Slashdot Mirror
Harvard Bomb Hoax Perpetrator Caught Despite Tor Use
Meshach writes "The FBI has caught the student who called in a bomb threat at Harvard University on December 16. The student used a temporary anonymous email account routed through Tor, but the FBI was able to trace it (PDF) because it originated from the Harvard wireless network. He could face as long as five years in prison, three years of supervised release and a $250,000 fine if convicted. He made the threat to get out of an exam."
Whenever you peel back the layers of an onion, someone is bound to cry.
Science advances one funeral at a time- Max Planck
We can either live in a future where little jackwagons can effect a denial-of-service attack on society, or
we can spank the crap out of the idiots so that this kind of noise is minimized. Same goes for rape/hate crime hoaxes.
Get thee glass eyes, and, like a scurvy politician, seem to see things thou dost not.--King Lear
And therefore they'll put him in rehab rather than prison.
Unless he's not affluent enough for his affluenza to be strong enough to cover this crime, after all, he called in a bomb threat, rather than killed four people in a drunk-driving incident.
Not neccessarily. His access to Tor via the campus wifi matched the timing of the emails enough to get him in a room, and then he confessed. Without the confession there'd be a lot less certainty of conviction, as the presumption of innocence would probably compel a jury, in the absence of any other compelling evidence, to find him not guilty.
Moral of the story: Don't talk to cops.
(also, don't make false bomb threats. They're stupid)
...but because he was the only one on the whole campus wifi that used Tor that day.
Lesson to learn: Keep your endpoint traffic able to be lost in the noise, or ya' stick out like a sunflower in a coal mine.
I.E. SSH somewhere *THEN* Tor.
Really?! Smart man.
Avoid exam?
Bomb threat!
Police arrive?
Immediately confess!
The evidence itself was completely circumstantial. Without a confession they surely had nothing.
They had no way to prove anything other than:
1. Guerilla Mail was accessed by Tor to send the e-mails.
2. Kim is a Harvard student that recently accessed Tor.
I read the PDF (shock).
It sounds suspiciously like they just checked the logs to see who had visited Tor related websites and then went and interviewed the handful of people who happened to visit these sites within a few days. Maybe interview those who had exams in the 4 listed buildings at the designated time?
Or, possibly, they just checked who had used Tor in the last few days on their network - can you ID a Tor packet by looking at it?
It doesn't sound like they needed to crack Tor.
In our next lesson we will learn delayed email deliver functionality. Stay tuned!
Love many, trust a few, do harm to none.
also, don't make false bomb threats. They're stupid
Don't make real ones either. They're even stupider.
... to use TOR, but then gave a full confession during an "interview", throwing his right to remain silent (and to have a lawyer present during questioning) out the window?
From the pdf
"Harvard University was able to determine that, in the several hours leading up to the
receipt of the e-mail messages described above, ELDO KIM accessed TOR using Harvardâ(TM)s
wireless network."
So Harvard keeps track of your connections. Still circumstancial but he confessed.
"KIM then stated that he authored the bomb threat e-mails described above."
He made the threat to get out of an exam.
he won't have to worry about that any more
I expected more from a Harvard student.
A couple of hours of online research should have taught him to, at least, connect through a cracked wifi far from his neighborhood. Or, if he was computer illiterate, to convince someone from another country to send the mails for him.
Also, once he decided to avoid the exam in a way that could land him in prison, why use a method he didn't understand, instead of burning down the building or paying someone to send the teacher to the hospital?
However, the first question I would ask him would be if he had considered that simply approaching the teacher and explaining him that he and all his family would be killed unless the exam was postponed, carried a shorter jail time than a terrorist threat.
In conclusion, clearly in Harvard they are not teaching how to deal with real world problems pragmatically.
The wonderful thing about shows like CSI is that it convinces criminals to implement absurd technical defences when their crimes will almost certainly be dealt with by old-fashioned police work.
No kidding!!! What do you say at this point?
Was the guy ever catched ? Nope.
Did this happen during an English class?
They didn't know it originated from the wireless network. They knew it came from Tor. I could have sent it, for all they know. What they did know was the time it arrived. They played a hunch that it came locally (someone who planted/discovered the bomb on campus) and checked to see who had used Tor on their network at around that time, it's plain old fashioned detective work.
Put the suspect in a room with an interrogator and extract a confession ("We have you on the Tor network the exact same time the email for the bomb hoax came through", "You were the only person using it at the time (whether that is true or not) so we know you did it", "This will go a lot easier on you if you confess now"). Will the confession stand? Did they read Miranda rights? Was he offered legal council?
This reminds me of the news the other day - there have had a few bombs going off recently in Northern Ireland - with warnings. Anyhow, on Monday the news said that a man was being treated for burns in Belfast, which was thought to be linked to sectarian violence, my first thought was "FFS, now they're setting each other on fire", quickly followed by laughter when it turned out the incendiary device he was carrying detonated - serves the stupid fucker right.
... and they are not going to use it for this kind of case.
Depends on who the "you" is. The list of entry nodes is public knowledge. Telecoms/Government agencies probably keep historic lists of entry nodes. So it should be trivial to show a connection to the Tor network. The PDF implied (to me) that the FBI just crossreferenced Harvard's log with their list of entry nodes.
To technically answer your question: Tor packets don't have a unique signature, but they all are of a known size.
This is one of the best-known ways to deanonymize people using Tor: timestamping entering traffic and exiting traffic. Tor itself explains they have no theoretical way to fix that issue and still maintain a system that is low-latency (there may have been a third feature as well, where they got to pick-2-of-3).
Your ad here. Ask me how!
Precisely this. Harvard keeps flow type logs, they found someone using tor. Pigs barfed on him, he cracked and confessed. The kid's a fucking retard, mostly for cranking people.
Please, don't use Tor to harass and be an asshole.
Real freedom fighters need Tor, not you and your lulz.
See who else really needs Tor: https://www.torproject.org/
And quit being assholes.
legal council? probably not. he's a terrorism suspect after all!!
world was created 5 seconds before this post as it is.
If he'd just called it in from a pay phone, they'd never have found him.
-jcr
The only title of honor that a tyrant can grant is "Enemy of the State."
The linked article is confused... but Emerson Hall houses the philosophy department, so it was a philosophy final.
Which is incredibly ironic, since those are generally a matter of opinion or history, which means he could likely have passed it in any case, given that he was a psychology major with a minor in Japanese, so it was kind of a pass/fail class for him anyway. I wonder if any of the news organizations have talked to Professor Gary King (Kim was his research assistant).
Remember the days when this story wouldn't even have made the local paper? Seriously, 25 years ago your average school saw one of these every few years. It headlined the school paper, the local cops investigated, but the FBI? National news? Heck no.
Who needs terrorists when we now pay large corporations and government agencies to spread panic? Quit terrorizing the nation to protect your job security and let me know when something actually blows up.
And in lesson three, we'll learn the age old trick of going down to the local busy Starbucks with a fresh install of *OS and then use the Tor. This might extend the time it takes the feds to knock on your door to over 24 hours!
What other people think of me is none of my business
Just study, it's easier.
Moron. I don't care how innocent or guilty you are.
Don't talk
Demand a lawyer (only time you can talk)
Don't sign anything
Don't fucking talk!
Did I mention not talking?
By the time your lawyer arrives you should need a glass of water because your lips will be stuck together from all the not talking you were doing.
Is that more or less work than actually studying for the exam?
No normal person calls in a bomb threat to get out of a final that will at most just end being delayed.
That YOU were (and are) an idiot doesn't mean everyone is. If your moronic logic was true, then the phone at your average school would never stop ringing. This guy (and since you clearly identify with him, you) is an asshole who thought nothing of creating a major nuisance for teachers and students because he wanted to get out of an exam. Ten to one you and him are the type who then later grow up... grow older and at the slightest provocation threaten to sue anyone and everyone for any delay or inconvenience.
It is the eternal excuse of the asshole: Everyone does it.
Nope.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
Except he didn't actually send the bomb threat! He only confessed to that lesser crime because what he was REALLY doing was seeding a pirated release of Gravity, and he knew if the police continued their investigation they might find out and he'd end up in jail for 10 years and have to pay $3 million in fines.
If you weren't ready to make that post, you could've called in a bomb threat.
#DeleteChrome
TOR is not an entity and even if they managed to get hold of the exit node there is no logs left there to point back to the previous node and so on.