Slashdot Mirror
Harvard Bomb Hoax Perpetrator Caught Despite Tor Use
Meshach writes "The FBI has caught the student who called in a bomb threat at Harvard University on December 16. The student used a temporary anonymous email account routed through Tor, but the FBI was able to trace it (PDF) because it originated from the Harvard wireless network. He could face as long as five years in prison, three years of supervised release and a $250,000 fine if convicted. He made the threat to get out of an exam."
Not neccessarily. His access to Tor via the campus wifi matched the timing of the emails enough to get him in a room, and then he confessed. Without the confession there'd be a lot less certainty of conviction, as the presumption of innocence would probably compel a jury, in the absence of any other compelling evidence, to find him not guilty.
Moral of the story: Don't talk to cops.
(also, don't make false bomb threats. They're stupid)
I read the PDF (shock).
It sounds suspiciously like they just checked the logs to see who had visited Tor related websites and then went and interviewed the handful of people who happened to visit these sites within a few days. Maybe interview those who had exams in the 4 listed buildings at the designated time?
Or, possibly, they just checked who had used Tor in the last few days on their network - can you ID a Tor packet by looking at it?
It doesn't sound like they needed to crack Tor.
In our next lesson we will learn delayed email deliver functionality. Stay tuned!
Love many, trust a few, do harm to none.
From the pdf
"Harvard University was able to determine that, in the several hours leading up to the
receipt of the e-mail messages described above, ELDO KIM accessed TOR using Harvardâ(TM)s
wireless network."
So Harvard keeps track of your connections. Still circumstancial but he confessed.
"KIM then stated that he authored the bomb threat e-mails described above."
This reminds me of the news the other day - there have had a few bombs going off recently in Northern Ireland - with warnings. Anyhow, on Monday the news said that a man was being treated for burns in Belfast, which was thought to be linked to sectarian violence, my first thought was "FFS, now they're setting each other on fire", quickly followed by laughter when it turned out the incendiary device he was carrying detonated - serves the stupid fucker right.
Depends on who the "you" is. The list of entry nodes is public knowledge. Telecoms/Government agencies probably keep historic lists of entry nodes. So it should be trivial to show a connection to the Tor network. The PDF implied (to me) that the FBI just crossreferenced Harvard's log with their list of entry nodes.
To technically answer your question: Tor packets don't have a unique signature, but they all are of a known size.
This is one of the best-known ways to deanonymize people using Tor: timestamping entering traffic and exiting traffic. Tor itself explains they have no theoretical way to fix that issue and still maintain a system that is low-latency (there may have been a third feature as well, where they got to pick-2-of-3).
Your ad here. Ask me how!
Moron. I don't care how innocent or guilty you are.
Don't talk
Demand a lawyer (only time you can talk)
Don't sign anything
Don't fucking talk!
Did I mention not talking?
By the time your lawyer arrives you should need a glass of water because your lips will be stuck together from all the not talking you were doing.
I shouldn't state it, but I hope an example is made from this person. At the uni I graduated from, they had many of these incidents, all timed around midterms or finals week. It got old having the police stop and lock down everyone in a building or having to wait hours for them to clear a parking lot with the dogs. Of course, when trying to focus on passing, it doesn't help either when a final is moved/rescheduled and one has spent a good long time preparing for it.
If you had taken the time to read the deposition, when confronted he said that he did it and why.. so yeah, he's toasted.
So once the FBI subpeona'd Tor to...
That's an awful long post for someone that doesn't seem to know what they are talking about. Tor cannot be subpoenaed for information. It is a peer to peer network, not a legal entity. They got this guy because to get on university wifi you need to login, which then associates your mac address with your account and allows traffic to flow. They also monitor your traffic and could associate his account with Tor use. This gave the FBI enough information to question him and he probably was so scared and guilty feeling that he freely confessed. You can change the mac address on most network adapters. You wouldn't need to buy a throwaway usb wifi adapter. The FBI would have had much less to go on if the perp had simply used a free wifi hotspot.
It is difficult to understand what was going on in his head but it obviously wasn't rational thought.