Harvard Bomb Hoax Perpetrator Caught Despite Tor Use 547
Meshach writes "The FBI has caught the student who called in a bomb threat at Harvard University on December 16. The student used a temporary anonymous email account routed through Tor, but the FBI was able to trace it (PDF) because it originated from the Harvard wireless network. He could face as long as five years in prison, three years of supervised release and a $250,000 fine if convicted. He made the threat to get out of an exam."
So he didn't get caught from the e-mail... (Score:5, Interesting)
...but because he was the only one on the whole campus wifi that used Tor that day.
Lesson to learn: Keep your endpoint traffic able to be lost in the noise, or ya' stick out like a sunflower in a coal mine.
I.E. SSH somewhere *THEN* Tor.
Re:"because it originated from the wireless networ (Score:4, Interesting)
They didn't know it originated from the wireless network. They knew it came from Tor. I could have sent it, for all they know. What they did know was the time it arrived. They played a hunch that it came locally (someone who planted/discovered the bomb on campus) and checked to see who had used Tor on their network at around that time, it's plain old fashioned detective work.
Put the suspect in a room with an interrogator and extract a confession ("We have you on the Tor network the exact same time the email for the bomb hoax came through", "You were the only person using it at the time (whether that is true or not) so we know you did it", "This will go a lot easier on you if you confess now"). Will the confession stand? Did they read Miranda rights? Was he offered legal council?
Re:So he didn't get caught from the e-mail... (Score:4, Interesting)
His mistake was admitting it. They basically had nothing on him, he could have been using Tor for any number of reasons and was not required to explain himself. All he had to do was deny sending the email and assuming he properly secured his browser there would have been no evidence to the contrary.
Tor is still fine, even if you are the only one on campus using it. That fact alone is meaningless.
The linked article is confused... (Score:4, Interesting)
The linked article is confused... but Emerson Hall houses the philosophy department, so it was a philosophy final.
Which is incredibly ironic, since those are generally a matter of opinion or history, which means he could likely have passed it in any case, given that he was a psychology major with a minor in Japanese, so it was kind of a pass/fail class for him anyway. I wonder if any of the news organizations have talked to Professor Gary King (Kim was his research assistant).
Re:So he was clever enough ... (Score:2, Interesting)
He called in a bomb threat to delay taking a final. This is a dude that has already shown that he has poor decision making skills.
Hey, that's what students do. Don't tell us that you never called in a bomb threat to avoid school or exams?
The difference was, in the old days, school personnel knew that this is a standard student prank, and acted accordingly (namely, not at all). Only today, in this post-911 world have people become so paranoid that they take obvious prank calls at face value...
Re:Kids these days... (Score:5, Interesting)
If he'd just called it in from a pay phone, they'd never have found him.
In Luxembourg, a couple of students at the European School did exactly that a few years ago. They were caught pretty quickly, because, you know, payphones have cameras... ("officially" to catch vandalism, but these cams sure did come in handy in this case as well). So, cops just walked with the pix from classroom to classroom until they found the perps.
Re:So he didn't get caught from the e-mail... (Score:3, Interesting)
Unless they had probable cause to grab his computer and he wasn't savvy enough to have wiped the drive. Cookies for the offending email address would be pretty incriminating.
Re:How did they do it? (Score:4, Interesting)
While we were forced to use DPI in order to catch people torrenting movies (our university threatened to pull the plug otherwise!), we also used it to catch the inevitable Worm infections or Botnets.
Such computers were isolated from the rest of the net and (almost) all HTTP traffic was redirected (save for traffic to know antivirus software providers) to a page which stated that their computed was infected with Zeus, Conficker or whatever else is floating around there. And that they were to clean up their PCs and that we also recommended a complete wipe. They then had to type in "Yes, I understand" and were given a 24 hour grace period. If, after that time period, their PC was still infected they were off the net until they proved a complete reinstall to us.