Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

We are sorry to see you leave - Beta is different and we value the time you took to try it out. Before you decide to go, please take a look at some value-adds for Beta and learn more about it. Thank you for reading Slashdot, and for making the site better!

Harvard Bomb Hoax Perpetrator Caught Despite Tor Use

Soulskill posted about a year ago | from the do-not-pass-go dept.

Crime 547

Meshach writes "The FBI has caught the student who called in a bomb threat at Harvard University on December 16. The student used a temporary anonymous email account routed through Tor, but the FBI was able to trace it (PDF) because it originated from the Harvard wireless network. He could face as long as five years in prison, three years of supervised release and a $250,000 fine if convicted. He made the threat to get out of an exam."

Sorry! There are no comments related to the filter you selected.

In the kitchen (5, Funny)

Cryacin (657549) | about a year ago | (#45724109)

Whenever you peel back the layers of an onion, someone is bound to cry.

Re:In the kitchen (0)

Anonymous Coward | about a year ago | (#45724161)

So this wasn't Tor's fault? Did the techs at the university only see a few tor users and sent the FBI to each of them?

Dog bonre (0)

For a Free Internet (1594621) | about a year ago | (#45724115)

A fart on all your hourses, Slashdort!

"because it originated from the wireless network" (0)

Anonymous Coward | about a year ago | (#45724123)

"[...], but the FBI was able to trace it (PDF) because it originated from the Harvard wireless network."

They were able to trace it, period.
The rest was just made up to make us believe that maybe they could not have traced it otherwise.

Re:"because it originated from the wireless networ (5, Informative)

The1stImmortal (1990110) | about a year ago | (#45724153)

Not neccessarily. His access to Tor via the campus wifi matched the timing of the emails enough to get him in a room, and then he confessed. Without the confession there'd be a lot less certainty of conviction, as the presumption of innocence would probably compel a jury, in the absence of any other compelling evidence, to find him not guilty.

Moral of the story: Don't talk to cops.

(also, don't make false bomb threats. They're stupid)

Re:"because it originated from the wireless networ (5, Informative)

Krneki (1192201) | about a year ago | (#45724181)

In our next lesson we will learn delayed email deliver functionality. Stay tuned!

Re:"because it originated from the wireless networ (2, Insightful)

Anonymous Coward | about a year ago | (#45724183)

" as the presumption of innocence would probably compel a jury, in the absence of any other compelling evidence, to find him not guilty."

LOL, you believe too much what the tv tells you.

Re: "because it originated from the wireless netwo (5, Insightful)

Anonymous Coward | about a year ago | (#45724191)

also, don't make false bomb threats. They're stupid

Don't make real ones either. They're even stupider.

Re: "because it originated from the wireless netwo (1)

JockTroll (996521) | about a year ago | (#45724361)

Don't make any threat at all: place the bomb, detonate it. This will tell people you do have the ability to make a bomb and the will to use it. Then do it again, so they will also know you're not going to stop at one. Then you can make threats that will not sound empty.

Re: "because it originated from the wireless netwo (4, Informative)

oobayly (1056050) | about a year ago | (#45724381)

This reminds me of the news the other day - there have had a few bombs going off recently in Northern Ireland - with warnings. Anyhow, on Monday the news said that a man was being treated for burns in Belfast, which was thought to be linked to sectarian violence, my first thought was "FFS, now they're setting each other on fire", quickly followed by laughter when it turned out the incendiary device he was carrying detonated - serves the stupid fucker right.

Re:"because it originated from the wireless networ (2)

fuzzyfuzzyfungus (1223518) | about a year ago | (#45724205)

It doesn't much help his case that circumstantial evidence pointed everyone more or less immediately at the Harvard campus, and thus at the first layer of the 'onion'. Tor is only minimally better (if at all) then straight SSL/TLS if the operator of hop #1 has strong reasons to be suspicious of Tor traffic within a set time period.

Re:"because it originated from the wireless networ (0)

Anonymous Coward | about a year ago | (#45724539)

"better... THAN", not 'then'...

Re:"because it originated from the wireless networ (5, Insightful)

Sockatume (732728) | about a year ago | (#45724267)

The wonderful thing about shows like CSI is that it convinces criminals to implement absurd technical defences when their crimes will almost certainly be dealt with by old-fashioned police work.

Re:"because it originated from the wireless networ (0)

Anonymous Coward | about a year ago | (#45724273)

An interesting question might be how many other users of the Harvard wireless network where visited by the FBI & interviewed...

Re:"because it originated from the wireless networ (-1)

Anonymous Coward | about a year ago | (#45724287)

Moral of the story: Don't talk to cops.

(also, don't make false bomb threats. They're stupid)

Ok to "don't talk to cops" (they're just legalised criminals).
As for bomb threats c'mon if you manage to pull it off its funny. I remember in mid eighties when real bombs were going off in Paris, some joker phoned our school with a bomb threat. The result ? Every kid got to have an early day off. Was the guy ever catched ? Nope. You could say it was incompetence from the french cops. But who knows. It was pre internet, it was pre everything. And no surveillance society either.

Re:"because it originated from the wireless networ (5, Funny)

Anonymous Coward | about a year ago | (#45724325)

Was the guy ever catched ? Nope.

Did this happen during an English class?

Re:"because it originated from the wireless networ (-1)

Anonymous Coward | about a year ago | (#45724409)

GFY. seriously.

Re:"because it originated from the wireless networ (0)

Cley Faye (1123605) | about a year ago | (#45724345)

As for bomb threats c'mon if you manage to pull it off its funny. I remember in mid eighties when real bombs were going off in Paris, some joker phoned our school with a bomb threat. The result ? Every kid got to have an early day off. Was the guy ever catched ? Nope. You could say it was incompetence from the french cops. But who knows. It was pre internet, it was pre everything. And no surveillance society either.

Yeah, you might want to take some vacation, far away, and fast.

Re:"because it originated from the wireless networ (1)

PolygamousRanchKid (1290638) | about a year ago | (#45724295)

(also, don't make false bomb threats. They're stupid)

. . . it seems that lesson is not on the curriculum at Harvard . . .

At least the guy wasn't a law student . . . that would have been even more hilarious!

Re:"because it originated from the wireless networ (2, Insightful)

fatphil (181876) | about a year ago | (#45724485)

Why do you want the best for this dipshit?

If you're *innocent*, don't talk to cops.
If you're guilty, spill the beans immediately.

You seem to want to encourage criminals to waste the whole legal system's time? (Which, like everything in the end, is paid for by honest tax-payers.)

Re:"because it originated from the wireless networ (1)

Big Hairy Ian (1155547) | about a year ago | (#45724525)

What he should have said is he was browsing Silk Road but didn't buy or sell anything.

Re: "because it originated from the wireless netwo (1)

Anonymous Coward | about a year ago | (#45724175)

They contacted the email provider, who gave up access logs for the mail accounts, which revealed that the user had come from Tor. They could correlate those records with Harvard's own records of who logged into their network and used Tor. They questioned him and he confessed; I bet the number of Tor users at Harvard at that time was small enough to brute-force. This is not an instance of the government unmasking a Tor user, this is good police work and a weak willed idiot.

Re: "because it originated from the wireless netwo (1, Funny)

e70838 (976799) | about a year ago | (#45724319)

In fact, NSA broke TOR and wrote this nice story so that police looks good.

Re: "because it originated from the wireless netwo (1)

Cley Faye (1123605) | about a year ago | (#45724363)

It's kind of funny; in the instance of a network that log connection with very few tor users, NOT using tor would have been more efficient at hiding is identity. Should have gone the easy route of seven proxies.

Re:"because it originated from the wireless networ (3, Interesting)

RivenAleem (1590553) | about a year ago | (#45724367)

They didn't know it originated from the wireless network. They knew it came from Tor. I could have sent it, for all they know. What they did know was the time it arrived. They played a hunch that it came locally (someone who planted/discovered the bomb on campus) and checked to see who had used Tor on their network at around that time, it's plain old fashioned detective work.

Put the suspect in a room with an interrogator and extract a confession ("We have you on the Tor network the exact same time the email for the bomb hoax came through", "You were the only person using it at the time (whether that is true or not) so we know you did it", "This will go a lot easier on you if you confess now"). Will the confession stand? Did they read Miranda rights? Was he offered legal council?

You're doing it wrong (-1)

Anonymous Coward | about a year ago | (#45724125)

faggot

Unfair government interference in edudcation (-1, Flamebait)

Anonymous Coward | about a year ago | (#45724131)

Waiting for posts decrying invasion of hoaxers privacy and unfairness of the American justice system and of the possible penalties.

Heckler veto (5, Insightful)

smitty_one_each (243267) | about a year ago | (#45724139)

We can either live in a future where little jackwagons can effect a denial-of-service attack on society, or
we can spank the crap out of the idiots so that this kind of noise is minimized. Same goes for rape/hate crime hoaxes.

Re:Unfair government interference in edudcation (-1)

Anonymous Coward | about a year ago | (#45724261)

Poor conservative douchebag bleats like a dog that's been beaten too much.

Go back to freerepublic, faggot.

Dr. Leroy (1)

Lucky_Pierre (175635) | about a year ago | (#45724137)

Will be giving him his next exam.

Of course, he'll have affluenza (5, Funny)

Anonymous Coward | about a year ago | (#45724141)

And therefore they'll put him in rehab rather than prison.

Unless he's not affluent enough for his affluenza to be strong enough to cover this crime, after all, he called in a bomb threat, rather than killed four people in a drunk-driving incident.

Re:Of course, he'll have affluenza (0)

Anonymous Coward | about a year ago | (#45724195)

Kind of a stretch there. Yeah, that article happened recently. Doesn't have anything to do with what's going on though. Maybe you should talk about bitcoins or something.

Re:Of course, he'll have affluenza (1)

TemperedAlchemist (2045966) | about a year ago | (#45724255)

You should look at the statistics for people who attend Harvard. 30% of their students have a family that pulls in 150k or more.

Re:Of course, he'll have affluenza (5, Insightful)

isorox (205688) | about a year ago | (#45724279)

You should look at the statistics for people who attend Harvard. 30% of their students have a family that pulls in 150k or more.

I'm amazed it's that low.

Re:Of course, he'll have affluenza (1)

Anonymous Coward | about a year ago | (#45724293)

150k is great and all, but it doesn't even come close to approaching affluent.

Re:Of course, he'll have affluenza (0)

Anonymous Coward | about a year ago | (#45724265)

He's a Harvard student who feels entitled enough to throw an entire university's daily business under the bus to avoid personal consequences.

Not that much of a stretch.

So he didn't get caught from the e-mail... (5, Interesting)

Anonymous Coward | about a year ago | (#45724155)

...but because he was the only one on the whole campus wifi that used Tor that day.

Lesson to learn: Keep your endpoint traffic able to be lost in the noise, or ya' stick out like a sunflower in a coal mine.

I.E. SSH somewhere *THEN* Tor.

What an idiot. (3, Insightful)

Anonymous Coward | about a year ago | (#45724159)

Really?! Smart man.

Avoid exam?
Bomb threat!

Police arrive?
Immediately confess!

The evidence itself was completely circumstantial. Without a confession they surely had nothing.
They had no way to prove anything other than:
1. Guerilla Mail was accessed by Tor to send the e-mails.
2. Kim is a Harvard student that recently accessed Tor.

Re:What an idiot. (2, Insightful)

gnasher719 (869701) | about a year ago | (#45724333)

The evidence itself was completely circumstantial. Without a confession they surely had nothing.
They had no way to prove anything other than:
1. Guerilla Mail was accessed by Tor to send the e-mails.
2. Kim is a Harvard student that recently accessed Tor.

Enough to get a search warrant. So what do you think would a search warrant have shown? Fact is: If you did it, then there is evidence. And if the police thinks you did it, and the case is important enough to search very, very hard, they will find the evidence.

Re:What an idiot. (1)

Zordrak (1626781) | about a year ago | (#45724445)

Desktop Encryption.

Sounds like he visited torproject.org recently... (4, Informative)

WoTG (610710) | about a year ago | (#45724169)

I read the PDF (shock).

It sounds suspiciously like they just checked the logs to see who had visited Tor related websites and then went and interviewed the handful of people who happened to visit these sites within a few days. Maybe interview those who had exams in the 4 listed buildings at the designated time?

Or, possibly, they just checked who had used Tor in the last few days on their network - can you ID a Tor packet by looking at it?

It doesn't sound like they needed to crack Tor.

Re:Sounds like he visited torproject.org recently. (1)

fatphil (181876) | about a year ago | (#45724257)

It's another case of "use of a tool which gives you plausable deniability makes you the most likely candidate". Compare multiple-key disk encryption. And guys with stockings over their heads.

Indeed, all they needed to do was log the initial in-the-open connection to the service that then subsequently hides everything.

Re:Sounds like he visited torproject.org recently. (0)

Anonymous Coward | about a year ago | (#45724513)

It's another case of "use of a tool which gives you plausable deniability makes you the most likely candidate". Compare multiple-key disk encryption.

That's one of the major reasons Tor users encourage others to use Tor too. Same with encryption.

Re:Sounds like he visited torproject.org recently. (2)

PolygamousRanchKid (1290638) | about a year ago | (#45724337)

It doesn't sound like they needed to crack Tor.

Of course, if the NSA has easy and simple ways of cracking Tor . . . they're not going to brag about it anyway:

"Go ahead, keep using Tor . . . it's safe and we can't crack it . . ."

Re:Sounds like he visited torproject.org recently. (3, Insightful)

qbast (1265706) | about a year ago | (#45724397)

... and they are not going to use it for this kind of case.

Re:Sounds like he visited torproject.org recently. (5, Informative)

Actually, I do RTFA (1058596) | about a year ago | (#45724521)

Or, possibly, they just checked who had used Tor in the last few days on their network - can you ID a Tor packet by looking at it?

Depends on who the "you" is. The list of entry nodes is public knowledge. Telecoms/Government agencies probably keep historic lists of entry nodes. So it should be trivial to show a connection to the Tor network. The PDF implied (to me) that the FBI just crossreferenced Harvard's log with their list of entry nodes.

To technically answer your question: Tor packets don't have a unique signature, but they all are of a known size.

It doesn't sound like they needed to crack Tor.

This is one of the best-known ways to deanonymize people using Tor: timestamping entering traffic and exiting traffic. Tor itself explains they have no theoretical way to fix that issue and still maintain a system that is low-latency (there may have been a third feature as well, where they got to pick-2-of-3).

"was able to determine"... (0)

Anonymous Coward | about a year ago | (#45724173)

"Harvard University was able to determine that, in the several hours leading up to the receipt of the e-mail messages described above, ELDO KIM accessed TOR using Harvard’s wireless network."

That's interesting. How exactly did they do that? My guess is that they're keeping netflow records of all traffic flowing across their network border and was able to use that to match his connections to one or several known TOR relays.

He was caught using Tor, not sending the mail (0)

Anonymous Coward | about a year ago | (#45724179)

As far as you can tell from the affidavit, it was detected that the person who sent the e-mail containing the bomb threat was using Tor on the university network. They were not able to prove that it was him.

After he was confronted with the fact that he was using Tor at that time and that the e-mail was sent by someone using Tor he confessed to sending the e-mail. So in this case they were only able to piece circumstantial evidence concerning the Tor use together to get the suspect to confess. It would be interesting to see how much that evidence would have been worth if he'd kept his mouth shut. Also it would be interesting to see how much possibilities the FBI would have (and would show the outside world they have) to prove that it was indeed his computer from where the e-mail originated.

So, needs another seven proxies? (0)

magic maverick (2615475) | about a year ago | (#45724187)

I'm surprised he did it from his dorm (if, indeed, he actually did it). I thought the sensible thing was to go down to the local public library and/or coffee shop (without cameras) and do your shit from there. And if you can use someone else's wireless, you can still use your own computer and Tor.
As for "because it originated from the Harvard wireless network", I'm skeptical.

From the PDF:
<blockquote>9. Harvard University was able to determine that, in the several hours leading up to the receipt of the e-mail messages described above, ELDO KIM accessed TOR using Harvard&rsquo;s wireless network</blockquote>

Which, apart from the "confession" is the only evidence that the person alleged to have done it, actually did it. Oh, so someone on campus used Tor, at the same time that an email was sent that had used Tor. Therefore the person sent the email, and not someone else using Tor from another place...

m\od 0p (-1, Troll)

Anonymous Coward | about a year ago | (#45724189)

And, after initial to avoid so as to Of FrreBSD Usenet some intelligent

Re:m\od 0p (0)

Anonymous Coward | about a year ago | (#45724541)

Fuck you, bitch.

So he was clever enough ... (5, Insightful)

Ihlosi (895663) | about a year ago | (#45724193)

... to use TOR, but then gave a full confession during an "interview", throwing his right to remain silent (and to have a lawyer present during questioning) out the window?

Re:So he was clever enough ... (1)

fatphil (181876) | about a year ago | (#45724223)

Perhaps he knew he was both culpable and guilty? He was, after all, probably in the best position to ascertain that.

Re:So he was clever enough ... (3, Insightful)

quadrox (1174915) | about a year ago | (#45724391)

That doesn't change the fact that most likely he would be better of consulting a lawyer and not saying anything to the police/FBI/whoever.

Re:So he was clever enough ... (0, Flamebait)

fatphil (181876) | about a year ago | (#45724523)

From society's perspective, he'd be better off eating rat poison.
Why are you wishing the best for a dumbass criminal?

Re:So he was clever enough ... (5, Insightful)

SB9876 (723368) | about a year ago | (#45724247)

He called in a bomb threat to delay taking a final. This is a dude that has already shown that he has poor decision making skills.

Re:So he was clever enough ... (1)

Sockatume (732728) | about a year ago | (#45724249)

The kind of intellect that uses a bomb threat to get out of an exam doesn't strike me as the kind that pleads the fifth to get out of a stretch in pokey.

Re:So he was clever enough ... (0)

Anonymous Coward | about a year ago | (#45724281)

This sounds like a plea bargain so it'll never see a jury. Most likely during the "investigation" he was threatened with felonies and jail time, followed up by "if you cooperate with us, you'll get a lesser sentence - perhaps even just a misdemeanor", where he gave a confession. If all they have is a confession without absolute proof, I'd question the legitimacy of it.

Humans are always more likely to take the option with the lowest risk. If faced with 50% risk of jail time and felonies compared NO jail time and felonies, the option with the lowest risk will always win.

Consider 100% chance of getting $50, or a 50% chance at getting $100, which would you prefer? Statistically, most people will take the $50.

Re:So he was clever enough ... (3, Informative)

Ihlosi (895663) | about a year ago | (#45724395)

This sounds like a plea bargain so it'll never see a jury.

He just gave away any bargaining leverage by confessing to a law enforcement officer. Being able to skip a few days or weeks of trial and the associated costs will be the only advantage of a guilty plea.

"if you cooperate with us, you'll get a lesser sentence"

That is a lie, by the way. Law enforcement officers may lie when "interviewing" suspects.

If faced with 50% risk of jail time and felonies compared NO jail time and felonies, the option with the lowest risk will always win.

Confessing a to cop will get you all the jail time, every time. It's among the worst possible choices in such a case.

Re:So he was clever enough ... (3, Insightful)

gnasher719 (869701) | about a year ago | (#45724311)

... to use TOR, but then gave a full confession during an "interview", throwing his right to remain silent (and to have a lawyer present during questioning) out the window?

We can assume that someone who needs to avoid a test isn't the brightest spark. We can assume that someone who sends a bomb threat to avoid a test is reckless and stupid. We can assume that if someone who is reckless and stupid mails in a bomb threat, and his identity is discovered, then there _will_ be evidence. For example, they had easily enough to get a search warrant for his computer. What are the odds that there is evidence, like a draft of the email, on his computer? Remember: This is not an evil genius trying to disrupt US universities, it is a reckless idiot trying to get out of an exam.

Re:So he was clever enough ... (2)

Lloyd_Bryant (73136) | about a year ago | (#45724465)

We can assume that someone who needs to avoid a test isn't the brightest spark. We can assume that someone who sends a bomb threat to avoid a test is reckless and stupid. We can assume that if someone who is reckless and stupid mails in a bomb threat, and his identity is discovered, then there _will_ be evidence. For example, they had easily enough to get a search warrant for his computer. What are the odds that there is evidence, like a draft of the email, on his computer? Remember: This is not an evil genius trying to disrupt US universities, it is a reckless idiot trying to get out of an exam.

Did you read a different warrant than I did? I saw *nothing* in the declaration that would count as probably cause for a search warrant, until it got to the part of "he admitted it to me". So most likely they did NOT have enough to get a warrant for his computer (the fact that he accessed TOR on that day wouldn't, by itself, be enough - he could have been using TOR for any number of reasons).

You were dead on about him not being the sharpest knife in the drawer, though. What probably happened is that the police talked to him (along with everyone else who accessed TOR via the campus network on day in question), noticed that he was *very* nervous when they started talking about the bomb threats, and then proceeded with the standard "good cop/bad cop" interrogation (excuse me, *interview*) technique and got him to confess.

Re:So he was clever enough ... (2)

Kijori (897770) | about a year ago | (#45724329)

I'm not sure that it's really that surprising that he confessed - most people who are convicted of crimes plead guilty.

And that's not a ridiculous notion; if you did it and have been caught, pleading guilty can get you a pretty hefty discount on your sentence when compared to being convicted at trial. In particular, where, like here, the range of sentences is very wide, it might mean the certainty that you will not go to prison.

Re:So he was clever enough ... (4, Insightful)

Ihlosi (895663) | about a year ago | (#45724357)

I'm not sure that it's really that surprising that he confessed - most people who are convicted of crimes plead guilty.

You plead guilty right before the trial would start, if anything.

pleading guilty can get you a pretty hefty discount on your sentence

And you waive that discount by confessing to a law enforcement officer during an "interview". Because in that case, the court has sufficient evidence to convict you regardless of your plea.

Re:So he was clever enough ... (1)

Anonymous Coward | about a year ago | (#45724477)

And that's not a ridiculous notion

It is ridiculous that we allow plea bargaining, though. No justice system should have such a thing, and no, I don't care if the courts get clogged. Justice/freedom above all.

Re:So he was clever enough ... (2)

fuzzyfuzzyfungus (1223518) | about a year ago | (#45724359)

... to use TOR, but then gave a full confession during an "interview", throwing his right to remain silent (and to have a lawyer present during questioning) out the window?

Outside of pessimists, paranoiacs, and people whose job description involves the word 'uptime', it's normal for someone engaged in 'problem solving' to stop thinking as soon as they find a solution.

In his case, he started thinking, came up with a multi-layer anonymity plan, and then apparently stopped. When it failed, he suddenly had FBI agents and no additional plan. (Also, basic script-kiddie attempts at hiding online and lying to experienced interrogators in person are two very, very, different skills.)

Re:So he was clever enough ... (0)

Anonymous Coward | about a year ago | (#45724495)

So you want him to get away instead even if he was guilty because of some lawyer technicality or incompetence from a jury of his peers?

Re: So he was clever enough ... (0)

Anonymous Coward | about a year ago | (#45724501)

He already got what he wanted, to avoid taking final exam. Now he'll have 5 years to prep for it.

How did they do it? (4, Informative)

it0 (567968) | about a year ago | (#45724197)

From the pdf

"Harvard University was able to determine that, in the several hours leading up to the
receipt of the e-mail messages described above, ELDO KIM accessed TOR using Harvardâ(TM)s
wireless network."

So Harvard keeps track of your connections. Still circumstancial but he confessed.
"KIM then stated that he authored the bomb threat e-mails described above."

Re: How did they do it? (0)

Anonymous Coward | about a year ago | (#45724231)

Not only Harvard, ALL college and university schools that me and my girlfriend went to are requiring students to use an ID and are tracking them.

Re: How did they do it? (0)

Anonymous Coward | about a year ago | (#45724277)

Which is fucking awful. I really hope a truly anonymous protocol shows up soon.

Re: How did they do it? (0)

Anonymous Coward | about a year ago | (#45724377)

It's nto their bandwidth, why the fuck is that awful? You dont think a university has a right to know what's going on on ITS network?

Re: How did they do it? (1)

Anonymous Coward | about a year ago | (#45724393)

If you don't want to comply with the terms of use of someone else's network, then don't use their network. It's extremely simple. When you're invited into someone's house and they say feel free to grab a drink from the fridge, if you then proceed to load up your car trunk by taking everything in their fridge, you don't get to protest when they call you an assclown.

Re:How did they do it? (3, Insightful)

fuzzyfuzzyfungus (1223518) | about a year ago | (#45724313)

All the campus networks I've seen remotely recently do some sort of access control, if only to avoid being a free wifi provider for every porn-torrent enthusiast in the neighborhood. Sometimes 802.11x, sometimes that bloody awful Cisco VPN monstrosity.

What's more notable is that they apparently keep traffic logs for some amount of time, at least long enough to catch this guy, who knows how much longer?

If you have a network of any nontrivial size, and want to keep it from falling in a screaming heap (especially with the lousiness of wireless links in the mix), taking steps to ensure that most of the users are the ones you are supposed to be providing service to, and doing some QoS to keep them from stepping on each others' toes is basically necessary. Keeping traffic logs, though, is an additional chunk of effort and expense, and all so that people will be motivated to come bug you for access to them. I wonder when they started keeping logs, and why.

Re:How did they do it? (1)

quetwo (1203948) | about a year ago | (#45724509)

Most likely they had to put them in due to agreements with the MPAA and RIAA. Back about 6 or 7 years ago when music piracy was still at the tips of everyone's tongues, these organizations threatened to sue most of the major universities for aiding and abetting piracy if they didn't track what their users were doing. Most schools put in IDP systems on their outer-most gateways to the world to capture the data out of band for a short amount of time.

Re:How did they do it? (1)

Threni (635302) | about a year ago | (#45724471)

Guess that's the thing now... show that TOR isn't violated and that each time someone's caught using it demonstrate/create some weakness that explains it. (Sort of like during WW2 where it was crucial we didn't betray the fact we cracked Enigma so we had to send planes over the German submarines so we had a cover for how we knew where they were so they didn't realize we pwned them).

The message is - keep using TOR kids - it's totally safe.

uhhh.. (0)

Anonymous Coward | about a year ago | (#45724207)

what got him caught was confessing to the FBI that he was the one that did it..

they didn't trace anything.. the university was able to determine that kim had used tor over the harvard network the morning the threats were sent. entirely circumstantial evidence, but it was obviously enough for the investigators to pressure the kid into confessing.

Well it worked (5, Funny)

Chrisq (894406) | about a year ago | (#45724219)

He made the threat to get out of an exam.

he won't have to worry about that any more

Harvard (4, Insightful)

Thanshin (1188877) | about a year ago | (#45724229)

I expected more from a Harvard student.

A couple of hours of online research should have taught him to, at least, connect through a cracked wifi far from his neighborhood. Or, if he was computer illiterate, to convince someone from another country to send the mails for him.

Also, once he decided to avoid the exam in a way that could land him in prison, why use a method he didn't understand, instead of burning down the building or paying someone to send the teacher to the hospital?

However, the first question I would ask him would be if he had considered that simply approaching the teacher and explaining him that he and all his family would be killed unless the exam was postponed, carried a shorter jail time than a terrorist threat.

In conclusion, clearly in Harvard they are not teaching how to deal with real world problems pragmatically.

Re:Harvard (5, Insightful)

fuzzyfuzzyfungus (1223518) | about a year ago | (#45724289)

The best Harvard students learn that you have no need to conceal your crimes if you can commit them from a position of enough influence to simply make them legal. That's where kiddo slipped up.

Re:Harvard (0)

Anonymous Coward | about a year ago | (#45724303)

The guy was too lazy to study for his exam. What makes you think he would have the motivation to do any of that?

Re:Harvard (1)

Anonymous Coward | about a year ago | (#45724351)

I expected more from a Harvard student.

A couple of hours of online research should have taught him....

Yeah, I think you're missing the point.

Why would you want to delay an exam so badly that you call in a bomb threat? Because you've slacked off your revision and need more time to cram.

And you expect him to spend a couple of *extra* hours researching TOR?

Re:Harvard (0)

Anonymous Coward | about a year ago | (#45724379)

A couple hours of studying would have prepared him for the exam. Grade inflation there is rampant. The median grade at Harvard these days is A-. How hard could it be just to get a passing grade?

Re:Harvard (0)

Anonymous Coward | about a year ago | (#45724423)

You know Harvard is a selective school, right?

Re:Harvard (0)

Anonymous Coward | about a year ago | (#45724427)

Why didn't he just get a medical certificate from the Freud Squad? I'm guessing he'll be trying to get one now.

Re:Harvard (1)

ChromeAeonium (1026952) | about a year ago | (#45724531)

I expected more from a Harvard student.

As opposed to what, some pleb who could only get into a public state school?

What a genius (0)

Anonymous Coward | about a year ago | (#45724237)

Anonymity is useless if the pool of suspects is small enough to make you stand out by using it.

Also, he's a douche and deserved to get caught. Fuck people who think avoiding the consequences of their shitty exam preparaton matters more than an entire university of people losing a workday.

Beware North Korean Unicorns! (-1)

Anonymous Coward | about a year ago | (#45724241)

Just waiting for the FBI to uncover evidence of North Korean sympathies. This assclown could be the poster boy for the effectiveness and professionalism of the DPRK special operations bureau.

It seems that Harvard caught him (0)

Anonymous Coward | about a year ago | (#45724269)

From reading it seems to me that he was caught because of the network he was on. To be able to check that he was on TOR it seems that they (Harvard) are saving all the traffic on the network. During the "interview" they probably claimed they would decrypt that traffic and that made him talk.

...This just shows (0)

Anonymous Coward | about a year ago | (#45724297)

... if you're going to bomb someone, don't give a warning.... JUST DO IT! ...... (I think I just infringed Nikes Intellectual property :( )

Time for all the students to use TOR (0)

Anonymous Coward | about a year ago | (#45724301)

Since apparently Harvard is saving all the traffic in their network, everybody should start only using TOR while there.
And even more since one of their own might face 5 years in prison for a bad prank.

Ohh... scary ... (1)

Misagon (1135) | about a year ago | (#45724307)

When I went to primary school back in the '80s, there was a bomb threat almost every year around exam time at the beginning of summer.

ASIAN - what a surprise... (-1)

Anonymous Coward | about a year ago | (#45724323)

How's that 'diversity' working out for ya?

Obligatory comment (1)

gravis777 (123605) | about a year ago | (#45724341)

I thought Harvard students were smarter than that.

Re:Obligatory comment (1)

Rande (255599) | about a year ago | (#45724417)

If he was smarter....then he wouldn't have needed to get out of the exam.

I CALLED IT (-1)

Anonymous Coward | about a year ago | (#45724385)

I fucking KNEW someone was doing it just to get out of an exam.

My exact words when I posted it were "That's a pretty stupid way to get out of an exam [link]"

WHERE'S MA MONEY?!

RTFA (0)

Anonymous Coward | about a year ago | (#45724387)

The FBI says:
" KIM then stated that he authored the bomb threat e-mails described above"
So the guy admitted it.
Admittance is not fault of TOR, but of the guy's low intelligence. Case dismissed.

then tor clearly wasnt used correctly. (0)

nimbius (983462) | about a year ago | (#45724443)

so we have the relevant paragraph extracted from the PDF

Harvard University was able to determine that, in the several hours leading up to the receipt of the e-mail messages described above, ELDO KIM accessed TOR using Harvard's wireless network.

which means one of a few things.
1. begin the witch hunt. anything that coincidentally happened to access TOR be it a botnet infected laptop or a freshman at a bus stop is now suspect for everything from the bombing of the USS cole to the assassination of president Lincoln. The government gets its boogeyman and Harvard gets its scapegoat for an occurance that happens across countless colleges every year, but means something only because its inconvenienced the children of the cloistered elite.
2. Harvards wireless is more than it seems. Terms and conditions, network traffic, as well as any requisite clients or software installed should be subject to analysis and investigation by students and staff. greyhat and blackhat alike should find this system of access points intriguing if only for the aformentioned quote.
in my opinion its probably the latter. students and faculty should cast serious suspicion on the part of Harvards network. an independent investigation into the nature of its operation needs to be conducted and any nefarious evesdroppers exposed. If nothing is found then its a clear case of parents with more brass than sense out for blood.

Re:then tor clearly wasnt used correctly. (2)

quetwo (1203948) | about a year ago | (#45724555)

Every time you join their wireless network, there is a click-through stating you agree that your traffic will be stored, should you do something stupid. Not in those same words, but close enough (at least in a series of two sentences... of which any Harvard student should be able to understand..

Most of their traffic capturing was put in because of a mandate from the MPAA and RIAA back quite a few years ago. They were either going to be sued for aiding and abetting or they had to keep logs of which students were downloading which Metallica songs. They don't keep the traffic just the IP headers (actually trends, not every IP header). This was very well publicized a few years ago and shouldn't be a surprise to anybody.

Additionally, the upstream provider is required to conform to CALEA laws anyway, which would have been able to provide the same types of reports. It would have required Harvard's assistance to translate an IP to a person (I'm more than assuming they would have been willing to do this as well). CALEA does not require ISPs to notify that their traffic is being recorded, but guess what -- anything that leaves your network is out there in the open and may be open for inspection.

PSYOP. (-1)

Anonymous Coward | about a year ago | (#45724473)

Looks like you all 3 are Jewish, Meshach: Robert S. Samuels & E. Benjamin Samuels.

This just shows that criminals are stupid (1)

dskoll (99328) | about a year ago | (#45724535)

Most criminals are caught because they are stupid. And most criminals are stupid or they wouldn't get into crime in the first place. On balance, crime is a very high-risk / low-reward activity, so you have to be stupid or desperate to think it's a good idea.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?