Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
Crime The Internet News

Harvard Bomb Hoax Perpetrator Caught Despite Tor Use 547

Meshach writes "The FBI has caught the student who called in a bomb threat at Harvard University on December 16. The student used a temporary anonymous email account routed through Tor, but the FBI was able to trace it (PDF) because it originated from the Harvard wireless network. He could face as long as five years in prison, three years of supervised release and a $250,000 fine if convicted. He made the threat to get out of an exam."
This discussion has been archived. No new comments can be posted.

Harvard Bomb Hoax Perpetrator Caught Despite Tor Use

Comments Filter:
  • by The1stImmortal ( 1990110 ) on Wednesday December 18, 2013 @06:27AM (#45724153)

    Not neccessarily. His access to Tor via the campus wifi matched the timing of the emails enough to get him in a room, and then he confessed. Without the confession there'd be a lot less certainty of conviction, as the presumption of innocence would probably compel a jury, in the absence of any other compelling evidence, to find him not guilty.

    Moral of the story: Don't talk to cops.

    (also, don't make false bomb threats. They're stupid)

  • by WoTG ( 610710 ) on Wednesday December 18, 2013 @06:29AM (#45724169) Homepage Journal

    I read the PDF (shock).

    It sounds suspiciously like they just checked the logs to see who had visited Tor related websites and then went and interviewed the handful of people who happened to visit these sites within a few days. Maybe interview those who had exams in the 4 listed buildings at the designated time?

    Or, possibly, they just checked who had used Tor in the last few days on their network - can you ID a Tor packet by looking at it?

    It doesn't sound like they needed to crack Tor.

  • by Krneki ( 1192201 ) on Wednesday December 18, 2013 @06:31AM (#45724181)

    In our next lesson we will learn delayed email deliver functionality. Stay tuned!

  • How did they do it? (Score:5, Informative)

    by it0 ( 567968 ) on Wednesday December 18, 2013 @06:34AM (#45724197)

    From the pdf

    "Harvard University was able to determine that, in the several hours leading up to the
    receipt of the e-mail messages described above, ELDO KIM accessed TOR using Harvardâ(TM)s
    wireless network."

    So Harvard keeps track of your connections. Still circumstancial but he confessed.
    "KIM then stated that he authored the bomb threat e-mails described above."

  • by oobayly ( 1056050 ) on Wednesday December 18, 2013 @07:16AM (#45724381)

    This reminds me of the news the other day - there have had a few bombs going off recently in Northern Ireland - with warnings. Anyhow, on Monday the news said that a man was being treated for burns in Belfast, which was thought to be linked to sectarian violence, my first thought was "FFS, now they're setting each other on fire", quickly followed by laughter when it turned out the incendiary device he was carrying detonated - serves the stupid fucker right.

  • by Ihlosi ( 895663 ) on Wednesday December 18, 2013 @07:18AM (#45724395)
    This sounds like a plea bargain so it'll never see a jury.

    He just gave away any bargaining leverage by confessing to a law enforcement officer. Being able to skip a few days or weeks of trial and the associated costs will be the only advantage of a guilty plea.

    "if you cooperate with us, you'll get a lesser sentence"

    That is a lie, by the way. Law enforcement officers may lie when "interviewing" suspects.

    If faced with 50% risk of jail time and felonies compared NO jail time and felonies, the option with the lowest risk will always win.

    Confessing a to cop will get you all the jail time, every time. It's among the worst possible choices in such a case.

  • by Actually, I do RTFA ( 1058596 ) on Wednesday December 18, 2013 @07:57AM (#45724521)

    Or, possibly, they just checked who had used Tor in the last few days on their network - can you ID a Tor packet by looking at it?

    Depends on who the "you" is. The list of entry nodes is public knowledge. Telecoms/Government agencies probably keep historic lists of entry nodes. So it should be trivial to show a connection to the Tor network. The PDF implied (to me) that the FBI just crossreferenced Harvard's log with their list of entry nodes.

    To technically answer your question: Tor packets don't have a unique signature, but they all are of a known size.

    It doesn't sound like they needed to crack Tor.

    This is one of the best-known ways to deanonymize people using Tor: timestamping entering traffic and exiting traffic. Tor itself explains they have no theoretical way to fix that issue and still maintain a system that is low-latency (there may have been a third feature as well, where they got to pick-2-of-3).

  • by Charliemopps ( 1157495 ) on Wednesday December 18, 2013 @09:08AM (#45724887)

    Moron. I don't care how innocent or guilty you are.

    Don't talk
    Demand a lawyer (only time you can talk)
    Don't sign anything
    Don't fucking talk!
    Did I mention not talking?
    By the time your lawyer arrives you should need a glass of water because your lips will be stuck together from all the not talking you were doing.

  • by Anonymous Coward on Wednesday December 18, 2013 @09:44AM (#45725133)

    Unless they had probable cause to grab his computer and he wasn't savvy enough to have wiped the drive. Cookies for the offending email address would be pretty incriminating.

    i dont think you know how tor software works.. in using the preconfigured tor software that utilizes firefox, cookies are disabled by default, also java. and at the end of every session all history, cache and any traces to what you were doing are deleted automatically.. save if you download or bookmark something...

  • by isorox ( 205688 ) on Wednesday December 18, 2013 @10:24AM (#45725471) Homepage Journal

    You mightn't call being in the top 9% of households incomes "exceptionally affluent", but the other 91% of people probably do.

    I'm in the bottom 91%, but I certainly don't think a household on $150k a year is "exceptionally affulent". The median is about $70k.

  • Re:In the kitchen (Score:4, Informative)

    by Loether ( 769074 ) on Wednesday December 18, 2013 @10:43AM (#45725661) Homepage

    Yeah. I bet he was the only one (or a very few) at the time on Harvard's wifi and TOR. Then some good old fashioned police work, by telling the suspect some well crafted white lies closed the case. ie (we know what you did, sign this confession and make your life easier.) Unless I missed it, the court document never said they traced the specific message to him. Just him to TOR and TOR to the email. Then he admitted to it. At any rate, I'm glad they caught him. There are easier ways to avoid taking a test.

  • Re: In the kitchen (Score:4, Informative)

    by Anonymous Coward on Wednesday December 18, 2013 @11:16AM (#45725959)

    I shouldn't state it, but I hope an example is made from this person. At the uni I graduated from, they had many of these incidents, all timed around midterms or finals week. It got old having the police stop and lock down everyone in a building or having to wait hours for them to clear a parking lot with the dogs. Of course, when trying to focus on passing, it doesn't help either when a final is moved/rescheduled and one has spent a good long time preparing for it.

  • Re:In the kitchen (Score:3, Informative)

    by Anonymous Coward on Wednesday December 18, 2013 @11:52AM (#45726367)

    So once the FBI subpeona'd Tor to get the IP number that sent the threat, it was a done deal.

    Tor is not an entity.

  • Re:In the kitchen (Score:5, Informative)

    by PIBM ( 588930 ) on Wednesday December 18, 2013 @11:53AM (#45726383) Homepage

    If you had taken the time to read the deposition, when confronted he said that he did it and why.. so yeah, he's toasted.

  • Re:In the kitchen (Score:5, Informative)

    by terbeaux ( 2579575 ) on Wednesday December 18, 2013 @02:39PM (#45728351)

    So once the FBI subpeona'd Tor to...

    That's an awful long post for someone that doesn't seem to know what they are talking about. Tor cannot be subpoenaed for information. It is a peer to peer network, not a legal entity. They got this guy because to get on university wifi you need to login, which then associates your mac address with your account and allows traffic to flow. They also monitor your traffic and could associate his account with Tor use. This gave the FBI enough information to question him and he probably was so scared and guilty feeling that he freely confessed. You can change the mac address [osxdaily.com] on most network adapters. You wouldn't need to buy a throwaway usb wifi adapter. The FBI would have had much less to go on if the perp had simply used a free wifi hotspot.

    It is difficult to understand what was going on in his head but it obviously wasn't rational thought.

  • by sandytaru ( 1158959 ) on Wednesday December 18, 2013 @02:40PM (#45728363) Journal
    Naw, Harvard has a huge endowment. There are some very poor kids who are very very smart and who'd love a Harvard brand name on their degrees. Harvard wants only the smartest poor people, so will offer the diamonds in the rough free tuition. The kids are still on the hook for housing, food, and books, but those costs are closer to $10,000/year if you live very frugally. It's win/win - Harvard gets a crop of geniuses, and the geniuses go to a college they'd otherwise never be able to afford.

    The valedictorian at my high school went this route. With a perfect SAT and ACT score and a bunch of academic achievement awards she probably could have gone anywhere, but she picked Harvard because they waived all the tuition and fees for her. Since her parents were Army, they couldn't provide much financial support outside of the scholarships, but their little girl got into Harvard so they were going to try.

"The pathology is to want control, not that you ever get it, because of course you never do." -- Gregory Bateson