that people trust for a time until someone gets burned and then we'll shift to other systems. But that's not a real solution and it will suck mightily for those sacrificial lambs who get roasted.
What changed under Obama? Nothing Good
Rather than gleaning, you should simply read some more. These questions have all been answered. If you're targeted well in advance and if you make one of a number of mistakes, it is possible to track you through TOR.
Retroactively?
No, very clearly no.
Fresh install? You mean running a live CD over and existing Windows XP install that only has malware and cat pictures on it.
You might want to google Lafayette. Without the French, their fleet, money, and other support, GB might well have been the victor in the Revolutionary War. In that light, the French jokes aren't really all that funny.
http://en.wikipedia.org/wiki/Gilbert_du_Motier,_Marquis_de_Lafayette
What changed under Obama? Nothing Good
Seven proxies, or, you know, going to one of the THOUSANDS of public wifi networks in the Boston area. This guy is just a reminder that just because Harvard is prestigious doesn't mean their students are particularly smart. Just rich and well connected.
MIT professors are often fond of pointing this out, as anyone who's thoroughly perused the Open Courseware they have up will know...
Yah, please stop using Tor unless you're a real freedom fighter or otherwise engaged in opposition. It helps us figure out who you are more easily than if just any asshole uses it anytime.
Love,
The NSA
Giving french credit for success in the revolutionary war is akin to still hating the english for their treatment of us as a colony. The ship has sailed on it still being relevant.
except without French money guns and ships, there would not likely be a USA at all. Under your logic, you might as well say Washington, Jefferson, etc., are totally irrelevant to America too.
What changed under Obama? Nothing Good
It's actually quite usable these days.
Another day, another effort by the owners of Slashdot to, CBS style, promote official NSA propaganda to the sheeple of Slashdot.
The owners of Slashdot wish to IMPLY using services like Tor, or encryption in general, is a waste of time. With nonsense about how 'magic' NSA technology can recover properly deleted HDD files, they lower the likelihood an average sheeple will use good security practices in this way too.
Here's what REALLY went down. The police KNOW the common patterns of criminal behaviour, because while every criminal with an above average IQ thinks they are UNIQUELY inventing a fool-proof criminal plan, the criminal is an INDIVIDUAL, and the police have access to the STATISTICALLY common thought patterns of all classes of criminal. 'Smart' criminals find the same 'smart' solutions independently, and across time these common 'clever' solutions are logged by law enforcement.
So, if an anonymous bomb threat is received disrupting exams...
1) the perp will be a student (or associate of the student)
2) the perp will have an 'academic' reason to want the exams disrupted
3) the perp, by willing to go this route, will have clearly defined psychological issues, many of which will have manifested themselves visibly to others in the past
4) if an 'anonymous' method was used to make the threat, a list of possible users of such anonymous tools at the time can be made
5) the psychology of idiots that make bomb threats is fragile- such people can be made to 'crack' by falsely claiming to have evidence against them. Then, their 'confession' becomes the main evidence in a future criminal case
NO PART OF THIS PROCESS SHOWS A WEAKNESS IN TOR. NO PART OF THIS PROCESS SHOWS A WEAKNESS IN USING 'STRONG' ENCRYPTION. No part of this process shows why using GOOD security practices is a waste of time. This loser is just another DUMB 'smart' criminal. The jails are full of such geniuses. Did you know the MOST difficult criminal is actually the dumb one with street smarts, who knows something about police procedure, but also randomises his behaviour without ever consciously thinking about this.
The 'smart' criminal follows standard, highly predictable thought patterns - you see the 'optimum' solution can usually be anticipated. The BEST criminal solution is actually a solution so 'stupid', it is unique and outside common pattern analysis, confusing those that investigate. There as almost ZERO highly intelligent police investigators, but the majority of investigators are EXPERIENCED and well trained.
Anyway, this sociopathic jerk will hopefully get what he deserves. Any sick scumbag who thinks the inconvenience of hundreds is fine if it serves his own interests deserves to be strongly labelled and ostracised from civilised society.
You might want to google Lafayette. Without the French, their fleet, money, and other support, GB might well have been the victor in the Revolutionary War. In that light, the French jokes aren't really all that funny.
http://en.wikipedia.org/wiki/Gilbert_du_Motier,_Marquis_de_Lafayette
The surgeons called - I'm sorry to tell you this, but your sense of humor didn't make it.
I send my condolences.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
except without French money guns and ships, there would not likely be a USA at all.
Speculation at best. You never know - maybe without the support of the French, the colonists would have worked harder to establish a solid relationship with the natives.
But since it didn't go down like that, all we can do is speculate. Or not, since what *might* have happened has absolutely no significance, historical or otherwise.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
http://xkcd.com/538/
It gripped her hand gently. 'Regret is for humans,' it said.
I completely agree. I tend to trust high end encryption because I know something about how difficult the problem of cracking a serious cipher with a large key is -- even brute force attacks simply aren't tenable for the good ones. 4096 bits is 2^4096 approx 10^400 permutations and 100 billion years with every atom in the visible Universe a computer still aren't enough. Of course this time can be substantially reduced if one discovers mathematical weaknesses in the encryption or if people do stupid things, but I think e.g. GPG and SSH are pretty reliable when implemented with large keys provided that you can trust your source for the software. SSL is also probably fine if you can trust your key servers and software. However, what NSA does have in abundance is talented crackers and lots of resources and access to federal warrants and even the freedom to proceed without warrants. The easy way to crack my ssh encrypted channel isn't to do a brute force attack on the data stream, it is to crack any of the systems on which I store public and private keypairs. The easy way to decrypt my gpg encrypted documents no matter how large a key I specify is to crack my system and do any of a dozen things -- monitor my keystrokes and steal my keys, issue a warrant forcing me to give up my keys (so I go to jail on contempt of court to rot forever without a trial if I fail to comply). The latter is what the FBI actually told me that they do in cases where there is probable cause, e.g. kiddy porn cases where somebody has a large encrypted file suspected of containing snuff films involving small children or the like (I've attended security conferences and chatted extensively with FBI'ers attending the same sessions in the past, although I don't mess with security at this level much any more).
But the only solution to the issue of privacy is to move BACK to this state of affairs. People have to have a real right to presume that their affairs and activities are private with the narrow exception of a search warrant granted on the basis of actual evidence and probable cause, sort of like it says in the constitution and its amendments.
Of course, we have to be willing to pay the price for this. That means that yeah, criminals and terrorists will succeed in concealing their affairs a lot more often. More of the innocent will die or be hurt in other ways. We cannot insist on having our privacy preserved and then bitch when the outcome of it is that a terrorist succeeds in nuking a city in a case where ignoring the privacy laws might have prevented it.
An alternative that might almost be more palatable would be to alter the laws to completely eliminate victimless crime and almost all moral crime, and indeed provide citizens with broad rights to completely freely choose their lifestyle and activities without their ability to seek employment or education being threatened. People conceal things that might be damaging, and one of the dangers of a police state is that so many things are illegal that "everybody" commits certain crimes, such as driving over the speed limit, driving with a blood alcohol that is just over the limit, bending things a bit on tax returns, engaging in sexual acts between consenting adults that are still technically against the laws of the state in which they live, smokes pot. This makes everybody vulnerable, and hence controllable. If we could actually trust the police not to abuse their power by eliminating most of the ways they COULD abuse their power, it would be a lot simpler to think about exceptions for exceptional risks.
Best of all, do both. Strong privacy laws, eliminate moral/victimless non-crimes and indeed establish legal protections for acting as one wishes to act outside of things that directly impact their employment or damage others, and sure, a tight system of well-regulated courts to handle the edge cases expeditiously and with the ability to seal the record of all discovery outside of a narrow window. Sort of like one imagines the framers of the constitution possibly intended. But then, they were all terrorists themselves.
rgb
Even when the experts all agree, they may well be mistaken. --- Bertrand Russell.
Bomb hoax? During finals week? Possible student connections? The NSA is almost certainly involved, but isn't going to give up any secrets for this.
You may not want to cause injury or death, which may turn people against you. If you can scare them and make them pressure their leaders to cease the action you disagree with, you might be able to achieve your aims more easily, particularly if your cause is somewhat sympathetic.
I'd think step 1 would be "Don't call in hoax bomb threats". Once that point of stupidity has been conceded, I think all else is just grist for the mill.
The article says "that he was caught despite using tor" !!!
He was not a smart person, but TOR has nothing to do with the story.
May the article should read "Student caught sending bomb threats using an Apple MAC"
my 2 bits
It'll stand. This is in the Affidavit.
9. Harvard University was able to determine that, in the several hours leading up to the receipt of the e-mail messages described above, ELDO KIM accessed TOR using Harvard’s wireless network.
10. On the evening of December 16, 2013, an FBI agent and an officer of the Harvard University Police Department interviewed ELDO KIM at the building in which he resides on the Harvard University campus. During the interview, the FBI agent advised KIM of his rights under Miranda. KIM read and signed an advice of rights waiver, stating that he understood his rights. KIM then stated that he authored the bomb threat e-mails described above. KIM stated that he acted alone. He further stated that he sent the e-mails to “five or six Harvard University e-mail addresses” that he picked at random from the university’s web page. According to KIM, he was motivated by a desire to avoid a final exam scheduled to be held on December 16, 2013.
Even if Tor works perfectly with no back door, I can think of lots of ways to get at someone's identity if I have governmental level resources and the determination to do it. Tor will not protect you. Tor will protect you from sub governmental peeking. Surf MILF pr0n freely. A Bayesian attack on timing can identify you. Colored packets can identify you. The makers of Tor will tell you that it's not designed to provide invisibility when the network it's deployed on is largely subverted or subvertible.
This is a public service announcement to our younger readers. There'a lot of lore about "dark internet" and it's exact properties and all of this. You WILL be caught doing whatever it is you thought you were going to do. So don't do it. Just. Don't.
And, you made sure to overwrite this pagefile?
In other words, what happened at your school is exactly what I said happened - they were not common and were taken seriously.
Go back to that school and learn some reading comprehension moron.
So the police caught the guy not tracing the through tor but they traced it through the University's wifi for tor session being made within.
If the guy made a vpn or used outside the University then he might have gotten away with it?
I'm kinda surprised he didn't pay attention to the wifi session. On the other hand, did the police go over every mac address in the building where the wifi was being connected? The only way to pin his laptop down is to match the mac address against the wifi record. If so, then we're looking at at least a good week worth of searching every student in the area where the wifi covered and if the student got rid of the laptop, it would end up an unsolved mystery.
a-b-c-d-e-f-g-h-i->a
Less links = more traffic
Just boot with an live image of something and do a macchanger.
Send your deed and reboot.
All traces of communication log etc on the computer was never recorded in hard drive thanks to the live iso and macchanger would make it impossible to pin it against your laptop.
is ever truly anonymous on the internet. Nothing.
The Kruger Dunning explains most post on
1) Is this FUD from the FBI re:Tor trying to discourage it where they actually used other methods to find him, e.g. Harvard logging traffic and Tor did its job? 2) Don't shit where you eat. Use a public network, like a café
from 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
to 45 2F 6E 40 3C DF 10 71 4E 41 DF AA 25 7D 31 3F
Harvard Makes you register for your network (I go there). Easy enough to find out who's been TOR-ing.
When you call in a bomb threat for a bomb that doesn't exist no physical damage is done.
When you start a fire in a trash can the building may catch on fire. Even if it's not your intention to cause a real fire, that may happen.
Just pulling the fire alarm itself will probably not cause enough of a delay to get you out of the test.
Moral is: Just study. (aka, do the work)
I refuse to sign
According to this study, 30% of Tor traffic is already ass hats:
http://www.theregister.co.uk/2013/09/18/study_finds_onethird_of_all_tor_traffic_is_fraudulent/
... and they are not going to use it for this kind of case.
They are if all it is is an easy database lookup and some parallel construction.
But he is correct in saying that it can seem funny. To the kids because they never felt there was a real threat. It probably wasn't funny to the cops or the teachers as they couldn't know if there was a real threat or not. Though that really only applies to America where bombings just didn't happen enough for it to register on kids back in the past. Now the bomb threats and real bombs seems to happen often enough that I suspect even young kids can get scared when a bomb threat is called in. Certainly any college age kid is going to realize this could be the real thing so even if there is no real threat there's still going to be a certain amount of fear that remains after the 'all clear' is given. tl:dr Bomb threats used to seem silly to kids but not any more.
The Onion already did a great "exposé" of this...Are Tests Biased Against Students That Don't Give A...?
"Once we've identified and embraced our sickness, we'll have strength...and that's when we get dangerous." - John Waters
Please RTFA. They only traced him because he used Harvards wireless network to access TOR, and the bomb threats came an anonymous email service accessed from TOR. Had he sent the email from a cafe off-campus they would not have been able to trace him.
"For every complex problem, there is a solution that is simple, neat, and wrong." -- H.L. Mencken (1880-1956) --
If you are capable of committing the crime, and have the antisocial tendency, how about this :
1. Give warning of crime.
2. Actually commit the crime according to the warning.
Now you not only have succeeded in committing the crime , which you wanted to do anyway, you have granted a tool in the hands of your antisocial friends who are themselves not capable of committing the crime. They will now be able to send society into a tizzy just by giving a false warning of the crime about to be committed.
Bingo Dictionary - Pragmatist, n. A myopic idealist.
You don't want anybody to talk to the cops, guilty OR innocent.
This is because if only one group talks to the cops it leads to information unraveling (i.e. innocent ppl talk -> if you shutup you admit you're guilty, so you better talk and get some better treatment or whatever.)
The only way the fifth works is if it works for everybody, otherwise it's useless.
I see what you did there, Slashdot editors. Brilliant.
If you had used an accurate headline, such as "Bomb hoax perp caught despite using the target's own network." then the "despite" part would have sounded stupid and you would have had an obviously non-story, right on the face of it. But by throwing in a random unrelated part of the story and misleadingly implying something about it, you made it sound interesting! More people need to learn this trick: lies make things interesting!
A guy puts on a mask and walks into a bank. He hands the teller a note, "My name is John Smith, and this is a robbery. Shhh. Give me $10k." Police later investigate John Smith, and confirm it was him. Headline: "robber caught despite using mask" because, clearly, masks are an important and very relevant part of the story!
As copyright owner of this comment, I authorize everyone to defeat any technological measure which limits access to it.
Given that your parenthetical explanation choses exactly the opposite case to the one I proposed, it's clearly not relevant.
And nothing I've suggested has in any way made the fifth amendment not work.
You're gibbering. Calm down and have a nice cup of tea or something.
Also FatPhil on SoylentNews, id 863
Jury nullification is still a possibility unless the case is moved to USDC Eastern Virginia where the jury pool is a rubber stamp for the prosecution.
Clearly not a computer science major.
i propose a more modern solution, where those wishing anonymity would use some sort of object which places ink on paper manually, in a pattern which resembles a generic font and would thus be recognizable as printed words, to communicate the message. this would then be placed in some sort of opaque paper wrapper and consigned to a service which would carry it to the proposed recipient, whose physical location would be placed on the outside of the paper wrapping in a fashion analogous to the address of an email message. there could be some nominal charge for this service, like 46 cents.
Star Trek transporters are just 3d printers.
OR they did use it in this case, realized it wasn't a "real" threat and so did not pass along the information to the local police.
Remember this was Harvard, NOT MIT.
Their technical skills may be lacking in comparison.
When I was in middle school (sometime around 1970) someone would call in a bomb threat every afternoon for about a week. They were beautiful spring afternoons spent outside horsing around with my friends.
They finally caught the guy. He always called from the same pay phone a couple of blocks from school during lunch. He wanted to get out of his french class. They gave him a good finger wagging and explained that this was actually a serious federal offense the could land him in gigantic trouble and made him go to french class. It didn't happen any more. I wonder if he continued to stay out of jail.
This is someone obsessed enough with credentials to put the entire community into mortal fear and to kill a whole day for a group of people known to get a lot done in a day.
Shame and ruin will suffice. Jail won't be the worst punishment. Being recognized in public will.
I hope Obama Administration pardons him. He is just an immature kid/student.
Casteism
Most Harvard students get straight A's anyways.
Not sure what he would have lost if he just took the test
Ruined his life to get out of an exam how stupid