Slashdot Mirror

← Back to Stories (view on slashdot.org)

Harvard Bomb Hoax Perpetrator Caught Despite Tor Use

Posted by Soulskill on from the do-not-pass-go dept.

Meshach writes "The FBI has caught the student who called in a bomb threat at Harvard University on December 16. The student used a temporary anonymous email account routed through Tor, but the FBI was able to trace it (PDF) because it originated from the Harvard wireless network. He could face as long as five years in prison, three years of supervised release and a $250,000 fine if convicted. He made the threat to get out of an exam."

3 of 547 comments (clear)

  1. Re:"because it originated from the wireless networ by The1stImmortal · · Score: 5, Informative

    Not neccessarily. His access to Tor via the campus wifi matched the timing of the emails enough to get him in a room, and then he confessed. Without the confession there'd be a lot less certainty of conviction, as the presumption of innocence would probably compel a jury, in the absence of any other compelling evidence, to find him not guilty.

    Moral of the story: Don't talk to cops.

    (also, don't make false bomb threats. They're stupid)

  2. Re:"because it originated from the wireless networ by Krneki · · Score: 5, Informative

    In our next lesson we will learn delayed email deliver functionality. Stay tuned!

    --
    Love many, trust a few, do harm to none.
  3. Re:Sounds like he visited torproject.org recently. by Actually,+I+do+RTFA · · Score: 5, Informative

    Or, possibly, they just checked who had used Tor in the last few days on their network - can you ID a Tor packet by looking at it?

    Depends on who the "you" is. The list of entry nodes is public knowledge. Telecoms/Government agencies probably keep historic lists of entry nodes. So it should be trivial to show a connection to the Tor network. The PDF implied (to me) that the FBI just crossreferenced Harvard's log with their list of entry nodes.

    To technically answer your question: Tor packets don't have a unique signature, but they all are of a known size.

    It doesn't sound like they needed to crack Tor.

    This is one of the best-known ways to deanonymize people using Tor: timestamping entering traffic and exiting traffic. Tor itself explains they have no theoretical way to fix that issue and still maintain a system that is low-latency (there may have been a third feature as well, where they got to pick-2-of-3).

    --
    Your ad here. Ask me how!